Vulnerability Details CVE-2022-21669
PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are planning to update code to reflect this change at a later date.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.1%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 5.0
References
- https://github.com/PuddingBot/pudding-bot/commit/a5b15fb0a5be5fdbacba8ff7b2c8759d5e3ba20f
- https://github.com/PuddingBot/pudding-bot/security/advisories/GHSA-cxgr-xpmj-9qjm
- https://github.com/PuddingBot/pudding-bot/commit/a5b15fb0a5be5fdbacba8ff7b2c8759d5e3ba20f
- https://github.com/PuddingBot/pudding-bot/security/advisories/GHSA-cxgr-xpmj-9qjm
Products affected by CVE-2022-21669
-
cpe:2.3:a:puddingbot_project:puddingbot:*