CVE-2021-39177
CVSS v3.1
9.8 (Critical)
CVSS v2.0
7.5 (High)
EPSS
0.24 % (65th)
Affected Products
1
Advisories
1
Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Versions of Geyser prior to 1.4.2-SNAPSHOT allow anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any user. Version 1.4.2-SNAPSHOT contains a patch for the issue. There are no known workarounds aside from upgrading.
Weaknesses
- CWE-287
- Improper Authentication
- CVE Status
- PUBLISHED
- CNA
- GitHub, Inc.
- Published Date
-
2021-08-30 23:15:07
(3 years ago) - Updated Date
-
2021-09-10 14:30:16
(3 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...