Discord Recon
CVE-2021-29466
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information. As a workaround, a bot maintainer can locate the file app.py and add .replace('..', '') into the Path variable inside of the recon function. The vulnerability is patched in version 0.0.4.
AnalysisAI
Discord-Recon is a bot for the Discord chat service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-24. Discord-Recon is a bot for the Discord chat service. In versions of Discord-Recon 0.0.3 and prior, a remote attacker is able to read local files from the server that can disclose important information. As a workaround, a bot maintainer can locate the file app.py and add .replace('..', '') into the Path variable inside of the recon function. The vulnerability is patched in version 0.0.4. Affected products include: Discord Discord-Recon. Version information: version 0.0.4..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Discord Recon
View allDiscord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Rated high severity (
Discord-Recon is a bot for the Discord chat service. Rated critical severity (CVSS 9.8), this vulnerability is remotely
Discord Recon Server is a bot that allows one to do one's reconnaissance process from one's Discord. Rated high severity
Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a dis
Same weakness CWE-24 – Path Traversal: '../filedir'
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today