Lucene search

GitHub_MCVELIST:CVE-2021-32632

HistoryMay 20, 2021 - 4:10 p.m.

CVE-2021-32632 CSRF allowing modification of commands, modules, banphrases through hidden iFrames

2021-05-2016:10:11

CWE-352

GitHub_M

www.cve.org

pajbot

csrf

vulnerability

version 1.52

twitch

bot

patch

upgrade

stable

workaround

iframes

CVSS3

2.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

43.6%

JSON

Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnerable to cross-site request forgery (CSRF). Hosters of the bot should upgrade to v1.52 or stable to install the patch or, as a workaround, can add one modern dependency.

CNA Affected

[
  {
    "product": "pajbot",
    "vendor": "pajbot",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.52"
      }
    ]
  }
]

References

gist.github.com/Melonify/d8e5d70cdc1bebb871f72dc79d69ac60

github.com/pajbot/pajbot/releases/tag/v1.52

github.com/pajbot/pajbot/security/advisories/GHSA-wmfr-qrg4-qc3h

CVSS3

2.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

43.6%

JSON

Related for CVELIST:CVE-2021-32632