Open SocketIO Web Server in PreMiD Allows Unauthorized Access to Discord User Information

Open SocketIO Web Server in PreMiD Allows Unauthorized Access to Discord User Information

CVE-2020-24928 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 3020) open to all origins, which allows attackers to obtain sensitive Discord user information.

Learn more about our Web App Pen Testing.