CVE-2021-29461

{"id": "CVE-2021-29461", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-04-20T20:15:08.270", "references": [{"url": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-3m9v-v33c-g83x", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-3m9v-v33c-g83x", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-94"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-88"}]}], "descriptions": [{"lang": "en", "value": "Discord Recon Server is a bot that allows one to do one's reconnaissance process from one's Discord. A vulnerability in Discord Recon Server prior to 0.0.3 could be exploited to read internal files from the system and write files into the system resulting in remote code execution. This issue has been fixed in version 0.0.3. As a workaround, one may copy the code from `assets/CommandInjection.py` in the Discord Recon Server code repository and overwrite vulnerable code from one's own Discord Recon Server implementation with code that contains the patch."}, {"lang": "es", "value": "Discord Recon Server es un bot que permite hacer el proceso de reconocimiento desde el propio Discord. Una vulnerabilidad en Discord Recon Server anterior a la versi\u00f3n 0.0.3 pod\u00eda ser explotada para leer archivos internos del sistema y escribir archivos en el sistema, lo que resultaba en la ejecuci\u00f3n remota de c\u00f3digo. Este problema se ha corregido en la versi\u00f3n 0.0.3. Como soluci\u00f3n, se puede copiar el c\u00f3digo de `assets/CommandInjection.py` en el repositorio de c\u00f3digo de Discord Recon Server y sobrescribir el c\u00f3digo vulnerable de la propia implementaci\u00f3n de Discord Recon Server con el c\u00f3digo que contiene el parche"}], "lastModified": "2024-11-21T06:01:09.530", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:demon1a:discord-recon:0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B890F480-6D48-45AE-B874-24B8BC9FF5A1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}