CVE-2024-39905
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-39905
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-39905.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-39905
- Aliases
- Published
- 2024-07-11T15:43:34Z
- Modified
- 2025-10-22T18:42:54.871920Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- Red-DiscordBot vulnerable to Incorrect Authorization in commands API
- Details
-
Red is a fully modular Discord bot. Due to a bug in Red's Core API, 3rd-party cogs using the
@commands.can_manage_channel()command permission check without additional permission controls may authorize a user to run a command even when that user doesn't have permissions to manage a channel. None of the core commands or core cogs are affected. The maintainers of the project are not aware of any public 3rd-party cog utilizing this API at the time of writing this advisory. The problem was patched and released in version 3.5.10. - Database specific
{ "cwe_ids": [ "CWE-863" ] }- References