← volver
CVE-2025-61680

Minecraft RCON Terminal: Plain Text Password Storage in Configuration

CVSS 6.6 MEDIUMEPSS 0.3%CWE-256
Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
Productos afectados
jaketcooper · Minecraft-rcon

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/jaketcooper/Minecraft-rcon/commit/31272b541482d095d1578855c2b571268eb9b877https://github.com/jaketcooper/Minecraft-rcon/releases/tag/2.1.0https://github.com/jaketcooper/Minecraft-rcon/security/advisories/GHSA-4m33-hxqw-7j77