Описание
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.7.0 (включая)
cpe:2.3:a:znc:znc:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00377
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 6.5
ubuntu
больше 7 лет назад
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.
CVSS3: 6.5
debian
больше 7 лет назад
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming ...
CVSS3: 6.5
github
больше 3 лет назад
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.
EPSS
Процентиль: 59%
0.00377
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-20