Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privilege escalation in Defender
Vulnerability Description
x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to version 1.10.0 allows users with admin privileges to issue commands as other users who share the same server. If a bot owner shares the same server as the attacker, it is possible for the attacker to issue bot-owner restricted commands. The issue has been patched in version 1.10.0. One may unload the Defender cog as a workaround.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
特权管理不恰当
Vulnerability Title
x26-Cogs 安全漏洞
Vulnerability Description
X26-Cogs是Twentysix个人开发者的一种 Red V3 通用齿轮。 x26-Cogs存在安全漏洞,该漏洞允许具有管理员权限的用户像共享同一服务器的其他用户一样发出命令。如果机器人所有者与攻击者可利用该漏洞共享同一个服务器,攻击者可利用该漏洞可能会发出限制机器人所有者的命令。该问题已在1.10.0版本中修复。一个人可以卸下防御者的齿轮作为一个工作区。
CVSS Information
N/A
Vulnerability Type
N/A