Egelhaus

**Name of the Vulnerable Software and Affected Versions** CrawlChat versions prior to 0.0.8 **Description** CrawlChat is a platform that converts technical documentation into intelligent chatbots. Before version 0.0.8, a missing permission check in the Discord bot component allowed users without administrative privileges to add malicious content to the knowledge base. Specifically, the absence of a check for permissions like `MANAGE SERVER` or `MANAGE MESSAGES` allowed regular users to add information to the knowledge base using the `jigsaw` emoji reaction. This could be exploited to manipulate the bot's responses, potentially redirecting users to malicious sites or sending information to unauthorized individuals. The affected functionality involves adding information to the collection's knowledge base. **Recommendations** Update CrawlChat to version 0.0.8 or later.