CVE-2022-21669

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-21669

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21669.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-21669

Aliases

GHSA-cxgr-xpmj-9qjm

Published

2022-01-11T00:00:00Z

Modified

2026-04-02T07:46:17.013136Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

Bot token exposed in main.py

Details

PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are planning to update code to reflect this change at a later date.

Database specific

{
    "cwe_ids": [
        "CWE-798"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21669.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/puddingbot/pudding-bot

Affected ranges

Type: GIT
Repo: https://github.com/puddingbot/pudding-bot
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a5b15fb0a5be5fdbacba8ff7b2c8759d5e3ba20f

Type: GIT
Repo: https://github.com/puddingbot/pudding-bot
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a5b15fb0a5be5fdbacba8ff7b2c8759d5e3ba20f

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21669.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "0.0.6-b933652"
            }
        ]
    }
]