CVE-2018-14036 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 90%

Vendor	Product	Version
freedesktop	accountsservice	𝑥 < 0.6.50

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

accountsservice

bullseye	0.6.55-3 fixed
stretch	no-dsa
jessie	ignored
bookworm	22.08.8-6 fixed
sid	23.13.9-7 fixed
trixie	23.13.9-7 fixed

Ubuntu Releases

Ubuntu Product

Codename

accountsservice

groovy	not-affected
focal	not-affected
eoan	not-affected
disco	ignored
cosmic	ignored
bionic	Fixed 0.6.45-1ubuntu1.3 released
artful	ignored
xenial	Fixed 0.6.40-2ubuntu11.6 released
trusty	Fixed 0.6.35-0ubuntu7.3+esm2 released

Known Exploits!

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://www.openwall.com/lists/oss-security/2018/07/02/2

http://www.securityfocus.com/bid/104757

https://bugs.freedesktop.org/show_bug.cgi?id=107085

https://bugzilla.suse.com/show_bug.cgi?id=1099699

https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a

http://www.openwall.com/lists/oss-security/2018/07/02/2

http://www.securityfocus.com/bid/104757

https://bugs.freedesktop.org/show_bug.cgi?id=107085

https://bugzilla.suse.com/show_bug.cgi?id=1099699

https://cgit.freedesktop.org/accountsservice/commit/?id=f9abd359f71a5bce421b9ae23432f539a067847a