Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthorized privilege escalation in Mod module
Vulnerability Description
Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By abusing this exploit, it is possible to perform destructive actions within the guild the user has high privileges in. This exploit has been fixed in version 3.4.1. As a workaround, unloading the Mod module with unload mod or, disabling the massban command with command disable global massban can render this exploit not accessible. We still highly recommend updating to 3.4.1 to completely patch this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
Red Discord Bot 安全漏洞
Vulnerability Description
Red Discord Bot是个人开发者的一个 Python 编写的模块化机器人。该机器人软件可根据不同的模块配置完成不同的功能。 Red Discord Bot 3.4.1之前版本存在安全漏洞,该漏洞源于Mod模块中有一个未授权的特权升级漏洞。当应用程序处于超出该用户控制的特定条件时,该漏洞允许公会中具有高特权级别的不一致用户绕过层次结构检查。通过滥用这个漏洞,有可能在用户拥有高特权的行会内执行破坏性的行为。
CVSS Information
N/A
Vulnerability Type
N/A