PT-2021-19828 · Roomer · Roomer

Dav-Git

Published

2021-05-28

Updated

2022-07-02

CVE-2021-32646

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Roomer versions prior to 1.0.1

Description A vulnerability has been discovered in the Roomer discord bot cog, allowing discord users to gain manage channel permissions in a private voice channel they have joined. This enables them to make changes to or delete the voice channel. The exploit is limited to the voice channel they have taken over and does not provide access or control to other channels in the server.

Recommendations For versions prior to 1.0.1, upgrade to version 1.0.1 for a patched version of the cog. As a temporary workaround, consider disabling private VCs in your guild (server) or unloading the Roomer cog to render the exploit unusable.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2021-32646

GHSA-3F73-8J6Q-28V8

Affected Products

Roomer

PT-2021-19828 · Roomer · Roomer

CVE-2021-32646

Weakness Enumeration

Related Identifiers

Affected Products

References · 4