Lucene search

GitHub_MCVELIST:CVE-2021-29493

HistoryMay 06, 2021 - 7:35 p.m.

CVE-2021-29493 Kennnyshiwa-cogs vulnerable to Remote Code Execution in Tickets Module

2021-05-0619:35:11

CWE-94

GitHub_M

www.cve.org

kennnyshiwa-cogs

rce

tickets module

discord

upgrade

patch

exploit

discordbot

sensitive information

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

38.8%

JSON

Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has been found in the Tickets module of kennnyshiwa-cogs. This exploit allows discord users to craft a message that can reveal sensitive and harmful information. Users can upgrade to version 5a84d60018468e5c0346f7ee74b2b4650a6dade7 to receive a patch or, as a workaround, unload tickets to render the exploit unusable.

CNA Affected

[
  {
    "vendor": "kennnyshiwa",
    "product": "kennnyshiwa-cogs",
    "versions": [
      {
        "version": "< 5a84d60018468e5c0346f7ee74b2b4650a6dade7",
        "status": "affected"
      }
    ]
  }
]

References

github.com/kennnyshiwa/kennnyshiwa-cogs/commit/5a84d60018468e5c0346f7ee74b2b4650a6dade7

github.com/kennnyshiwa/kennnyshiwa-cogs/security/advisories/GHSA-f4j2-2cwr-h473

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

38.8%

JSON

Related for CVELIST:CVE-2021-29493