CVE Vulnerability

CVE-2021-29465

Discord-Recon is a bot for the Discord chat service. Versions of Discord-Recon 0.0.3 and prior contain a vulnerability in which a remote attacker is able to overwrite any file on the system with the command results. This can result in remote code execution when the user overwrite important files on the system. As a workaround, bot maintainers can edit their `setting.py` file then add `` into the `RCE` variable inside of it to fix the issue without an update. The vulnerability is patched in version 0.0.4.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-6pp2-rpj3-jcjx Mitigation Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:discord:discord-recon:*:*:*:*:*:*:*:*
Information

Published : 2021-04-22 01:15

Updated : 2022-10-18 08:49

NVD link : CVE-2021-29465

Mitre link : CVE-2021-29465

Products Affected
No products.
CWE
CWE-78