CVE-2021-29493 MEDIUM

CVE-2021-29493: Kennnyshiwa-cogs vulnerable to Remote Code Execution in Tickets Module

Vendor Kennnyshiwa
Product kennnyshiwa-cogs
Weakness CWE-94 · Code injection
Published May 6, 2021
Last update August 3, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has been found in the Tickets module of kennnyshiwa-cogs. This exploit allows discord users to craft a message that can reveal sensitive and harmful information. Users can upgrade to version 5a84d60018468e5c0346f7ee74b2b4650a6dade7 to receive a patch or, as a workaround, unload tickets to render the exploit unusable.

Key dates

02Disclosure timeline

May 6, 2021 CVE published
August 3, 2024 Record updated