Description
Core Bot Is an Open Source discord bot made for maple hospital servers. Prior to commit dffe050, the API keys (SUPABASE_API_KEY, TOKEN) are loaded using environment variables, but there are cases in code (error handling, summaries, webhooks) where configuration summaries may inadvertently leak sensitive data (e.g., by failing to redact data in summary embeds or logs). This issue has been patched via commit dffe050.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://github.com/Intercore-Productions/Core-Bot/security/advisories/GHSA-42j6-x28v-38r8
Scores
CVSS v4
8.8
EPSS
0.0022
EPSS Percentile
12.4%
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-200
Status
published
Products (1)
Intercore-Productions/Core-Bot
< dffe050d565a580edfcd0242efa45da88ab31260
Published
Nov 26, 2025
Tracked Since
Feb 18, 2026