CVE-2022-24301Incorrect Default Permissions in Minetest

CWE-276Incorrect Default Permissions4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 49.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MinetestDebian MinetestDebian Linux
Timeline
PublishedFeb 2
Latest updateFeb 15

Description

In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages3 packages

debiandebian/minetest< minetest 5.4.1+repack-1 (bookworm)
NVDminetest/minetest< 5.4.0
Debianminetest/minetest< 5.3.0+repack-2.1+deb11u1+1

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-vj6w-cj6v-8ff8: In Minetest before 52022-02-15
OSV
CVE-2022-24301: In Minetest before 52022-02-02

📋Vendor Advisories

1
Debian
CVE-2022-24301: minetest - In Minetest before 5.4.0, players can add or subtract items from a different pla...2022