Lucene search

GitHub_MCVELIST:CVE-2020-15147

HistoryAug 21, 2020 - 5:15 p.m.

CVE-2020-15147 Remote Code Execution in Red Discord Bot

2020-08-2117:15:16

CWE-94

GitHub_M

www.cve.org

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.7%

JSON

Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted “going live” messages to inject code into the Streams module’s going live message. By abusing this exploit, it’s possible to perform destructive actions and/or access sensitive information. As a workaround, unloading the Trivia module with unload streams can render this exploit not accessible. It is highly recommended updating to 3.3.12 or 3.4 to completely patch this issue.

CNA Affected

[
  {
    "product": "Red-DiscordBot",
    "vendor": "Cog-Creators",
    "versions": [
      {
        "status": "affected",
        "version": "< 3.3.12"
      }
    ]
  }
]

References

github.com/Cog-Creators/Red-DiscordBot/pull/4183

github.com/Cog-Creators/Red-DiscordBot/pull/4183/commits/e269ea0d3bc88417163c18431b1df38a9be92bfc

github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-7257-96vg-qf6x

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.7%

JSON

Related for CVELIST:CVE-2020-15147