CVE-2023-30859
CVE-2023-30859 is a high-severity vulnerability in Triton Project Triton with a CVSS 3.x base score of 7.2. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-419.
Key facts
- Severity: High (CVSS 3.x base score 7.2)
- EPSS exploit prediction: 1% (61st percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-419
- Affected product: Triton Project Triton
- Published:
- Last modified:
Description
Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the 'triton:main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin), many servers use essentials so the /geoip command could be available to them, etc. This could also be modified to allow you to set the servers language, set another players language, etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4.
Frequently asked questions
- What is CVE-2023-30859?
- Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the 'triton:main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin), many servers use essentials so the /geoip command could be available to them, etc. This could also be modified to allow you to set the servers language, set another players language, etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4.
- How severe is CVE-2023-30859?
- CVE-2023-30859 has a CVSS 3.x base score of 7.2, rated high severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is low, integrity none, and availability low.
- Is CVE-2023-30859 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (61st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2023-30859?
- CVE-2023-30859 affects Triton Project Triton. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2023-30859?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2023-30859 published?
- CVE-2023-30859 was published on 2023-05-01 and last updated on 2026-06-17.
References
- https://github.com/tritonmc/Triton/releases/tag/v3.8.4
- https://github.com/tritonmc/Triton/security/advisories/GHSA-8vj5-jccf-q25r
Affected products (1)
- cpe:2.3:a:triton_project:triton:*:*:*:*:*:*:*:*
Other CWE-419 vulnerabilities
- CVE-2024-50588 — Critical (CVSS 9.8): An unauthenticated attacker with access to the local network of the medical office can use known default credentials…
- CVE-2024-2414 — High (CVSS 8.8): The primary channel is unprotected on Movistar 4G router affecting E version S_WLD71-T1_v2.0.201820. This device has…
- CVE-2025-24030 — High (CVSS 7.1): Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application…
- CVE-2022-33932 — Medium (CVSS 5.3): Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an…
- CVE-2024-39886 — Low (CVSS 3.7): TONE store App version 3.4.2 and earlier contains an issue with unprotected primary channel. Since TONE store App…