VDB
CVE-2018-14036
CVE-2018-14036
PUBLISHED
Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.
EPSS 1.24% · 79.5th percentile
Risk Scores
EPSS Score
1.24%
79.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | accountsservice | 0.6.40-2ubuntu11, 0.6.40-2ubuntu11.2, 0.6.40-2ubuntu11.3 |
| Ubuntu:Pro:14.04:LTS | accountsservice | 0.6.34-0ubuntu7, 0.6.35-0ubuntu5, 0.6.35-0ubuntu7.2 |
| Ubuntu:18.04:LTS | accountsservice | 0.6.42-0ubuntu3, 0, 0.6.45-1ubuntu1 |
Timeline
- Jul 13, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 27, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 10, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-14036 third-party-advisory
- http://www.openwall.com/lists/oss-security/2018/07/02/2 third-party-advisory
- https://ubuntu.com/security/notices/USN-4616-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-4616-2 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-14036 third-party-advisory