8.8
CVE-2022-23604
- EPSS 1.11%
- Veröffentlicht 15.02.2022 16:15:09
- Zuletzt bearbeitet 21.11.2024 06:48:54
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginPrivilege escalation in Defender
x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to version 1.10.0 allows users with admin privileges to issue commands as other users who share the same server. If a bot owner shares the same server as the attacker, it is possible for the attacker to issue bot-owner restricted commands. The issue has been patched in version 1.10.0. One may unload the Defender cog as a workaround.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
X26-cogs Project ≫ X26-cogs Version < 1.10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.11% | 0.617 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| security-advisories@github.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
https://github.com/Twentysix26/x26-Cogs/commit/72dd9323cb4c90f3a5accac7087605375d178246
https://github.com/Twentysix26/x26-Cogs/releases/tag/v1.10
https://github.com/Twentysix26/x26-Cogs/security/advisories/GHSA-cfh8-v56j-5757