CVE-2018-1999023

{"id": "CVE-2018-1999023", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2018-07-23T16:29:00.273", "references": [{"url": "https://gist.github.com/shikadiqueen/45951ddc981cf8e0d9a74e4b30400380", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/shikadiqueen/45951ddc981cf8e0d9a74e4b30400380", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content."}, {"lang": "es", "value": "The Battle for Wesnoth Project desde la versi\u00f3n 1.7.0 hasta la 1.14.3 contiene una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en el motor de scripting de Lua que puede resultar en la ejecuci\u00f3n de c\u00f3digo fuera del sandbox. El ataque parece ser explotable al cargar juegos, juegos en red, repeticiones y contenido del jugador especialmente manipulados."}], "lastModified": "2024-11-21T03:57:04.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wesnoth:the_battle_for_wesnoth:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "459CA902-67B6-4905-9626-DB7460C66191", "versionEndIncluding": "1.14.3", "versionStartIncluding": "1.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}