← Volver a CVEs

CVE-2024-21663

CRITICAL

9.9

Descripcion

Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.

Detalles CVE

Puntuacion CVSS v3.19.9

SeveridadCRITICAL

Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vector de ataqueNETWORK

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado1/9/2024

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

demon1a:discord-recon

Debilidades (CWE)

CWE-20CWE-77

Referencias

https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a(security-advisories@github.com)

https://github.com/DEMON1A/Discord-Recon/issues/23(security-advisories@github.com)

https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7(security-advisories@github.com)

https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/DEMON1A/Discord-Recon/issues/23(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.