Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Quest Bot: AutoMod removal can delete rules from another guild by global rule ID
Vulnerability Description
Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without verifying that the rule belongs to the guild where the command is executed. A user can learn a victim guild’s AutoMod rule ID through autocomplete, then remove that rule from another guild where they have Manage Server. This issue has been patched in version 1.0.5.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
Quest Bot 安全漏洞
Vulnerability Description
Quest Bot是Duck Organization开源的一款多功能Discord社区管理机器人。 Quest Bot 1.0.5之前版本存在安全漏洞,该漏洞源于AutoMod删除流程未验证规则所属服务器,可能导致用户从其他服务器删除规则。
CVSS Information
N/A
Vulnerability Type
N/A