Vulnerability Description
In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This critical exploit has been fixed on version 3.3.11.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cogboard | Red Discord Bot | < 3.3.11 |
Related Weaknesses (CWE)
References
- https://github.com/Cog-Creators/Red-DiscordBot/pull/4175/commits/9ab536235bafc2bPatchThird Party Advisory
- https://github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-55j9-849Third Party Advisory
- https://github.com/Cog-Creators/Red-DiscordBot/pull/4175/commits/9ab536235bafc2bPatchThird Party Advisory
- https://github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-55j9-849Third Party Advisory
FAQ
What is CVE-2020-15140?
CVE-2020-15140 is a vulnerability with a CVSS score of 8.2 (HIGH). In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia m...
How severe is CVE-2020-15140?
CVE-2020-15140 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15140?
Check the references section above for vendor advisories and patch information. Affected products include: Cogboard Red Discord Bot.