/editsign can be used to bypass WorldGuard and override ChestShop signs
baailey opened this issue ยท 3 comments
Type of bug
Exploit
/ess version
output
03.07 20:39:06 [Server] INFO Server version: 1.17-R0.1-SNAPSHOT git-Paper-68 (MC: 1.17)
03.07 20:39:06 [Server] INFO Brand version: Paper
03.07 20:39:06 [Server] INFO EssentialsX version: 2.19.0-dev+191-555a62c
03.07 20:39:06 [Server] INFO LuckPerms version: 5.3.48
03.07 20:39:06 [Server] INFO Vault is not installed. Chat and permissions may not work.
03.07 20:39:06 [Server] INFO Fetching version information...
03.07 20:39:06 [Server] INFO You're running the latest EssentialsX dev build!
Server startup log
https://gist.github.com/baailey/ff7ed7439c4843da3521595d58821443
EssentialsX config files
https://gist.github.com/baailey/86a68e557645d5f7693ae64540ca9327
Error log (if applicable)
No response
Bug description
EssX /editsign can be used to bypass WorldGuard claims when the user issuing the command is not owner / added to the region as a member. It can also be used to override ChestShop when they are not the ChestShop owner.
Steps to reproduce
-
Create a region and set an alt/diff player as the owner
-
Place a sign in the region using the alt/diff player
-
Go up to the sign and use /editsign to add text to the sign
-
Create a ChestShop using an alt/diff player
-
Go up to the ChestShop and use /editsign to add/change text on the sign
Expected behaviour
The changes using /editsign should not apply
Actual behaviour
/editsign bypassed WorldGuard and overrides ChestShops that the player issuing the command are not involved with.
Maybe it's solved with PR #4824
Not really something that will be fixed in Essentials, since we don't hook into protection plugins.
It's possible you could use WorldGuard flags like blocked-cmds
to prevent this too, or see if there's anything in ChestShop that protects their signs from being modified by sources other than a player. Though, the easiest is probably just to not give players access to /editsign
, similar to how you wouldn't give them access to /break
or other commands like that.
We don't currently fire a sign change event, which both plugins likely catch for their respective protections. However, even if we did this, it may not fully prevent players from modifying signs that other plugins handle. For now, @pop4959's suggestion of blocking commands in protected regions should be sufficient.