Home

CVE-2018-14036

Description

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.239

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2019:2778-1(SUSE Linux Enterprise Desktop 12-SP4 ) accountsservice-0.6.42-16.8.3.x86_64.rpmLinux
SUSE-SU-2019:2778-1(SUSE Linux Enterprise Desktop 12-SP4 ) accountsservice-debuginfo-0.6.42-16.8.3.x86_64.rpmLinux
SUSE-SU-2019:2778-1(SUSE Linux Enterprise Desktop 12-SP4 ) accountsservice-debugsource-0.6.42-16.8.3.x86_64.rpmLinux
SUSE-SU-2019:2778-1(SUSE Linux Enterprise Desktop 12-SP4 ) accountsservice-lang-0.6.42-16.8.3.noarch.rpmLinux
SUSE-SU-2019:2778-1(SUSE Linux Enterprise Desktop 12-SP4 ) libaccountsservice0-0.6.42-16.8.3.x86_64.rpmLinux
SUSE-SU-2019:2778-1(SUSE Linux Enterprise Desktop 12-SP4 ) libaccountsservice0-debuginfo-0.6.42-16.8.3.x86_64.rpmLinux
SUSE-SU-2019:2778-1(SUSE Linux Enterprise Desktop 12-SP4 ) typelib-1_0-AccountsService-1_0-0.6.42-16.8.3.x86_64.rpmLinux
query and manipulate user account information (USN-4616-1) accountsservice_0.6.45-1ubuntu1.3_i386.debLinux
query and manipulate user account information (USN-4616-1) accountsservice_0.6.45-1ubuntu1.3_amd64.debLinux
query and manipulate user account information (USN-4616-1) accountsservice_0.6.40-2ubuntu11.6_i386.debLinux
query and manipulate user account information (USN-4616-1) accountsservice_0.6.40-2ubuntu11.6_amd64.debLinux
query and manipulate user account information (USN-4616-1) accountsservice_0.6.55-0ubuntu13.2_amd64.debLinux
query and manipulate user account information (USN-4616-1) accountsservice_0.6.55-0ubuntu12~20.04.4_amd64.debLinux
query and manipulate user account information (USN-4616-1) libaccountsservice0_0.6.45-1ubuntu1.3_i386.debLinux
query and manipulate user account information (USN-4616-1) libaccountsservice0_0.6.45-1ubuntu1.3_amd64.debLinux
query and manipulate user account information (USN-4616-1) libaccountsservice0_0.6.40-2ubuntu11.6_i386.debLinux
query and manipulate user account information (USN-4616-1) libaccountsservice0_0.6.40-2ubuntu11.6_amd64.debLinux
query and manipulate user account information (USN-4616-1) libaccountsservice0_0.6.55-0ubuntu13.2_amd64.debLinux
query and manipulate user account information (USN-4616-1) libaccountsservice0_0.6.55-0ubuntu12~20.04.4_amd64.debLinux
SUSE-SU-2019:2778-1(SUSE Linux Enterprise Server 12-SP5 ) accountsservice-0.6.42-16.8.3.x86_64_12_SP5.rpmLinux
SUSE-SU-2019:2778-1(SUSE Linux Enterprise Server 12-SP5 ) accountsservice-debuginfo-0.6.42-16.8.3.x86_64_12_SP5.rpmLinux
SUSE-SU-2019:2778-1(SUSE Linux Enterprise Server 12-SP5 ) accountsservice-debugsource-0.6.42-16.8.3.x86_64_12_SP5.rpmLinux
SUSE-SU-2019:2778-1(SUSE Linux Enterprise Server 12-SP5 ) accountsservice-lang-0.6.42-16.8.3.noarch_12_SP5.rpmLinux
SUSE-SU-2019:2778-1(SUSE Linux Enterprise Server 12-SP5 ) libaccountsservice0-0.6.42-16.8.3.x86_64_12_SP5.rpmLinux
SUSE-SU-2019:2778-1(SUSE Linux Enterprise Server 12-SP5 ) libaccountsservice0-debuginfo-0.6.42-16.8.3.x86_64_12_SP5.rpmLinux
SUSE-SU-2019:2778-1(SUSE Linux Enterprise Server 12-SP5 ) typelib-1_0-AccountsService-1_0-0.6.42-16.8.3.x86_64_12_SP5.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234