Lucene search

GitHub_MCVE-2024-31442

HistoryApr 08, 2024 - 4:15 p.m.

CVE-2024-31442

2024-04-0816:15:07

CWE-276

GitHub_M

web.nvd.nist.gov

redon hub

roblox

unauthorized access

admin commands

product delivery bot

security patch

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

EPSS

Percentile

9.0%

JSON

Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is /products admin clear as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch.

Affected configurations

Vulners

Node

redon-techredon_hubRange<1.0.2

VendorProductVersionCPE
redon-techredon_hub*cpe:2.3:a:redon-tech:redon_hub:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
redon-tech	redon_hub	*	cpe:2.3:a:redon-tech:redon_hub::::::::

CNA Affected

[
  {
    "vendor": "Redon-Tech",
    "product": "Redon-Hub",
    "versions": [
      {
        "version": "< 1.0.2",
        "status": "affected"
      }
    ]
  }
]

References

github.com/Redon-Tech/Redon-Hub/commit/38cb7c08d4d890e8a1badadbd46f459f06e3cdcd

github.com/Redon-Tech/Redon-Hub/security/advisories/GHSA-3rx8-6453-7q26

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2024-31442