CVE-2024-26136
HIGHopenjsf electroncord < 2024-02-19 - Exposure of Sensitive Information via config.json
Title source: llmDescription
kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 exposes an account access token in the `config.json` file. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious actions on behalf of the repository owner. As of time of publication, it is unknown whether the owner of the repository has rotated the token or taken other mitigation steps aside from informing users of the situation.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/kedi/ElectronCord/security/advisories/GHSA-ppwc-5vwp-mhw8
Patch x_refsource_misc
https://github.com/kedi/ElectronCord/commit/aaaeaf4e6c99893827b2eea4dd02f755e1e24041
Scores
CVSS v3
7.5
EPSS
0.0054
EPSS Percentile
41.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (1)
openjsf/electroncord
< 2024-02-19
Published
Feb 20, 2024
Tracked Since
Feb 18, 2026