Advisory #56
Title | Geyser user impersonation due to incorrect handling of the login JWT |
CVE ID | CVE-2021-39177 |
Vendor | GeyserMC |
Affected product | Geyser |
Affected versions | <= 1.4.1-SNAPSHOT |
Vulnerability type | CWE-20: Improper Input Validation |
Description | Geyser allow anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any user. |
Status | Fixed in 1.4.2-SNAPSHOT |
Recommendation | Update to 1.4.2-SNAPSHOT or above |