← voltar
CVE-2025-61680

Minecraft RCON Terminal: Plain Text Password Storage in Configuration

CVSS 6.6 MEDIUMEPSS 0.3%CWE-256
Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U
Produtos afetados
jaketcooper · Minecraft-rcon

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/jaketcooper/Minecraft-rcon/commit/31272b541482d095d1578855c2b571268eb9b877https://github.com/jaketcooper/Minecraft-rcon/releases/tag/2.1.0https://github.com/jaketcooper/Minecraft-rcon/security/advisories/GHSA-4m33-hxqw-7j77