CVE-2024-21663 - Vulnerability Details - OpenCVE

Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01336.

Key SSVC decision points have not yet been added.

Vendors	Products
Demon1a Subscribe	Discord-recon Subscribe

Configuration 1 [-]

OR	cpe:2.3:a:demon1a:discord-recon::::::discord::*
	cpe:2.3:a:demon1a:discord-recon:0.0.8:beta::::discord::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-19287	Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a
https://github.com/DEMON1A/Discord-Recon/issues/23
https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-08T23:57:54.897Z

Updated: 2024-09-04T15:15:08.076Z

Reserved: 2023-12-29T16:10:20.367Z

Link: CVE-2024-21663

Vulnrichment

Updated: 2024-08-01T22:27:35.956Z

NVD

Status : Modified

Published: 2024-01-09T00:15:44.790

Modified: 2024-11-21T08:54:49.297

Link: CVE-2024-21663

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21663", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-29T16:10:20.367Z", "datePublished": "2024-01-08T23:57:54.897Z", "dateUpdated": "2024-09-04T15:15:08.076Z"}, "containers": {"cna": {"title": "Remote code execution on ReconServer due to improper input sanitization on the prips command", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7"}, {"name": "https://github.com/DEMON1A/Discord-Recon/issues/23", "tags": ["x_refsource_MISC"], "url": "https://github.com/DEMON1A/Discord-Recon/issues/23"}, {"name": "https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a", "tags": ["x_refsource_MISC"], "url": "https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a"}], "affected": [{"vendor": "DEMON1A", "product": "Discord-Recon", "versions": [{"version": "< 0.0.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-08T23:57:54.897Z"}, "descriptions": [{"lang": "en", "value": "Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.\n"}], "source": {"advisory": "GHSA-fjcj-g7x8-4rp7", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:35.956Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7"}, {"name": "https://github.com/DEMON1A/Discord-Recon/issues/23", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/DEMON1A/Discord-Recon/issues/23"}, {"name": "https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-13T19:58:08.645969Z", "id": "CVE-2024-21663", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T15:15:08.076Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7", "name": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/DEMON1A/Discord-Recon/issues/23", "name": "https://github.com/DEMON1A/Discord-Recon/issues/23", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a", "name": "https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:27:35.956Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21663", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-13T19:58:08.645969Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-04T15:14:59.918Z"}}], "cna": {"title": "Remote code execution on ReconServer due to improper input sanitization on the prips command", "source": {"advisory": "GHSA-fjcj-g7x8-4rp7", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "DEMON1A", "product": "Discord-Recon", "versions": [{"status": "affected", "version": "< 0.0.8"}]}], "references": [{"url": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7", "name": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/DEMON1A/Discord-Recon/issues/23", "name": "https://github.com/DEMON1A/Discord-Recon/issues/23", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a", "name": "https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-08T23:57:54.897Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21663", "state": "PUBLISHED", "dateUpdated": "2024-09-04T15:15:08.076Z", "dateReserved": "2023-12-29T16:10:20.367Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-01-08T23:57:54.897Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:demon1a:discord-recon:*:*:*:*:*:discord:*:*", "matchCriteriaId": "C89EDC32-6EF6-4868-A4A5-911E552F82B8", "versionEndExcluding": "0.0.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:demon1a:discord-recon:0.0.8:beta:*:*:*:discord:*:*", "matchCriteriaId": "5EF620EA-979B-4367-903C-DC2BFAFCAD09", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8.\n"}, {"lang": "es", "value": "Discord-Recon es un bot de Discord creado para automatizar el reconocimiento de errores, escaneos automatizados y recopilaci\u00f3n de informaci\u00f3n a trav\u00e9s de un servidor de Discord. Discord-Recon es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede ejecutar comandos de shell en el servidor sin tener una funci\u00f3n de administrador. Esta vulnerabilidad se ha solucionado en la versi\u00f3n 0.0.8."}], "id": "CVE-2024-21663", "lastModified": "2024-11-21T08:54:49.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-09T00:15:44.790", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/DEMON1A/Discord-Recon/issues/23"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/DEMON1A/Discord-Recon/issues/23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}