PT-2022-16119 · Unknown · X26-Cogs Defender Cog

Published

2022-02-15

Updated

2022-02-24

CVE-2022-23604

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions x26-Cogs Defender cog versions prior to 1.10.0

Description A vulnerability in the Defender cog allows users with admin privileges to issue commands as other users who share the same server. If a bot owner shares the same server as the attacker, it is possible for the attacker to issue bot-owner restricted commands.

Recommendations For versions prior to 1.10.0, update to version 1.10.0 to resolve the issue. As a temporary workaround, consider unloading the Defender cog until the patch is applied.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2022-23604

GHSA-CFH8-V56J-5757

Affected Products

X26-Cogs Defender Cog

PT-2022-16119 · Unknown · X26-Cogs Defender Cog

CVE-2022-23604

Weakness Enumeration

Related Identifiers

Affected Products

References · 7