Vulnerability Description
Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. As a workaround, unloading the Trivia module with `unload streams` can render this exploit not accessible. It is highly recommended updating to 3.3.12 or 3.4 to completely patch this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cogboard | Red Discord Bot | <= 3.3.11 |
Related Weaknesses (CWE)
References
- https://github.com/Cog-Creators/Red-DiscordBot/pull/4183PatchThird Party Advisory
- https://github.com/Cog-Creators/Red-DiscordBot/pull/4183/commits/e269ea0d3bc8841PatchThird Party Advisory
- https://github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-7257-96vThird Party Advisory
- https://github.com/Cog-Creators/Red-DiscordBot/pull/4183PatchThird Party Advisory
- https://github.com/Cog-Creators/Red-DiscordBot/pull/4183/commits/e269ea0d3bc8841PatchThird Party Advisory
- https://github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-7257-96vThird Party Advisory
FAQ
What is CVE-2020-15147?
CVE-2020-15147 is a vulnerability with a CVSS score of 8.5 (HIGH). Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inj...
How severe is CVE-2020-15147?
CVE-2020-15147 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15147?
Check the references section above for vendor advisories and patch information. Affected products include: Cogboard Red Discord Bot.