CVE-2021-32646

Roomer is a discord bot cog (extension) which provides automatic voice channel generation as well as private voice and text channels. A vulnerability has been discovered allowing discord users to get the ``manage channel`` permissions in a private VC they have joined. This allowed them to make changes to or delete the voice channel they have taken over. The exploit does not allow access or control to any other channels in the server. Upgrade to version 1.0.1 for a patched version of the cog. As a workaround you may disable private VCs in your guild(server) or unload the roomer cog to render the exploit unusable.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dav-cogs_project:dav-cogs:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:07

Type Values Removed Values Added
References () https://github.com/Dav-Git/Dav-Cogs/commit/fbe2ae8ec851a2e9e3e2370db3b812f268e8c8cb - Patch, Third Party Advisory () https://github.com/Dav-Git/Dav-Cogs/commit/fbe2ae8ec851a2e9e3e2370db3b812f268e8c8cb - Patch, Third Party Advisory
References () https://github.com/Dav-Git/Dav-Cogs/security/advisories/GHSA-3f73-8j6q-28v8 - Patch, Third Party Advisory () https://github.com/Dav-Git/Dav-Cogs/security/advisories/GHSA-3f73-8j6q-28v8 - Patch, Third Party Advisory
CVSS v2 : 7.5
v3 : 7.3
v2 : 7.5
v3 : 5.3

Information

Published : 2021-05-28 18:15

Updated : 2024-11-21 06:07


NVD link : CVE-2021-32646

Mitre link : CVE-2021-32646

CVE.ORG link : CVE-2021-32646


JSON object : View

Products Affected

dav-cogs_project

  • dav-cogs
CWE
CWE-287

Improper Authentication

NVD-CWE-noinfo