8 matches found
CVE-2023-32687
tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...
CVE-2023-33198
tgstation-server is a production scale tool for BYOND server management. The DreamMaker API DMAPI chat channel cache can possibly be poisoned by a tgstation-server TGS restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the...
Command injection
tgstation-server is a production scale tool for BYOND server management. The DreamMaker API DMAPI chat channel cache can possibly be poisoned by a tgstation-server TGS restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the...
CVE-2023-33198 Incorrectly Specified Chat Message Destinations in tgstation-server and DreamMaker API
tgstation-server is a production scale tool for BYOND server management. The DreamMaker API DMAPI chat channel cache can possibly be poisoned by a tgstation-server TGS restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the...
CVE-2023-33198 Incorrectly Specified Chat Message Destinations in tgstation-server and DreamMaker API
tgstation-server is a production scale tool for BYOND server management. The DreamMaker API DMAPI chat channel cache can possibly be poisoned by a tgstation-server TGS restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the...
CVE-2023-32687 Insufficiently Protected ChatBot Credentials in tgstation-server
tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround,...
Cross-Site Request Forgery (CSRF) in hdinnovations/unit3d-community-edition
Description CSRF allows enable/disable bots CSRF allows flush chatbox Proof of Concept After logging in to unit3d.site, Access this link: https://unit3d.site/dashboard/chat/bots/2/disable, https://unit3d.site/dashboard/chat/bots/2/enable See that the chat bot is disabled/enabled correspondingly...
Chat Bots Are Trying to Fake You Out
Web robots, commonly referred to as “bots,” are software programs written to do automated tasks, like crawling the Web looking for new sites. They also appear in chat rooms and instant messaging services masquerading as real people. Read the full article. cnet...