Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-35978
HistoryAug 15, 2022 - 12:00 a.m.

CVE-2022-35978

2022-08-1500:00:00
ubuntu.com
ubuntu.com
11
minetest
lua script
global setting
vulnerability
system interference
single player
unix

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

61.1%

Minetest is a free open-source voxel game engine with easy modding and game
creation. In single player, a mod can set a global setting that
controls the Lua script loaded to display the main menu. The script is then
loaded as soon as the game session is exited. The Lua environment the menu
runs in is not sandboxed and can directly interfere with the user’s system.
There are currently no known workarounds.

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

61.1%