Lucene search

[email protected]NVD:CVE-2024-31442

HistoryApr 08, 2024 - 4:15 p.m.

CVE-2024-31442

2024-04-0816:15:07

CWE-276

[email protected]

web.nvd.nist.gov

redon hub

roblox product delivery

unauthorized access

admin commands

free products

data manipulation

patch needed

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is /products admin clear as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch.

References

github.com/Redon-Tech/Redon-Hub/commit/38cb7c08d4d890e8a1badadbd46f459f06e3cdcd

github.com/Redon-Tech/Redon-Hub/security/advisories/GHSA-3rx8-6453-7q26

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-31442

osv1 cvelist1 vulnrichment1 cve1