Skip to content

Privilege escalation in Defender

High
Twentysix26 published GHSA-cfh8-v56j-5757 Feb 15, 2022

Package

Defender (Red-DiscordBot)

Affected versions

<= v1.9.1

Patched versions

v1.10.0

Description

Impact

A vulnerability has been found in the Defender cog: it allows users with admin privileges to issue commands as other users who share the same server. If a bot owner shares the same server as the attacker it is possible for the attacker to issue bot-owner restricted commands.

Patches

The issue has been patched in version v1.10.0

Workarounds

Unload the Defender cog

For more information

If you have any questions or comments about this advisory:

Severity

High

CVE ID

CVE-2022-23604

Weaknesses

No CWEs