Sponge Security Question

Hello, I recently pre-launched my Sponge server and a user without permission to use the /sponge plugins command was able to see what plugins were installed on the server. I don’'t understand how that was able to occur. Anyone have any ideas to how this might have happened? Thank you for your time.

Permission plugin?

The permission plugin I use is LuckPerms, version 3.3.34 to be exact, and the spongeForge version was 1.10.2-2477-5.2.0-BETA-2637.

Have you tried checking the logs for commands from that player?

I have, but no commands were logged on the default logger. The user asked if I had “dedicated or singlehop” right before he figured some of the plugins out. Not sure if that would help.