Vulnerability Details : CVE-2022-23604
x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to version 1.10.0 allows users with admin privileges to issue commands as other users who share the same server. If a bot owner shares the same server as the attacker, it is possible for the attacker to issue bot-owner restricted commands. The issue has been patched in version 1.10.0. One may unload the Defender cog as a workaround.
Products affected by CVE-2022-23604
- cpe:2.3:a:x26-cogs_project:x26-cogs:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-23604
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-23604
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
GitHub, Inc. |
CWE ids for CVE-2022-23604
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: security-advisories@github.com (Secondary)
References for CVE-2022-23604
-
https://github.com/Twentysix26/x26-Cogs/releases/tag/v1.10
Release v1.10 · Twentysix26/x26-Cogs · GitHubRelease Notes;Third Party Advisory
-
https://github.com/Twentysix26/x26-Cogs/commit/72dd9323cb4c90f3a5accac7087605375d178246
[Defender] WD: Ensure issuer of issue-command can view the channel · Twentysix26/x26-Cogs@72dd932 · GitHubPatch;Third Party Advisory
-
https://github.com/Twentysix26/x26-Cogs/security/advisories/GHSA-cfh8-v56j-5757
Privilege escalation in Defender · Advisory · Twentysix26/x26-Cogs · GitHubIssue Tracking;Third Party Advisory
Jump to