CVE Vulnerability

CVE-2022-39302

Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds.

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/Ree6-Applications/Ree6/security/advisories/GHSA-v574-xgcf-5w8x Third Party Advisory
https://github.com/Ree6-Applications/Ree6/commit/459b5bc24f0ea27e50031f563373926e94b9aa0a Patch Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:ree6:ree6:*:*:*:*:*:*:*:*
Information

Published : 2022-10-14 12:15

Updated : 2022-10-17 02:47

NVD link : CVE-2022-39302

Mitre link : CVE-2022-39302

Products Affected
No products.
CWE
CWE-863