Red Discord Bot Dashboard is an easy-to-use interactive web dashboard to control your Redbot. In Red Discord Bot before version 0.1.7a an RCE exploit has been discovered. This exploit allows Discord users with specially crafted Server names and Usernames/Nicknames to inject code into the webserver front-end code. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This high severity exploit has been fixed on version 0.1.7a. There are no workarounds, bot owners must upgrade their relevant packages (Dashboard module and Dashboard webserver) in order to patch this issue.
References
Link | Resource |
---|---|
https://github.com/Cog-Creators/Red-Dashboard/commit/99d88b840674674166ce005b784ae8e31e955ab1 | Patch Third Party Advisory |
https://github.com/Cog-Creators/Red-Dashboard/commit/a6b9785338003ec87fb75305e7d1cc2d40c7ab91 | Patch Third Party Advisory |
https://github.com/Cog-Creators/Red-Dashboard/security/advisories/GHSA-hm45-mgqm-gjm4 | Patch Third Party Advisory |
https://pypi.org/project/Red-Dashboard | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-12-08T23:55:14
Updated: 2020-12-08T23:55:14
Reserved: 2020-10-01T00:00:00
Link: CVE-2020-26249
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-09T00:15:13.157
Modified: 2020-12-10T20:15:02.223
Link: CVE-2020-26249
JSON object: View
Redhat Information
No data.
CWE