Base Score

CRITICAL9.8

CVE-2022-24300

Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.

VectorNETWORK

Published Bycve@mitre.org

Published DateFeb 02, 2022, 06:15

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://bugs.debian.org/1004223
https://github.com/minetest/minetest/commit/b5956bde259faa240a81060ff4e598e25ad52dae
https://github.com/minetest/minetest/security/advisories/GHSA-hwj2-xf72-r4cf
https://www.debian.org/security/2022/dsa-5075

Base Score

CRITICAL9.8

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH