{ "expand": "operations,versionedRepresentations,editmeta,changelog,renderedFields", "id": "496235", "self": "https://bugs.mojang.com/rest/api/2/issue/496235", "key": "BDS-16774", "fields": { "issuetype": "1", "project": "11700", "fixVersions": [], "resolution": "10001", "customfield_10500": { "self": "https://bugs.mojang.com/rest/api/2/customFieldOption/10301", "value": "Plausible", "id": "10301", "disabled": false }, "customfield_12800": null, "customfield_12602": [], "customfield_12601": null, "customfield_12604": null, "customfield_12603": null, "customfield_12606": null, "customfield_12605": null, "customfield_12608": null, "resolutiondate": "2024-01-03T19:26:02.000+0200", "customfield_12607": null, "customfield_12609": null, "workratio": -1, "lastViewed": null, "watches": { "self": "https://bugs.mojang.com/rest/api/2/issue/BDS-16774/watchers", "watchCount": 2, "isWatching": false }, "created": "2022-03-03T08:50:07.000+0200", "customfield_12000": null, "customfield_12201": null, "customfield_12600": null, "labels": [], "customfield_11700": "{}", "versions": [ "20641", "21176", "21227", "21245", "21423", "21442", "21448", "21481", "21502" ], "issuelinks": [ { "id": "287641", "self": "https://bugs.mojang.com/rest/api/2/issueLink/287641", "type": "10103", "inwardIssue": "541067" }, { "id": "275556", "self": "https://bugs.mojang.com/rest/api/2/issueLink/275556", "type": "10103", "inwardIssue": "497635" } ], "assignee": null, "updated": "2024-01-04T18:55:21.000+0200", "status": "5", "description": "I've marked this as private because I'm not sure how publically known this is, and is a serious security flaw in BDS.\r\n\r\nWhen connected to a server which is locked down with a whitelist, as long as the first account joining the server is whitelisted, anyone else on the console can join via split screen.\r\n\r\nSteps to reproduce:\r\n # Create a local BDS instance on your home network. Enable whitelist\r\n # Whitelist 1 account\r\n # Login to whitelisted account on xbox/playstation\r\n # connect to server\r\n # activate split screen mode using a non-whitelisted account\r\n\r\nExpected result:\r\n\r\nConsole should show error that non-whitelisted account cannot join the server.\r\n\r\nActual result:\r\n\r\nNon-whitelisted account can play on the server. There is no console log of the second account joining the server, but it does show the second account leaving.", "customfield_11100": 0.0, "customfield_11300": null, "customfield_11500": "416166", "customfield_12503": null, "customfield_12700": null, "customfield_12502": null, "security": { "self": "https://bugs.mojang.com/rest/api/2/securitylevel/10318", "id": "10318", "description": "Private, viewable only by volunteers and up.", "name": "Minecraft - Private" }, "customfield_12504": null, "attachment": [ "504298" ], "summary": "Split screen allows non-whitelisted players to join", "creator": "rayth", "reporter": "rayth", "customfield_10002": null, "customfield_12501": null, "customfield_12500": null, "customfield_11601": null, "customfield_11600": "0|i2731b:", "environment": "Xbox, Playstation", "customfield_11801": null, "customfield_11800": null, "customfield_11602": null, "customfield_11802": null, "comment": { "comments": [ { "self": "https://bugs.mojang.com/rest/api/2/issue/496235/comment/1182313", "id": "1182313", "author": "JIRAUSER648376", "body": "Hi\r\n\r\nDoes this issue still occur after updating to 1.19.10?\u00a0\r\n\r\nThis ticket will automatically reopen when you reply.\u00a0", "updateAuthor": "JIRAUSER648376", "created": "2022-07-14T12:45:25.182+0300", "updated": "2022-07-14T12:45:25.182+0300" }, { "self": "https://bugs.mojang.com/rest/api/2/issue/496235/comment/1191656", "id": "1191656", "author": "rayth", "body": "Can confirm this is still happening in 1.19.20 as per this screenshot of my console. Brand new server, only whitelisted myself. You can see me connecting and then I split screen the second account in which you can see disconnect but not join !bds-bug.png|thumbnail!", "updateAuthor": "arisabot", "created": "2022-08-11T14:49:03.331+0300", "updated": "2022-08-11T14:49:09.086+0300" }, { "self": "https://bugs.mojang.com/rest/api/2/issue/496235/comment/1198723", "id": "1198723", "author": "JIRAUSER648376", "body": "Hi\r\n\r\nIt can be reproduced every time? Does it occur on 1.19.22?