6.5

CVE-2018-14036

Exploit
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreedesktopAccountsservice Version < 0.6.50
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.09% 0.86
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://www.openwall.com/lists/oss-security/2018/07/02/2
Third Party Advisory
Exploit
Mailing List
http://www.securityfocus.com/bid/104757
Third Party Advisory
VDB Entry
https://bugs.freedesktop.org/show_bug.cgi?id=107085
Third Party Advisory
Exploit
https://bugzilla.suse.com/show_bug.cgi?id=1099699
Third Party Advisory
Exploit
Issue Tracking
https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a
Patch
Third Party Advisory