Zelnickb

**Name of the Vulnerable Software and Affected Versions** MIT IdentiBot versions prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e **Description** A vulnerability in MIT IdentiBot, an open-source Discord bot, allows unauthorized access to sensitive information about Discord users who have verified their affiliation with MIT. The issue arises because IdentiBot does not check if a server is authorized before allowing members to execute certain commands, such as `/kerbid`, which can reveal a user's full name and other information. This vulnerability affects instances of IdentiBot tied to a "public" Discord application that have not been patched. The estimated number of potentially affected devices or users is not specified. **Recommendations** To prevent exploitation of the vulnerability, all vulnerable instances of MIT IdentiBot should be taken offline until they have been updated to the latest version, which contains a patch for this issue, implemented in commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e. As a temporary workaround, consider disabling the execution of slash and user commands in unauthorized servers until the patch is applied.