Description
Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround users may unload the ticketer cog to disable the exploitable code.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/Dav-Git/Dav-Cogs/security/advisories/GHSA-r2cf-49r7-pfj7
Patch, Third Party Advisory x_refsource_misc
https://github.com/Dav-Git/Dav-Cogs/commit/3d54ef9b52ce03f139b7d6c1cc38c375e65593fd
Scores
CVSS v3
8.1
EPSS
0.0029
EPSS Percentile
52.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-74
CWE-77
Status
published
Products (1)
dav-cogs_project/dav-cogs
< 1.0.1
Published
May 10, 2021
Tracked Since
Feb 18, 2026