CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without permission or notice by obfuscating `..`s to bypass the internal check preventing parent directory traversal. Version 2.8.3 contains a patch for this issue.
History

Mon, 19 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Jackmacwindows
Jackmacwindows craftos-pc 2
CPEs cpe:2.3:a:jackmacwindows:craftos-pc_2:*:*:*:*:*:*:*:*
Vendors & Products Jackmacwindows
Jackmacwindows craftos-pc 2
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 16 Aug 2024 20:30:00 +0000

Type Values Removed Values Added
Description CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without permission or notice by obfuscating `..`s to bypass the internal check preventing parent directory traversal. Version 2.8.3 contains a patch for this issue.
Title CraftOS-PC 2's improperly sanitizied paths cause filesystem escape (Windows)
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-08-16T20:15:32.325Z

Updated: 2024-08-19T15:26:20.287Z

Reserved: 2024-08-12T18:02:04.965Z

Link: CVE-2024-43395

cve-icon Vulnrichment

Updated: 2024-08-19T15:26:15.134Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-16T21:15:06.530

Modified: 2024-08-19T13:00:23.117

Link: CVE-2024-43395

cve-icon Redhat

No data.