Lucene search

[email protected]NVD:CVE-2022-24300

HistoryFeb 02, 2022 - 6:15 a.m.

CVE-2022-24300

2022-02-0206:15:06

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.7%

JSON

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.

Affected configurations

NVD

Node

minetestminetestRange<5.4.0

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

References

bugs.debian.org/1004223

github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae

github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf

www.debian.org/security/2022/dsa-5075

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

69.7%

JSON

Related for NVD:CVE-2022-24300

osv2 ubuntucve1 prion1 veracode1 cve1 debiancve1 cvelist1 openvas1 debian1 nessus1