← Zuruck zu CVEs

CVE-2024-21663

CRITICAL

9.9

Beschreibung

Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.

CVE Details

CVSS v3.1 Bewertung9.9

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienLOW

BenutzerinteraktionNONE

Veroffentlicht1/9/2024

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

demon1a:discord-recon

Schwachen (CWE)

CWE-20CWE-77

Referenzen

https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a(security-advisories@github.com)

https://github.com/DEMON1A/Discord-Recon/issues/23(security-advisories@github.com)

https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7(security-advisories@github.com)

https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/DEMON1A/Discord-Recon/issues/23(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.