Lucene search

GitHub_MCVELIST:CVE-2021-29501

HistoryMay 10, 2021 - 4:30 p.m.

CVE-2021-29501 Remote code execution in ticketer

2021-05-1016:30:11

CWE-74

GitHub_M

www.cve.org

cve-2021-29501

ticketer

remote code execution

discord bot

sensitive information

upgrade

version 1.0.1

workaround

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

38.5%

JSON

Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround users may unload the ticketer cog to disable the exploitable code.

CNA Affected

[
  {
    "product": "Dav-Cogs",
    "vendor": "Dav-Git",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.0.1"
      }
    ]
  }
]

References

github.com/Dav-Git/Dav-Cogs/commit/3d54ef9b52ce03f139b7d6c1cc38c375e65593fd

github.com/Dav-Git/Dav-Cogs/security/advisories/GHSA-r2cf-49r7-pfj7

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

38.5%

JSON

Related for CVELIST:CVE-2021-29501