CVE-2024-26136

EPSS 0.27%
Veröffentlicht 20.02.2024 22:15:08
Zuletzt bearbeitet 05.02.2025 22:35:04
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 exposes an account access token in the `config.json` file. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious actions on behalf of the repository owner. As of time of publication, it is unknown whether the owner of the repository has rotated the token or taken other mitigation steps aside from informing users of the situation.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openjsf ≫ Electroncord SwPlatformdiscord Version < 2024-02-19

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.503

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://github.com/kedi/ElectronCord/commit/aaaeaf4e6c99893827b2eea4dd02f755e1e24041

Patch

https://github.com/kedi/ElectronCord/security/advisories/GHSA-ppwc-5vwp-mhw8

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-26136

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-26136

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-26136

EUVD