Control: retitle -1 znc: CVE-2018-14055: privilege escalation to admin permission (injection of rogue values in znc.conf)
On Sat, Jul 14, 2018 at 10:01:02PM +0200, Salvatore Bonaccorso wrote: > Source: znc > Version: 1.6.5-1 > Severity: grave > Tags: patch security upstream > Justification: user security hole > > Hi > > See > > https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e > https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d > > which would allow privilege escalation by a remote non-admin user. This issue has been assigned CVE-2018-14055. Regards, Salvatore