Vulnerability Details CVE-2024-31442
Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.0%
CVSS Severity
CVSS v3 Score 8.8
References
- https://github.com/Redon-Tech/Redon-Hub/commit/38cb7c08d4d890e8a1badadbd46f459f06e3cdcd
- https://github.com/Redon-Tech/Redon-Hub/security/advisories/GHSA-3rx8-6453-7q26
- https://github.com/Redon-Tech/Redon-Hub/commit/38cb7c08d4d890e8a1badadbd46f459f06e3cdcd
- https://github.com/Redon-Tech/Redon-Hub/security/advisories/GHSA-3rx8-6453-7q26
Products affected by CVE-2024-31442
-
cpe:2.3:a:redon:roblox_purchasing_hub:0.8
-
cpe:2.3:a:redon:roblox_purchasing_hub:0.9
-
cpe:2.3:a:redon:roblox_purchasing_hub:1.0
-
cpe:2.3:a:redon:roblox_purchasing_hub:1.0.1