CVE-2024-31442

Published: Apr 8, 2024Modified: Jan 7, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: security-advisories@github.com (Secondary)

Description

Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch.

Affected (1)

Products: Redon: Roblox Purchasing Hub

1 product

Roblox Purchasing Hub

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redon Roblox Purchasing Hub	Before 1.0.2

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (4)

https://github.com/Redon-Tech/Redon-Hub/commit/38cb7c08d4d890e8a1badadbd46f459f06e3cdcd

Source: security-advisories@github.com

Patch

https://github.com/Redon-Tech/Redon-Hub/security/advisories/GHSA-3rx8-6453-7q26

Source: security-advisories@github.com

Vendor Advisory

https://github.com/Redon-Tech/Redon-Hub/commit/38cb7c08d4d890e8a1badadbd46f459f06e3cdcd

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/Redon-Tech/Redon-Hub/security/advisories/GHSA-3rx8-6453-7q26

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.