CVE-2022-21669

EPSS 0.28%
Veröffentlicht 11.01.2022 15:15:08
Zuletzt bearbeitet 21.11.2024 06:45:11
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are planning to update code to reflect this change at a later date.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Puddingbot Project ≫ Puddingbot Version <= 0.0.6-b933652

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.51

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
security-advisories@github.com	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://github.com/PuddingBot/pudding-bot/commit/a5b15fb0a5be5fdbacba8ff7b2c8759d5e3ba20f

Patch

https://github.com/PuddingBot/pudding-bot/security/advisories/GHSA-cxgr-xpmj-9qjm

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-21669

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-21669

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-21669

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-21669