Vulnerability Description
x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to version 1.10.0 allows users with admin privileges to issue commands as other users who share the same server. If a bot owner shares the same server as the attacker, it is possible for the attacker to issue bot-owner restricted commands. The issue has been patched in version 1.10.0. One may unload the Defender cog as a workaround.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| X26-Cogs Project | X26-Cogs | < 1.10.0 |
Related Weaknesses (CWE)
References
- https://github.com/Twentysix26/x26-Cogs/commit/72dd9323cb4c90f3a5accac7087605375PatchThird Party Advisory
- https://github.com/Twentysix26/x26-Cogs/releases/tag/v1.10Release NotesThird Party Advisory
- https://github.com/Twentysix26/x26-Cogs/security/advisories/GHSA-cfh8-v56j-5757Issue TrackingThird Party Advisory
- https://github.com/Twentysix26/x26-Cogs/commit/72dd9323cb4c90f3a5accac7087605375PatchThird Party Advisory
- https://github.com/Twentysix26/x26-Cogs/releases/tag/v1.10Release NotesThird Party Advisory
- https://github.com/Twentysix26/x26-Cogs/security/advisories/GHSA-cfh8-v56j-5757Issue TrackingThird Party Advisory
FAQ
What is CVE-2022-23604?
CVE-2022-23604 is a vulnerability with a CVSS score of 8.8 (HIGH). x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to ver...
How severe is CVE-2022-23604?
CVE-2022-23604 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23604?
Check the references section above for vendor advisories and patch information. Affected products include: X26-Cogs Project X26-Cogs.