CVE-2019-12395

In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check in servlet/MapStorageHandler.java, an attacker can see a map image without login even if victim enables login-required in setting. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt