CVE-2023-29478 – BiblioCraft mod for Minecraft has a path traver... (How to Fix)

Q: What is the severity of CVE-2023-29478?

CVE-2023-29478 has a CVSS score of 9.8 (CRITICAL). BiblioCraft mod for Minecraft has a path traversal vulnerability that allows attackers to write files to arbitrary locations on the filesystem. This can lead to remote code execution by writing malicious files to the Minecraft mods folder. Anyone running BiblioCraft versions before 2.4.6 is affected.

📋 TL;DR

BiblioCraft mod for Minecraft has a path traversal vulnerability that allows attackers to write files to arbitrary locations on the filesystem. This can lead to remote code execution by writing malicious files to the Minecraft mods folder. Anyone running BiblioCraft versions before 2.4.6 is affected.

💻 Affected Systems

Products:

BiblioCraft Minecraft mod

Versions: All versions before 2.4.6

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects servers running BiblioCraft mod. Single-player installations are less critical but still vulnerable.

📦 What is this software?

Bibliocraft by Bibliocraftmod

View all CVEs affecting Bibliocraft →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through remote code execution, allowing attacker to execute arbitrary commands, steal data, or install persistent backdoors.

🟠

Likely Case

Attacker gains code execution on the Minecraft server, potentially taking control of the game server and accessing server files.

🟢

If Mitigated

File writes are contained to safe directories, preventing code execution but potentially allowing limited file manipulation.

🌐 Internet-Facing: HIGH - Minecraft servers are typically internet-facing, making them directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal servers could still be exploited by malicious insiders or through lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code exists (BiblioRCE), making exploitation trivial for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.6

Vendor Advisory: https://github.com/Nuchaz/BiblioCraft/releases/tag/v2.4.6

Restart Required: Yes

Instructions:

1. Stop Minecraft server. 2. Download BiblioCraft 2.4.6 from official sources. 3. Replace old BiblioCraft mod file in mods folder. 4. Restart server.

🔧 Temporary Workarounds

Remove BiblioCraft mod

all

Temporarily remove the vulnerable mod until patching is possible

mv /path/to/minecraft/mods/BiblioCraft*.jar /path/to/backup/

Restrict file permissions

linux

Limit write permissions for Minecraft server process

chmod 755 /path/to/minecraft/mods/
chown root:root /path/to/minecraft/mods/

🧯 If You Can't Patch

Isolate Minecraft server on separate network segment
Implement strict firewall rules to limit access to Minecraft port (default 25565)

🔍 How to Verify

Check if Vulnerable:

Check BiblioCraft mod version in mods folder or server startup logs

Check Version:

ls -la /path/to/minecraft/mods/ | grep BiblioCraft

Verify Fix Applied:

Confirm BiblioCraft-2.4.6.jar is present in mods folder and server starts without errors

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations in server logs
Attempts to access path traversal patterns like ../

Network Indicators:

Unusual network traffic to Minecraft port from unexpected sources

SIEM Query:

source="minecraft.log" AND "../" AND ("write" OR "save")

📊 Metadata

CVE ID: CVE-2023-29478

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: April 7, 2023

Last Updated: February 11, 2025

🔗 References

https://github.com/Exopteron/BiblioRCE Exploit,Third Party Advisory
https://github.com/Exopteron/BiblioRCE Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-29478, you might also want to check these: