Vulnerabilities > CVE-2024-26136 - Unspecified vulnerability in Openjsf Electroncord

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

openjsf

NVD

Published: 2024-02-20

Updated: 2025-02-05

Summary

kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 exposes an account access token in the `config.json` file. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious actions on behalf of the repository owner. As of time of publication, it is unknown whether the owner of the repository has rotated the token or taken other mitigation steps aside from informing users of the situation.

Vulnerable Configurations

Part	Description	Count
Application	Openjsf Openjsf Electroncord *	1

References

https://github.com/kedi/ElectronCord/commit/aaaeaf4e6c99893827b2eea4dd02f755e1e24041
https://github.com/kedi/ElectronCord/commit/aaaeaf4e6c99893827b2eea4dd02f755e1e24041
https://github.com/kedi/ElectronCord/security/advisories/GHSA-ppwc-5vwp-mhw8
https://github.com/kedi/ElectronCord/security/advisories/GHSA-ppwc-5vwp-mhw8