Ree6 may bypass webhook protection
CVE-2022-39302

5.5MEDIUM

Key Information:

Vendor: Ree6-applications
Status: Ree6
Vendor: CVE Published:; 14 October 2022

🔔 Create Ree6-applications Vulnerability Alert

What is CVE-2022-39302?

Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Ree6 < 1.9.9

References

https://github.com/Ree6-Applications/Ree6/security/adviso...

https://github.com/Ree6-Applications/Ree6/commit/459b5bc2...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 14, 2022
Vulnerability Reserved
Sep 2, 2022

JSON

Ree6-applications