CVE-2022-39302
MEDIUMRee6 < 1.9.9 - Incorrect Authorization via Better-Audit-Logging Configuration
Title source: llmDescription
Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds.
References (2)
Core 2
Core References
Patch, Third Party Advisory
https://github.com/Ree6-Applications/Ree6/commit/459b5bc24f0ea27e50031f563373926e94b9aa0a
Third Party Advisory
https://github.com/Ree6-Applications/Ree6/security/advisories/GHSA-v574-xgcf-5w8x
Scores
CVSS v3
5.5
EPSS
0.0038
EPSS Percentile
29.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-863
Status
published
Products (1)
ree6/ree6
< 1.9.9
Published
Oct 14, 2022
Tracked Since
Feb 18, 2026