Skip to content

Instantly share code, notes, and snippets.

@apple502j

apple502j/rpshare-path-traversal-rce.md

Created April 18, 2024 03:02
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save apple502j/54e0f80bfe082fd934e33970394adbb8 to your computer and use it in GitHub Desktop.
Save apple502j/54e0f80bfe082fd934e33970394adbb8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
rpshare-path-traversal-rce.md

RPShare Vulnerability Disclosures

Vulnerability disclosures for RPShare mod.

Path Traversal (CWE-22)

In all versions of RPShare Fabric client mod for Minecraft, a path traversal in DownloadTask#getFileNameFromConnection allows arbitrary file write and, consequentially, remote code execution. User interaction is required for exploitation, in that a victim must interact with the user interface to accept a malicious file download. Note: the Paper server-side plugin is unaffected. Note 2: RPShare was archived and will not receive fixes for this vulnerability.

  • CVSS3.1: 8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVSS4.0: 8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/V:D/RE:L

Command Injection (CWE-78)

In all versions of RPShare Fabric client mod for Minecraft, an OS command injection in DownloadPromptScreen#build allows an executable file to be executed. User interaction is required for exploitation, in that a victim must interact with the user interface to trigger the executables. Note: the Paper server-side plugin is unaffected. Note 2: RPShare was archived and will not receive fixes for this vulnerability.

  • CVSS3.1: 8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVSS4.0: 8.6 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/V:D/RE:L
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment