CVE-2021-29461

Discord Recon Server is a bot that allows one to do one's reconnaissance process from one's Discord. A vulnerability in Discord Recon Server prior to 0.0.3 could be exploited to read internal files from the system and write files into the system resulting in remote code execution. This issue has been fixed in version 0.0.3. As a workaround, one may copy the code from `assets/CommandInjection.py` in the Discord Recon Server code repository and overwrite vulnerable code from one's own Discord Recon Server implementation with code that contains the patch.

CVSS v3 8.8 HIGH
CVSS v2.0 9.0 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-3m9v-v33c-g83x	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:demon1a:discord-recon:0.0.2:*:*:*:*:*:*:*

History

12 Jan 2024, 15:05

Type	Values Removed	Values Added
First Time		Demon1a discord-recon Demon1a
CPE	cpe:2.3:a:discord-recon_project:discord-recon:0.0.2:::::::*	cpe:2.3:a:demon1a:discord-recon:0.0.2:::::::*

Information

Published : 2021-04-20 20:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-29461

Mitre link : CVE-2021-29461

CVE.ORG link : CVE-2021-29461

JSON object : View

Products Affected

demon1a

discord-recon

CWE

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2021-29461", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2021-04-20T20:15:08.270", "references": [{"url": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-3m9v-v33c-g83x", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-88"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Discord Recon Server is a bot that allows one to do one's reconnaissance process from one's Discord. A vulnerability in Discord Recon Server prior to 0.0.3 could be exploited to read internal files from the system and write files into the system resulting in remote code execution. This issue has been fixed in version 0.0.3. As a workaround, one may copy the code from `assets/CommandInjection.py` in the Discord Recon Server code repository and overwrite vulnerable code from one's own Discord Recon Server implementation with code that contains the patch."}, {"lang": "es", "value": "Discord Recon Server es un bot que permite hacer el proceso de reconocimiento desde el propio Discord. Una vulnerabilidad en Discord Recon Server anterior a la versi\u00f3n 0.0.3 pod\u00eda ser explotada para leer archivos internos del sistema y escribir archivos en el sistema, lo que resultaba en la ejecuci\u00f3n remota de c\u00f3digo. Este problema se ha corregido en la versi\u00f3n 0.0.3. Como soluci\u00f3n, se puede copiar el c\u00f3digo de `assets/CommandInjection.py` en el repositorio de c\u00f3digo de Discord Recon Server y sobrescribir el c\u00f3digo vulnerable de la propia implementaci\u00f3n de Discord Recon Server con el c\u00f3digo que contiene el parche"}], "lastModified": "2024-01-12T15:05:57.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:demon1a:discord-recon:0.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B890F480-6D48-45AE-B874-24B8BC9FF5A1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}