PT-2022-24821 · Unknown · Mcwebserver Minecraft Mod
Apple502J
·
Published
2022-09-20
·
Updated
2022-09-23
·
CVE-2022-39221
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
McWebserver Minecraft Mod for Fabric and Quilt versions 0.1.2.1 and earlier
McWebserver Minecraft Mod for Forge versions 0.1.1 and earlier
Description
The McWebserver mod runs a simple HTTP server alongside the Minecraft server in separate threads. A path traversal issue in the McWebserver Minecraft Mod allows all files accessible by the program to be read by anyone via HTTP request.
Recommendations
For McWebserver Minecraft Mod for Fabric and Quilt versions 0.1.2.1 and earlier, update to version 0.2.0 or later.
For McWebserver Minecraft Mod for Forge versions 0.1.1 and earlier, update to version 0.2.0 or later.
As a temporary workaround, consider disabling the McWebserver mod by removing the file from the
mods directory.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mcwebserver Minecraft Mod