Skip to content

Teleport permission bypass exploit when teleport delay is enabled #5237

New issue
New issue
Open
Open
Teleport permission bypass exploit when teleport delay is enabled#5237
Labels
bug: unconfirmedPotential bugs that need replicating to verify.
@TauCu

Description

@TauCu
TauCu
opened on Jan 30, 2023

Type of bug

Exploit

/ess dump all output

https://essentialsx.net/dump.html?id=79531bc78a7e49a7ad5c9ba178b7d9e2

Error log (if applicable)

No response

Bug description

Players can bypass the "tpaccept" permission check when teleport delay is enabled.
This can be done by an exploiter getting the target to /tpa to them, then, the exploiter starts a teleport timer to a location where they do not have "tpaccept" and then typing /tpaccept before that timer finishes.
This will cause the first timer to teleport the exploiter to the location where they do not have "tpaccept" and then the timer for the target player will finish, resulting in the target teleporting to the exploiters location.

Steps to reproduce

  1. Set teleport delay to ~3 seconds.
  2. Have player1 tpa to player2
  3. Have player1 start teleporting to a location where player1 couldn't /tpaccept
  4. Have player1 /tpaccept before the teleport timer finishes

Observe that once all timers finish player2 ends up in the same location as player1, despite player1 not having permission to /tpaccept in that location

Expected behaviour

player2 to get the message "Error: player1 cannot accept teleportation requests" and for player2 to remain where they are.

Actual behaviour

player2 is teleported to player1 at the location where player1 doesn't have the "tpaccept" permission

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug: unconfirmedPotential bugs that need replicating to verify.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions