This repository has been archived by the owner on Mar 14, 2023. It is now read-only.

Privilege Escalation issue in makemodechange self action logic

High

RhinosF1 published GHSA-j257-jfvv-h3x5

Oct 12, 2020

Package

sopel_plugins.channelmgnt (pip)

Affected versions

<=1.0.0

Patched versions

1.0.3

Description

Impact

Malicious users are able to op/voice and take over a channel

Patches

On version 1.0.3

Workarounds

Disable channelmgnt

References

https://phab.bots.miraheze.wiki/T117

For more information

If you have any questions or comments about this advisory:

Email us at staff(at)mirahezebots(dot)org

Severity

High

7.7

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N