Vulnerabilities > CVE-2022-21669 - Unspecified vulnerability in Puddingbot Project Puddingbot

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

puddingbot-project

NVD

Published: 2022-01-11

Updated: 2024-11-21

Summary

PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are planning to update code to reflect this change at a later date.

Vulnerable Configurations

Part	Description	Count
Application	Puddingbot_Project Puddingbot Project Puddingbot *	1

References

https://github.com/PuddingBot/pudding-bot/commit/a5b15fb0a5be5fdbacba8ff7b2c8759d5e3ba20f
https://github.com/PuddingBot/pudding-bot/commit/a5b15fb0a5be5fdbacba8ff7b2c8759d5e3ba20f
https://github.com/PuddingBot/pudding-bot/security/advisories/GHSA-cxgr-xpmj-9qjm
https://github.com/PuddingBot/pudding-bot/security/advisories/GHSA-cxgr-xpmj-9qjm