CVE-2024-31442
CVSS V2 None
CVSS V3 None
Description
Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch.
Overview
- CVE ID
- CVE-2024-31442
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-04-08T15:33:19.831Z
- Last Modified Date
- 2024-06-04T17:37:19.640Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/Redon-Tech/Redon-Hub/security/advisories/GHSA-3rx8-6453-7q26 | x_refsource_CONFIRM |
| https://github.com/Redon-Tech/Redon-Hub/commit/38cb7c08d4d890e8a1badadbd46f459f06e3cdcd | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-31442 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31442 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 22:54:17 | Added to TrackCVE |