Lucene search

GitHub_MCVELIST:CVE-2020-15172

HistorySep 15, 2020 - 6:45 p.m.

CVE-2020-15172 Remote Code Execution in Act module

2020-09-1518:45:13

CWE-502

GitHub_M

www.cve.org

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

8.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.2%

JSON

The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and/or access sensitive information. Unloading the Act module with unload act can render this exploit inaccessible.

CNA Affected

[
  {
    "product": "FluffyCogs",
    "vendor": "zephyrkul",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.0.38"
      }
    ]
  }
]

References

github.com/zephyrkul/FluffyCogs/commit/6b9f3b862e1f0a5429c62f3090f814e53a242347

github.com/zephyrkul/FluffyCogs/security/advisories/GHSA-rm7m-j4xp-rv2p

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

8.9 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.2%

JSON

Related for CVELIST:CVE-2020-15172