CVE-2020-15251
Summary
| CVE | CVE-2020-15251 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-10-13 18:15:00 UTC |
|---|
| Updated | 2021-11-18 16:58:00 UTC |
|---|
| Description | In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2 includes 1.0.3 of channelmgnt, and thus is safe from this vulnerability. See referenced GHSA-23pc-4339-95vg. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| sopel-plugins.channelmgnt · PyPI |
MISC |
pypi.org |
Release Notes, Third Party Advisory |
| [SECURITY] Actually fix by RhinosF1 · Pull Request #3 · MirahezeBots/sopel-channelmgnt · GitHub |
MISC |
github.com |
Patch, Third Party Advisory |
| ⚓ T117 [CVE-2020-15251] makemodechange failed to check access on restricted changes for self actions allowing ACL bypass {Version 9.0.0 - 9.0.2} |
MISC |
phab.bots.miraheze.wiki |
Issue Tracking, Patch, Vendor Advisory |
| Privilege Escalation issue in makemodechange self action logic · Advisory · MirahezeBots/MirahezeBots · GitHub |
MISC |
github.com |
Vendor Advisory |
| ✩ Summary |
MISC |
phab.bots.miraheze.wiki |
Vendor Advisory |
| Privilege Escalation issue in makemodechange self action logic · Advisory · MirahezeBots/sopel-channelmgnt · GitHub |
CONFIRM |
github.com |
Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 980063 Python (pip) Security Update for sopel_plugins.channelmgnt (GHSA-j257-jfvv-h3x5)
