CVE-2022-39302 Ree6 is a moderation bot. It would allow other server owners to create configurations such as "Better Audit Logging," which contains a channel from another server as a target.

Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds. Vulnerabilities in the Ree6 moderation system allow a malicious server owner to create a configuration that would affect all users of the server. This could mean that all players on that server would be subjected to the server owner's advertising. Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds. Vulnerabilities in the Ree6 moderation system allow a malicious server owner to create a configuration that would affect all users of the server. This could mean that all players on that server would be subjected to the server owner's advertising. Ree6 is a moderation bot

Overview of the Vulnerability

The vulnerability could allow a malicious server owner to create a configuration that would affect all users on a server, such as "Better-Audit-Logging" which contains a channel from another server. This configuration would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message would allow spamming and mass advertisements. This issue has been patched in version 1.9.9, but there is currently no known workaround.

Ree6 is an automated moderation bot for Guild Wars 2 servers that can be exploited by malicious server owners to send messages or commands to any channel without authorization. By exploiting this vulnerability, other servers would be able to spam or advertise on the affected server without being seen by the affected players.

Summary of Vulnerability

Ree6 is a moderation bot. This vulnerability would allow other server owners to create configurations such as "Better-Audit-Logging" which contain a channel from another server as a target. This would mean you could send log messages to another Guild channel and bypass raid and webhook protections. A specifically crafted log message could allow spamming and mass advertisements. This issue has been patched in version 1.9.9. There are currently no known workarounds. Vulnerabilities in the Ree6 moderation system allow a malicious server owner to create a configuration that would affect all users of the server. This could mean that all players on that server would be subjected to the server owner's advertising.

How to create a configuration that affects all users

There are two ways to create a configuration that affects all users:
- They will be forced to put a specific config.yml in their config folder.
- They will be forced to set the value of the "config" variable on the server.yml to false and restart their server.
If you are not sure how your server is configured, you can use this script to analyze your server's configs.

Timeline

Published on: 10/14/2022 00:15:00 UTC
Last modified on: 10/17/2022 14:47:00 UTC

References

• https://github.com/Ree6-Applications/Ree6/security/advisories/GHSA-v574-xgcf-5w8x
• https://github.com/Ree6-Applications/Ree6/commit/459b5bc24f0ea27e50031f563373926e94b9aa0a
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39302