Directory Traversal Vulnerability in AccountsService by FreeDesktop
CVE-2018-14036

6.5MEDIUM

Key Information:

Vendor

Freedesktop

Status
Accountsservice
Vendor
CVE Published:
13 July 2018

What is CVE-2018-14036?

A directory traversal vulnerability in AccountsService allows attackers to access unauthorized files on the server. This flaw arises from inadequate path checks within the user_change_icon_file_authorized_cb() function in user.c, enabling attackers to manipulate file paths using '../' sequences. The issue affects versions prior to 0.6.50, potentially exposing sensitive information and compromising system integrity.

References

https://cgit.freedesktop.org/accountsservice/commit/?id=f...
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2018/07/02/2
x_refsource_MISC
https://bugs.freedesktop.org/show_bug.cgi?id=107085
x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.