Description

Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information. As a workaround, a bot maintainer can locate the file `app.py` and add `.replace('..', '')` into the `Path` variable inside of the `recon` function. The vulnerability is patched in version 0.0.4.

Related CPE's

a

discord

discord-recon

Vulnerable

References

https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-p2pw-8xwf-879g

MitigationThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-22

[email protected]

Secondary
CWE-24

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-04-22T01:15:07.740

4 years ago

Last modified

2021-04-27T20:05:20.233

4 years ago