Incident Report

Two Minecraft users, usernames Averie & 1nstagram exploited an issue with LuckPerms to spoof a comment from another user to improperly elevate their own permissions and cause further damage to the server.

There are several channels all showcasing the same potential exploit.

Relevant to our case:

• https://www.youtube.com/@LuckPerms
• https://www.youtube.com/@NullCordX

Other channels:

• https://www.youtube.com/@SpigotRCE
• https://www.youtube.com/@MultiZen
• https://www.youtube.com/@ThunderGriefing
• https://www.youtube.com/@Tolvoth
• https://www.youtube.com/@MiSonoSegato
• https://www.youtube.com/@Insler
• https://www.youtube.com/@WriisT

Timeline (All times UTC)

GMT 21:12:31 (Aevrie)-

/glist

/discord

/discordsrv

GMT 21:13:06 (Aevrie)-

/cmi

/p

/pl

/about SignedVelocity

GMT 21:13:39 (Aevrie)-

/ban

GMT 21:14:05 (Aevrie)-

/bal

/baltop

GMT 21:15:01 (Aevrie)-

/server

/baltop

/pay

/bal

/spawn