|
[Japanese]
|
JVNDB-2021-000072
|
Minecraft Java Edition vulnerable to directory traversal
|
|
Minecraft Java Edition provided by Mojang Studios contains a directory traversal vulnerability (CWE-22).
RyotaK reported this vulnerability to the developer and coordinated on his own.
After coordination was completed, this case was reported to IPA, and JPCERT/CC coordinated with the developer for the publication under Information Security Early Warning Partnership.
|
|
CVSS V3 Severity:
Base Metrics 5.3 (Medium) [IPA Score]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
Mojang Studios
- Minecraft 1.17 and earlier
|
|
|
Arbitrary JSON files on the system using the product may be deleted by an attacker.
|
|
[Update Minecraft]
Update Minecraft to the latest version according to the information provided by the developer. The developer fixed the vulnerability and released 1.17.1 Pre-release 1 (1.17.1-pre).
The users of Spigot or Forge released for the following Minecraft versions are recommended to apply the latest versions for the respective products. In this way, users of Spigot or Forge are not required to change Minecraft version, and the impact of this vulnerability can be mitigated.
- Spigot
- Minecraft 1.16.5
- Minecraft 1.17
- Forge
- Minecraft 1.15.2
- Minecraft 1.16.5
|
|
Mojang Studios
|
|
- Path Traversal(CWE-22) [IPA Evaluation]
|
|
- CVE-2021-35054
|
|
- JVN : JVN#53278122
- National Vulnerability Database (NVD) : CVE-2021-35054
|
|
- [2021/07/21]
Web page was published
|
