Vulnerability Description
WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type `!warnsysteminfo` to check that their version is 1.3.18 or above. As a workaround users may unload the WarnSystem cog or disable the `!warnset description` command globally.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Warnsystem Project | Warnsystem | < 1.3.18 |
Related Weaknesses (CWE)
References
- https://github.com/retke/Laggrons-Dumb-Cogs/commit/c79dd2cc879989cf2018e76ba2aadPatchThird Party Advisory
- https://github.com/retke/Laggrons-Dumb-Cogs/security/advisories/GHSA-834g-67vv-mMitigationPatchThird Party Advisory
- https://github.com/retke/Laggrons-Dumb-Cogs/commit/c79dd2cc879989cf2018e76ba2aadPatchThird Party Advisory
- https://github.com/retke/Laggrons-Dumb-Cogs/security/advisories/GHSA-834g-67vv-mMitigationPatchThird Party Advisory
FAQ
What is CVE-2021-29502?
CVE-2021-29502 is a vulnerability with a CVSS score of 7.3 (HIGH). WarnSystem is a cog (plugin) for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not pro...
How severe is CVE-2021-29502?
CVE-2021-29502 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-29502?
Check the references section above for vendor advisories and patch information. Affected products include: Warnsystem Project Warnsystem.