The dumpregistries subcommand has no permission requirement set, giving anyone an ability to execute this command. Even though this is not a vulnerability, this may cause unnecessary load on a server when used dozens of times by bad actors.
Steps to reproduce the problem:
Be a player with no advanced permissions granted
Use /cyclopscore dumpregistries
Expected behaviour:
Guard a command with an OP check or permission level >= 2, like vanilla does in dozens of commands.
rubensworks
commented
6 months ago
Issue type:
Short description:
The
dumpregistriessubcommand has no permission requirement set, giving anyone an ability to execute this command. Even though this is not a vulnerability, this may cause unnecessary load on a server when used dozens of times by bad actors.Steps to reproduce the problem:
/cyclopscore dumpregistriesExpected behaviour:
Guard a command with an OP check or permission level >= 2, like vanilla does in dozens of commands.
Versions:
Log file:
No log file required