78 matches found
CVE-2024-39905
Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the @commands.canmanagechannel command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to manage a channel. None of t...
EUVD-2020-0162
Malware in sbrugna...
EUVD-2021-24191
Malware in sbrugna...
EUVD-2020-7242
Malware in sbrugna...
EUVD-2021-24192
Malware in sbrugna...
EUVD-2020-0163
Malware in sbrugna...
EUVD-2020-0165
Malware in sbrugna...
CVE-2021-29502
WarnSystem is a cog plugin for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type...
CVE-2021-29501
Ticketer is a command based ticket system cog plugin for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround users may unload the ticketer cog to disabl...
CVE-2021-37697
tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific membership event message. Issue is patched in commit d63c49b4cfc30c795336e4fff08cba3795e0fcc0. As a...
CVE-2021-37696
tmerc-cogs are a collection of open source plugins for the Red Discord bot. A vulnerability has been found in the code that allows any user to access sensitive information by crafting a specific MassDM message. Issue is patched in commit 92325be650a6c17940cc52611797533ed95dbbe1. All users are...
CVE-2020-15140
In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive action...
CVE-2020-15278
Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By...
CVE-2020-15147
Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to...
CVE-2020-15172
The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerable to Remote Code Execution. With this exploit, Discord users can use specially crafted messages to perform destructive actions and/or access sensitive information. Unloading the Act module with unload act can render this exploi...
CVE-2020-26249
Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserve...
CVE-2024-39905 Red-DiscordBot vulnerable to Incorrect Authorization in commands API
Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the @commands.canmanagechannel command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to manage a channel. None of t...
CVE-2024-39905
The CVE-2024-39905 issue affects Red-DiscordBot caused by a bug in Red’s Core API: 3rd-party cogs using the can_manage_channel permission check may allow a user to run a command without channel management rights. Core commands/cogs are not affected. The vulnerability was patched in version 3.5.10...
Red Discord Bot Security Vulnerability
Red Discord Bot is a modular bot written in Python by an individual developer. The bot software can be configured to perform different functions based on different modules. A security vulnerability exists in Red Discord Bot versions prior to 3.5.10, which stems from an error in the core API that...
Duplicate Advisory: Unauthorized privilege escalation in Mod module
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-mp9m-g7qj-6vqr. This link is maintained to preserve external references. Original Description Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit...