CVE-2021-29502

Опубликовано: 10 мая 2021

Источник: nvd

CVSS3: 7.3

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type !warnsysteminfo to check that their version is 1.3.18 or above. As a workaround users may unload the WarnSystem cog or disable the !warnset description command globally.

Ссылки

https://github.com/retke/Laggrons-Dumb-Cogs/commit/c79dd2cc879989cf2018e76ba2aad0baef3b4ec8
Patch
Third Party Advisory
https://github.com/retke/Laggrons-Dumb-Cogs/security/advisories/GHSA-834g-67vv-m9wq
Mitigation
Patch
Third Party Advisory
https://github.com/retke/Laggrons-Dumb-Cogs/commit/c79dd2cc879989cf2018e76ba2aad0baef3b4ec8
Patch
Third Party Advisory
https://github.com/retke/Laggrons-Dumb-Cogs/security/advisories/GHSA-834g-67vv-m9wq
Mitigation
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:warnsystem_project:warnsystem:*:*:*:*:*:*:*:*

Версия до 1.3.18 (исключая)

EPSS

Процентиль: 53%

0.00306

Низкий

7.3 High

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-74

CWE-94

EPSS

Процентиль: 53%

0.00306

Низкий

7.3 High

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-74

CWE-94