How severe is CVE-2024-43395?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2024-43395?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2024-43395 - HIGH Severity | CVSS 8.2

Vulnerability Description

CraftOS-PC 2 is a rewrite of the desktop port of CraftOS from the popular Minecraft mod ComputerCraft using C++ and a modified version of PUC Lua, as well as SDL for drawing. Prior to version 2.8.3, users of CraftOS-PC 2 on Windows can escape the computer folder and access files anywhere without permission or notice by obfuscating `..`s to bypass the internal check preventing parent directory traversal. Version 2.8.3 contains a patch for this issue.

Related Vulnerabilities

CVE-2017-2627

HIGH

CVSS:8.2(High)

A flaw was found in openstack-tripleo-common as shipped with Red Hat Openstack Enterprise 10 and 11. The sudoers file as installed with OSP's openstack-tripleo-common package is much too permissive. I...

CWE-222017

CVE-2018-1000863

HIGH

CVSS:8.2(High)

A data modification vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in User.java, IdStrategy.java that allows attackers to submit crafted user names that can cause an improp...

CWE-222018

CVE-2019-10185

HIGH

CVSS:8.2(High)

It was found that icedtea-web up to and including 1.7.2 and 1.8.2 was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary ...

CWE-222019

CVE-2019-11608

HIGH

CVSS:8.2(High)

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive informatio...

CWE-222019

CVE-2019-11609

HIGH

CVSS:8.2(High)

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information ...

CWE-222019

CVE-2021-27278

HIGH

CVSS:8.2(High)

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code ...

CWE-222021