CVE-2024-21663 - OpenCVE

Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Demon1a	Discord-recon

Configuration 1 [-]

OR	cpe:2.3:a:demon1a:discord-recon::::::discord::*
	cpe:2.3:a:demon1a:discord-recon:0.0.8:beta::::discord::*

References

Link	Resource
https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a	Patch
https://github.com/DEMON1A/Discord-Recon/issues/23	Exploit Issue Tracking Third Party Advisory
https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7	Exploit Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-08T23:57:54.897Z

Updated: 2024-01-08T23:57:54.897Z

Reserved: 2023-12-29T16:10:20.367Z

Link: CVE-2024-21663

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-01-09T00:15:44.790

Modified: 2024-01-12T15:22:42.607

Link: CVE-2024-21663

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-21663", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-29T16:10:20.367Z", "datePublished": "2024-01-08T23:57:54.897Z", "dateUpdated": "2024-01-08T23:57:54.897Z"}, "containers": {"cna": {"title": "Remote code execution on ReconServer due to improper input sanitization on the prips command", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7"}, {"name": "https://github.com/DEMON1A/Discord-Recon/issues/23", "tags": ["x_refsource_MISC"], "url": "https://github.com/DEMON1A/Discord-Recon/issues/23"}, {"name": "https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a", "tags": ["x_refsource_MISC"], "url": "https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a"}], "affected": [{"vendor": "DEMON1A", "product": "Discord-Recon", "versions": [{"version": "< 0.0.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-08T23:57:54.897Z"}, "descriptions": [{"lang": "en", "value": "Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.\n"}], "source": {"advisory": "GHSA-fjcj-g7x8-4rp7", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:demon1a:discord-recon:*:*:*:*:*:discord:*:*", "matchCriteriaId": "C89EDC32-6EF6-4868-A4A5-911E552F82B8", "versionEndExcluding": "0.0.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:demon1a:discord-recon:0.0.8:beta:*:*:*:discord:*:*", "matchCriteriaId": "5EF620EA-979B-4367-903C-DC2BFAFCAD09", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.\n"}, {"lang": "es", "value": "Discord-Recon es un bot de Discord creado para automatizar el reconocimiento de errores, escaneos automatizados y recopilaci\u00f3n de informaci\u00f3n a trav\u00e9s de un servidor de Discord. Discord-Recon es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede ejecutar comandos de shell en el servidor sin tener una funci\u00f3n de administrador. Esta vulnerabilidad se ha solucionado en la versi\u00f3n 0.0.8."}], "id": "CVE-2024-21663", "lastModified": "2024-01-12T15:22:42.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-01-09T00:15:44.790", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/DEMON1A/Discord-Recon/issues/23"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Secondary"}]}