Directory Traversal Vulnerability in Hex-Dragon Plain Craft Launcher
CVE-2023-36123

7.8HIGH

Key Information:

Vendor: Plain Craft Launcher 2 Project
Status: Plain Craft Launcher 2
Vendor: CVE Published:; 7 October 2023

🔔 Create Plain Craft Launcher 2 Project Vulnerability Alert

Badges

👾 Exploit Exists🟣 EPSS 11%

What is CVE-2023-36123?

The Hex-Dragon Plain Craft Launcher version Alpha 1.3.9 contains a directory traversal vulnerability that allows local attackers to exploit the system. This flaw can enable unauthorized execution of arbitrary code, potentially exposing sensitive information stored on the device. It is critical for users to apply necessary patches and updates to safeguard against potential breaches stemming from this vulnerability.

References

https://gist.github.com/9Bakabaka/d4559b081ce0577dbf41591...

https://github.com/9Bakabaka/CVE-2023-36123

EPSS Score

11% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2023
🟡
Public PoC available
Sep 6, 2023
👾
Exploit known to exist
Sep 6, 2023
Vulnerability Reserved
Jun 21, 2023

JSON