\r\n\r\nThis ticket will automatically reopen when you reply. ", "updateAuthor": "JIRAUSER648376", "created": "2022-09-08T12:39:45.802+0300", "updated": "2022-09-15T12:06:05.305+0300" }, { "self": "https://bugs.mojang.com/rest/api/2/issue/496235/comment/1199885", "id": "1199885", "author": "rayth", "body": "Can confirm it is still present in 1.19.22 exact same steps. I even attempted to join via console on the account that wasn't on the allowlist, got \"You are not invited to play on this server\" as expected, but then joined with the account that is on the allowlist, and the not allowed account could then split screen. This is a console specific bug where xbox or playstation players can bypass an allowlist to join servers.\u00a0\r\n\r\nI do realise joining 3rd party non-networked servers via console isn't officially supported, but everyone knows there are ways to do so and this just forms a massive security risk for griefers and trolls", "updateAuthor": "rayth", "created": "2022-09-14T15:56:30.729+0300", "updated": "2022-09-14T15:56:30.729+0300" }, { "self": "https://bugs.mojang.com/rest/api/2/issue/496235/comment/1251392", "id": "1251392", "author": "rayth", "body": "Updated to include latest release. Still happens, however console logging can now show these players joining with the \"X spawned\" line that's now appearing.\u00a0", "updateAuthor": "rayth", "created": "2023-04-19T17:44:02.180+0300", "updated": "2023-04-19T17:44:02.180+0300" }, { "self": "https://bugs.mojang.com/rest/api/2/issue/496235/comment/1255599", "id": "1255599", "author": "JIRAUSER648376", "body": "Hi\r\n\r\nCan you upload screenshot of console log with new information?\r\n\r\nThis issue will automatically reopen when you reply. ", "updateAuthor": "JIRAUSER648376", "created": "2023-05-08T16:27:11.406+0300", "updated": "2023-05-08T16:27:11.406+0300" }, { "self": "https://bugs.mojang.com/rest/api/2/issue/496235/comment/1298294", "id": "1298294", "author": "greymagic27", "body": "Is this still an issue in the latest release?", "updateAuthor": "greymagic27", "created": "2024-01-04T18:55:21.780+0200", "updated": "2024-01-04T18:55:21.780+0200" } ], "maxResults": 7, "total": 7, "startAt": 0 }, "votes": { "self": "https://bugs.mojang.com/rest/api/2/issue/BDS-16774/votes", "votes": 0, "hasVoted": false } }, "changelog": { "startAt": 0, "maxResults": 20, "total": 20, "histories": [ { "id": "2630233", "author": "JIRAUSER648376", "created": "2022-07-14T12:45:25.187+0300", "items": [ { "field": "resolution", "fieldtype": "jira", "from": null, "fromString": null, "to": "10001", "toString": "Awaiting Response" }, { "field": "status", "fieldtype": "jira", "from": "1", "fromString": "Open", "to": "5", "toString": "Resolved" } ] }, { "id": "2651571", "author": "rayth", "created": "2022-08-11T14:48:21.396+0300", "items": [ { "field": "Attachment", "fieldtype": "jira", "from": null, "fromString": null, "to": "504298", "toString": "bds-bug.png" } ] }, { "id": "2651572", "author": "arisabot", "created": "2022-08-11T14:48:25.781+0300", "items": [ { "field": "resolution", "fieldtype": "jira", "from": "10001", "fromString": "Awaiting Response", "to": null, "toString": null }, { "field": "status", "fieldtype": "jira", "from": "5", "fromString": "Resolved", "to": "4", "toString": "Reopened" } ] }, { "id": "2666266", "author": "JIRAUSER648376", "created": "2022-09-08T12:39:45.807+0300", "items": [ { "field": "resolution", "fieldtype": "jira", "from": null, "fromString": null, "to": "10001", "toString": "Awaiting Response" }, { "field": "status", "fieldtype": "jira", "from": "4", "fromString": "Reopened", "to": "5", "toString": "Resolved" } ] }, { "id": "2668476", "author": "arisabot", "created": "2022-09-14T15:56:32.808+0300", "items": [ { "field": "resolution", "fieldtype": "jira", "from": "10001", "fromString": "Awaiting Response", "to": null, "toString": null }, { "field": "status", "fieldtype": "jira", "from": "5", "fromString": "Resolved", "to": "4", "toString": "Reopened" } ] }, { "id": "2684474", "author": "goldenhelmet", "created": "2022-10-24T02:11:19.119+0300", "items": [ { "field": "Version", "fieldtype": "jira", "from": null, "fromString": null, "to": "21176", "toString": "1.19.31 Hotfix" } ] }, { "id": "2684475", "author": "goldenhelmet", "created": "2022-10-24T02:11:54.298+0300", "items": [ { "field": "Confirmation Status", "fieldtype": "custom", "from": "10300", "fromString": "Unconfirmed", "to": "10301", "toString": "Plausible" }, { "field": "status", "fieldtype": "jira", "from": "4", "fromString": "Reopened", "to": "4", "toString": "Reopened" } ] }, { "id": "2684750", "author": "goldenhelmet", "created": "2022-10-24T17:57:17.699+0300", "items": [ { "field": "Link", "fieldtype": "jira", "from": null, "fromString": null, "to": "REALMS-10097", "toString": "This issue relates to REALMS-10097" } ] }, { "id": "2695757", "author": "rayth", "created": "2022-11-11T02:06:47.811+0200", "items": [ { "field": "Version", "fieldtype": "jira", "from": null, "fromString": null, "to": "21227", "toString": "1.19.41" } ] }, { "id": "2695763", "author": "rayth", "created": "2022-11-11T02:29:33.226+0200", "items": [ { "field": "environment", "fieldtype": "jira", "from": null, "fromString": null, "to": null, "toString": "Xbox, Playstation" } ] }, { "id": "2704946", "author": "rayth", "created": "2022-12-01T04:23:17.407+0200", "items": [ { "field": "Version", "fieldtype": "jira", "from": null, "fromString": null, "to": "21245", "toString": "1.19.50" } ] }, { "id": "2787753", "author": "rayth", "created": "2023-04-19T17:43:33.203+0300", "items": [ { "field": "Version", "fieldtype": "jira", "from": null, "fromString": null, "to": "21423", "toString": "1.19.73" } ] }, { "id": "2798676", "author": "JIRAUSER648376", "created": "2023-05-08T16:27:11.411+0300", "items": [ { "field": "resolution", "fieldtype": "jira", "from": null, "fromString": null, "to": "10001", "toString": "Awaiting Response" }, { "field": "status", "fieldtype": "jira", "from": "4", "fromString": "Reopened", "to": "5", "toString": "Resolved" } ] }, { "id": "2808619", "author": "rayth", "created": "2023-05-24T10:32:23.926+0300", "items": [ { "field": "Version", "fieldtype": "jira", "from": null, "fromString": null, "to": "21481", "toString": "1.19.83 Hotfix" }, { "field": "Version", "fieldtype": "jira", "from": null, "fromString": null, "to": "21448", "toString": "1.19.81 Hotfix" }, { "field": "Version", "fieldtype": "jira", "from": null, "fromString": null, "to": "21442", "toString": "1.19.80" } ] }, { "id": "2808620", "author": "arisabot", "created": "2023-05-24T10:32:32.615+0300", "items": [ { "field": "resolution", "fieldtype": "jira", "from": "10001", "fromString": "Awaiting Response", "to": null, "toString": null }, { "field": "status", "fieldtype": "jira", "from": "5", "fromString": "Resolved", "to": "4", "toString": "Reopened" } ] }, { "id": "2819350", "author": "rayth", "created": "2023-06-11T01:10:15.013+0300", "items": [ { "field": "Version", "fieldtype": "jira", "from": null, "fromString": null, "to": "21502", "toString": "1.20.0" } ] }, { "id": "2851955", "author": "goldenhelmet", "created": "2023-08-16T00:18:34.915+0300", "items": [ { "field": "Link", "fieldtype": "jira", "from": null, "fromString": null, "to": "MCPE-174284", "toString": "This issue relates to MCPE-174284" } ] }, { "id": "2855525", "author": "mega_spud", "created": "2023-08-22T17:05:36.799+0300", "items": [ { "field": "ADO", "fieldtype": "custom", "from": null, "fromString": null, "to": null, "toString": "416166" }, { "field": "status", "fieldtype": "jira", "from": "4", "fromString": "Reopened", "to": "4", "toString": "Reopened" } ] }, { "id": "2919262", "author": "greymagic27", "created": "2024-01-03T19:26:02.311+0200", "items": [ { "field": "resolution", "fieldtype": "jira", "from": null, "fromString": null, "to": "10001", "toString": "Awaiting Response" }, { "field": "status", "fieldtype": "jira", "from": "4", "fromString": "Reopened", "to": "5", "toString": "Resolved" } ] }, { "id": "2919518", "author": "greymagic27", "created": "2024-01-04T18:55:19.869+0200", "items": [ { "field": "Comment", "fieldtype": "jira", "from": "Is this still an issue in the latest release?", "fromString": null, "to": null, "toString": null } ] } ] } }