GitHub_MCVELIST:CVE-2020-15140CVE-2020-15140 Remote Code Execution in Red Discord Bot
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
27.1%
In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module’s leaderboard command. By abusing this exploit, it’s possible to perform destructive actions and/or access sensitive information. This critical exploit has been fixed on version 3.3.11.
CNA Affected
[
{
"product": "Red-DiscordBot",
"vendor": "Cog-Creators",
"versions": [
{
"status": "affected",
"version": "< 3.3.11"
}
]
}
]Related
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
27.1%