Lucene search

K
cvelistGitHub_MCVELIST:CVE-2022-39302
HistoryOct 13, 2022 - 12:00 a.m.

CVE-2022-39302 Ree6 may bypass webhook protection

2022-10-1300:00:00
CWE-863
GitHub_M
www.cve.org
cve-2022-39302
ree6
webhook protection
vulnerability
raid protection
log messages
mass advertisements
patch 1.9.9
workarounds

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

19.5%

Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as “Better-Audit-Logging” which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds.

CNA Affected

[
  {
    "vendor": "Ree6-Applications",
    "product": "Ree6",
    "versions": [
      {
        "version": "< 1.9.9",
        "status": "affected"
      }
    ]
  }
]

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

19.5%

Related for CVELIST:CVE-2022-39302