Login Sign Up

CVE-2024-22779

8.8 HIGH
Remote Code Execution

📋 TL;DR

This CVE describes a directory traversal vulnerability in Kihron ServerRPExposer v1.0.2 and earlier that allows remote attackers to execute arbitrary code via the loadServerPack function. Attackers can exploit this to read, write, or execute files outside the intended directory. Anyone running vulnerable versions of this Minecraft server mod is affected.

💻 Affected Systems

Products:
  • Kihron ServerRPExposer
Versions: v1.0.2 and earlier
Operating Systems: Any OS running Minecraft server with this mod
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations of vulnerable versions regardless of configuration.

📦 What is this software?

Serverrpexposer by Kihron

View all CVEs affecting Serverrpexposer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise leading to complete system takeover, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Remote code execution allowing attackers to install malware, mine cryptocurrency, or disrupt server operations.

🟢

If Mitigated

Limited impact with proper network segmentation and minimal privileges, potentially only affecting the Minecraft server process.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof of concept available in GitHub gist. Exploitation requires network access to the Minecraft server port.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 8f7b829df633f59e828d677f736c53652d6f1b8f

Vendor Advisory: https://github.com/Kihron/ServerRPExposer/commit/8f7b829df633f59e828d677f736c53652d6f1b8f

Restart Required: Yes

Instructions:

1. Update ServerRPExposer mod to latest version. 2. Restart Minecraft server. 3. Verify the fix by checking mod version.

🔧 Temporary Workarounds

Network Isolation

linux

Restrict network access to Minecraft server port (default 25565) to trusted sources only.

iptables -A INPUT -p tcp --dport 25565 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 25565 -j DROP

Remove Vulnerable Mod

all

Temporarily remove ServerRPExposer mod until patched.

rm /path/to/minecraft/mods/ServerRPExposer.jar

🧯 If You Can't Patch

  • Disable or remove the ServerRPExposer mod completely.
  • Implement strict network segmentation and firewall rules to limit access to the Minecraft server.

🔍 How to Verify

Check if Vulnerable:

Check mod version in server logs or mods folder. If version is 1.0.2 or earlier, system is vulnerable.

Check Version:

Check the mod JAR file name or server startup logs for 'ServerRPExposer' version.

Verify Fix Applied:

Verify ServerRPExposer mod has been updated beyond version 1.0.2 or removed from mods directory.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file path requests in server logs
  • Suspicious loadServerPack operations
  • Error messages related to file access outside expected directories

Network Indicators:

  • Unusual traffic patterns to Minecraft server port
  • Multiple failed file access attempts followed by successful exploitation

SIEM Query:

source="minecraft.log" AND "loadServerPack" AND (".." OR "/etc" OR "/root" OR "C:\")

📊 Metadata

CVE ID: CVE-2024-22779
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-22
Published: February 2, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-22779, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)