CVE-2022-35978 Vulnerability Details

  /     /     /  

CVE-2022-35978 Metadata Quick Info

CVE Published: 15/08/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: GitHub_M | Vendor: minetest | Product: minetest
Status : PUBLISHED

CVE-2022-35978 Description

Minetest is a free open-source voxel game engine with easy modding and game creation. In **single player**, a mod can set a global setting that controls the Lua script loaded to display the main menu. The script is then loaded as soon as the game session is exited. The Lua environment the menu runs in is not sandboxed and can directly interfere with the user\'s system. There are currently no known workarounds.

Metrics

CVSS Version: 3.1 | Base Score: 7.7 HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* HIGH
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-693
CWE Name: CWE-693: Protection Mechanism Failure
Source: minetest

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: