CVE-2022-39302

Published: Oct 14, 2022Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds.

Affected (1)

Products: Ree6: Ree6

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ree6 Ree6	Before 1.9.9

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

https://github.com/Ree6-Applications/Ree6/commit/459b5bc24f0ea27e50031f563373926e94b9aa0a

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/Ree6-Applications/Ree6/security/advisories/GHSA-v574-xgcf-5w8x

Source: security-advisories@github.com

Third Party Advisory

https://github.com/Ree6-Applications/Ree6/commit/459b5bc24f0ea27e50031f563373926e94b9aa0a

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/Ree6-Applications/Ree6/security/advisories/GHSA-v574-xgcf-5w8x

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.