Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
User impersonation due to incorrect handling of the login JWT
Vulnerability Description
Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Versions of Geyser prior to 1.4.2-SNAPSHOT allow anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any user. Version 1.4.2-SNAPSHOT contains a patch for the issue. There are no known workarounds aside from upgrading.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Github Geyser授权问题漏洞
Vulnerability Description
Github Geyser是Geyser 是 Minecraft: Bedrock Edition 和 Minecraft: Java Edition 之间的桥梁,缩小了那些想要真正跨平台玩的人之间的差距。 Geyser 1.4.2-SNAPSHOT之前版本存在授权问题漏洞,该漏洞源于Geyser 是 Minecraft: Bedrock Edition 和 Minecraft: Java Edition 之间的桥梁。 Geyser 1.4.2-SNAPSHOT 之前的版本允许任何可以连接到服务器的人伪造
CVSS Information
N/A
Vulnerability Type
N/A