Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Redon-Hub has incorrect permissions on all admin related commands
Vulnerability Description
Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
缺省权限不正确
Vulnerability Title
Redon Hub 安全漏洞
Vulnerability Description
Redon Hub是Redon Tech开源的一个产品交付系统。 Redon Hub 1.0.2之前版本存在安全漏洞,该漏洞源于权限配置不当,导致所有用户都可以运行与管理员相关的命令。
CVSS Information
N/A
Vulnerability Type
N/A