CVE-2021-32646

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-32646

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32646.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-32646

Related

GHSA-3f73-8j6q-28v8

Published

2021-05-28T18:15:07.493Z

Modified

2026-03-15T14:41:09.767028Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

Roomer is a discord bot cog (extension) which provides automatic voice channel generation as well as private voice and text channels. A vulnerability has been discovered allowing discord users to get the manage channel permissions in a private VC they have joined. This allowed them to make changes to or delete the voice channel they have taken over. The exploit does not allow access or control to any other channels in the server. Upgrade to version 1.0.1 for a patched version of the cog. As a workaround you may disable private VCs in your guild(server) or unload the roomer cog to render the exploit unusable.

References

Affected packages

Git / github.com/dav-git/dav-cogs

Affected ranges

Type: GIT
Repo: https://github.com/dav-git/dav-cogs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fbe2ae8ec851a2e9e3e2370db3b812f268e8c8cb

Type: GIT
Repo: https://github.com/dav-git/dav-cogs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fbe2ae8ec851a2e9e3e2370db3b812f268e8c8cb

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.0.1"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32646.json"