Lucene search

GitHub_MCVELIST:CVE-2021-29466

HistoryApr 22, 2021 - 12:35 a.m.

CVE-2021-29466 Path Traversal at Discord-Recon .recon Command Path

2021-04-2200:35:13

CWE-24

GitHub_M

www.cve.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.004 Low

EPSS

Percentile

74.7%

JSON

Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information. As a workaround, a bot maintainer can locate the file app.py and add .replace('..', '') into the Path variable inside of the recon function. The vulnerability is patched in version 0.0.4.

CNA Affected

[
  {
    "product": "Discord-Recon",
    "vendor": "DEMON1A",
    "versions": [
      {
        "status": "affected",
        "version": "<= 0.0.3"
      }
    ]
  }
]

References

github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-p2pw-8xwf-879g

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.004 Low

EPSS

Percentile

74.7%

JSON

Related for CVELIST:CVE-2021-29466