Mirahezebots Sopel-Channelmgnt vulnerabilities
2 known vulnerabilities affecting mirahezebots/sopel-channelmgnt.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-15251P1MEDIUMCVSS 6.5Exploitedfixed in 1.0.32020-10-13
CVE-2020-15251 [MEDIUM] CWE-863 CVE-2020-15251: In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are ab
In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2 includes 1.0.3 of channelmgnt, and thus is safe from this
nvd
CVE-2021-21431P3HIGHCVSS 8.1fixed in 2.0.12021-04-09
CVE-2021-21431 [HIGH] CWE-20 CVE-2021-21431: sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers
sopel-channelmgnt is a channelmgnt plugin for sopel. In versions prior to 2.0.1, on some IRC servers, restrictions around the removal of the bot using the kick/kickban command could be bypassed when kicking multiple users at once. We also believe it may have been possible to remove users from other channels but due to the wonder that is IRC and followi
nvd