{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T06:14:37.191","vulnerabilities":[{"cve":{"id":"CVE-2020-15278","sourceIdentifier":"security-advisories@github.com","published":"2020-10-28T17:15:12.420","lastModified":"2024-11-21T05:05:15.323","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By abusing this exploit, it is possible to perform destructive actions within the guild the user has high privileges in. This exploit has been fixed in version 3.4.1. As a workaround, unloading the Mod module with unload mod or, disabling the massban command with command disable global massban can render this exploit not accessible. We still highly recommend updating to 3.4.1 to completely patch this issue."},{"lang":"es","value":"Red Discord Bot versiones anteriores a 3.4.1, presenta una explotación de escalada de privilegios no autorizada en el módulo Mod. Esta explotación permite a usuarios de Discord con un alto nivel de privilegios dentro del gremio omitir una comprobación de jerarquía cuando la aplicación está en una condición específica que se encuentra fuera del control de ese usuario. Al abusar de esta explotación, es posible llevar a cabo acciones destructivas dentro del gremio en el que el usuario presenta altos privilegios. Esta explotación ha sido corregida en la versión 3.4.1. Como solución alternativa, descargar el módulo Mod con unload mod o, desactivar el comando massban con el comando disable global massban puede hacer que esta explotación no sea accesible. Seguimos recomendando encarecidamente actualizar a versión 3.4.1 para parchear completamente este problema"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:P","baseScore":6.0,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cogboard:red_discord_bot:*:*:*:*:*:*:*:*","versionEndExcluding":"3.4.1","matchCriteriaId":"0CDC0C00-B046-47B8-9166-DB25A03119AA"}]}]}],"references":[{"url":"https://github.com/Cog-Creators/Red-DiscordBot/commit/726bfd38adfdfaef760412a68e01447b470f438b","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/Cog-Creators/Red-DiscordBot/releases/tag/3.4.1","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-mp9m-g7qj-6vqr","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/Cog-Creators/Red-DiscordBot/commit/726bfd38adfdfaef760412a68e01447b470f438b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/Cog-Creators/Red-DiscordBot/releases/tag/3.4.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/Cog-Creators/Red-DiscordBot/security/advisories/GHSA-mp9m-g7qj-6vqr","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}