VDB

CVE-2020-15251

CVE-2020-15251 PUBLISHED

In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability. This plugin is bundled with MirahezeBot-Plugins with versions from 9.0.0 and less than 9.0.2 affected. Version 9.0.2 includes 1.0.3 of channelmgnt, and thus is safe from this vulnerability. See referenced GHSA-23pc-4339-95vg.

EPSS 0.25% · 48.7th percentile

Risk Scores

EPSS Score
0.25%
48.7th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSsopel0, 6.1.1-1, 6.3.0-1
Ubuntu:22.04:LTSsopel0, 6.6.9-1, 6.6.9-2
Ubuntu:20.04:LTSsopel0, 6.6.9-1, 6.6.3-2
Ubuntu:18.04:LTSsopel0, 6.5.0-1

Exploit Intelligence

Timeline

  • Oct 13, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Jun 28, 2021 VulnCheck KEV Exploitation
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›