Vulnerability: Cross-Guild Log Channel Exploitation in Ree6

Vulnerability: Cross-Guild Log Channel Exploitation in Ree6

CVE-2022-39302 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds.

Learn more about our Web App Pen Testing.