Advisory #56
TitleGeyser user impersonation due to incorrect handling of the login JWT
CVE IDCVE-2021-39177
Affected productGeyser
Affected versions<= 1.4.1-SNAPSHOT
Vulnerability typeCWE-20: Improper Input Validation
DescriptionGeyser allow anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any user.
StatusFixed in 1.4.2-SNAPSHOT
RecommendationUpdate to 1.4.2-SNAPSHOT or above