Home

Description

Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0.

PUBLISHED Reserved 2025-09-29 | Published 2025-10-03 | Updated 2025-10-06 | Assigner GitHub_M




MEDIUM: 6.6CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

Problem types

CWE-256: Plaintext Storage of a Password

Product status

>= 0.1.0, < 2.1.0
affected

References

github.com/...t-rcon/security/advisories/GHSA-4m33-hxqw-7j77

github.com/...ommit/31272b541482d095d1578855c2b571268eb9b877

github.com/jaketcooper/Minecraft-rcon/releases/tag/2.1.0

cve.org (CVE-2025-61680)

nvd.nist.gov (CVE-2025-61680)

Download JSON