CVE-2021-21431
8.1
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:H/A:H
Exploitability: 1.7 / Impact: 5.8
Source: NVD
Description
sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and following RfCs, We have no POC for that. Freenode is not affected. This is fixed in version 2.0.1. As a workaround, do not use this plugin on networks where TARGMAX > 1.
Affected (1)
Products: Mirahezebots: Channelmgnt
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 2.0.1 |
Related CWEs
CWE-20
Improper Input Validation
The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly.
CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
References (6)
Source: security-advisories@github.com
PatchThird Party Advisory
Source: security-advisories@github.com
Third Party Advisory
Source: security-advisories@github.com
ProductThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ProductThird Party Advisory
Timeline
No history available yet.