Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-26136

kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 exposes an account access token in the `config.json` file. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious actions on behalf of the repository owner. As of time of publication, it is unknown whether the owner of the repository has rotated the token or taken other mitigation steps aside from informing users of the situation.

Published

2024-02-20T22:15:08.767

Last Modified

2025-02-05T22:35:04.903

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-200
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openjsf	electroncord	< 2024-02-19	Yes

References

https://github.com/kedi/ElectronCord/commit/aaaeaf4e6c99893827b2eea4dd02f755e1e24041 Patch ([email protected])
https://github.com/kedi/ElectronCord/security/advisories/GHSA-ppwc-5vwp-mhw8 Vendor Advisory ([email protected])
https://github.com/kedi/ElectronCord/commit/aaaeaf4e6c99893827b2eea4dd02f755e1e24041 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/kedi/ElectronCord/security/advisories/GHSA-ppwc-5vwp-mhw8 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)