CVE-2021-39177

Summary

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Versions of Geyser prior to 1.4.2-SNAPSHOT allow anyone that can connect to the server to forge a LoginPacket with manipulated JWT token allowing impersonation as any user. Version 1.4.2-SNAPSHOT contains a patch for the issue. There are no known workarounds aside from upgrading.

Affected Software

VendorProductVersion RangeStatus
GeyserMCGeyser<= 1.4.1-SNAPSHOTaffected

Weaknesses

  • CWE-287: CWE-287: Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References