Skip to content
This repository has been archived by the owner on Apr 7, 2021. It is now read-only.

CVE-2020-5302

High
examknow published GHSA-7hf3-wvp8-34r9 Apr 7, 2020

Package

No package listed

Affected versions

23d9d5b0a59667a5d6816fdabb960b537a5f9ed1

Patched versions

be7686a040c99a63b5e49580c4828075b717a15f

Description

Impact

This weekend the development team found and addressed a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in.

Patches

The issue has been since resolved with the help of @RhinosF1. Now the user's hostmask is checked to verify the user is logged into the correct account with all steward actions taken using the bot's IRC interface.

References

You can find the full change at 2eac90d...1a62da1

For more information

If you have any questions or comments about this advisory:

Severity

High

CVE ID

CVE-2020-5302

Weaknesses

No CWEs