Vulnerabilities > CVE-2021-29493 - Unspecified vulnerability in Kennnyshiwa-Cogs Project Kennnyshiwa-Cogs

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

kennnyshiwa-cogs-project

NVD

Published: 2021-05-06

Updated: 2024-11-21

Summary

Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has been found in the Tickets module of kennnyshiwa-cogs. This exploit allows discord users to craft a message that can reveal sensitive and harmful information. Users can upgrade to version 5a84d60018468e5c0346f7ee74b2b4650a6dade7 to receive a patch or, as a workaround, unload tickets to render the exploit unusable.

Vulnerable Configurations

Part	Description	Count
Application	Kennnyshiwa-Cogs_Project Kennnyshiwa Cogs Project Kennnyshiwa Cogs -	1

References

https://github.com/kennnyshiwa/kennnyshiwa-cogs/commit/5a84d60018468e5c0346f7ee74b2b4650a6dade7
https://github.com/kennnyshiwa/kennnyshiwa-cogs/commit/5a84d60018468e5c0346f7ee74b2b4650a6dade7
https://github.com/kennnyshiwa/kennnyshiwa-cogs/security/advisories/GHSA-f4j2-2cwr-h473
https://github.com/kennnyshiwa/kennnyshiwa-cogs/security/advisories/GHSA-f4j2-2cwr-h473