CVE-2020-15251: Privilege Escalation in Channelmgnt plug-in for Sopel
(updated )
Malicious users are able to op/voice and take over a channel
References
- github.com/MirahezeBots/MirahezeBots
- github.com/MirahezeBots/MirahezeBots/security/advisories/GHSA-23pc-4339-95vg
- github.com/MirahezeBots/sopel-channelmgnt/pull/3
- github.com/MirahezeBots/sopel-channelmgnt/security/advisories/GHSA-j257-jfvv-h3x5
- github.com/advisories/GHSA-j257-jfvv-h3x5
- github.com/pypa/advisory-database/tree/main/vulns/sopel-plugins-channelmgnt/PYSEC-2020-110.yaml
- nvd.nist.gov/vuln/detail/CVE-2020-15251
- phab.bots.miraheze.wiki/T117
- phab.bots.miraheze.wiki/phame/live/1/post/1/summary
- pypi.org/project/sopel-plugins.channelmgnt
Detect and mitigate CVE-2020-15251 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →