CVE-2020-15251

Advisory

Sopel-plugins-channelmgnt v1.0.3 includes a fix for CVE-2020-15251: In the Channelmgnt plugin for Sopel before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability.
https://github.com/MirahezeBots/sopel-channelmgnt/security/advisories/GHSA-j257-jfvv-h3x5
https://github.com/MirahezeBots/sopel-channelmgnt/pull/3

Affected package

Affected versions

Fixed versions

Vulnerability changelog

In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version 1.0.3, malicious users are able to op/voice and take over a channel. This is an ACL bypass vulnerability.


CONFIRM:https://github.com/MirahezeBots/sopel-channelmgnt/security/advisories/GHSA-j257-jfvv-h3x5: https://github.com/MirahezeBots/sopel-channelmgnt/security/advisories/GHSA-j257-jfvv-h3x5
MISC:https://github.com/MirahezeBots/sopel-channelmgnt/pull/3: https://github.com/MirahezeBots/sopel-channelmgnt/pull/3
MISC:https://phab.bots.miraheze.wiki/T117: https://phab.bots.miraheze.wiki/T117
MISC:https://pypi.org/project/sopel-plugins.channelmgnt/: https://pypi.org/project/sopel-plugins.channelmgnt/

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15251
• https://pypi.org/project/sopel-plugins.channelmgnt/
• https://phab.bots.miraheze.wiki/T117
• https://github.com/MirahezeBots/sopel-channelmgnt/pull/3
• https://github.com/MirahezeBots/sopel-channelmgnt/security/advisories/GHSA-j257-jfvv-h3x5
• https://github.com/MirahezeBots/MirahezeBots/security/advisories/GHSA-23pc-4339-95vg
• https://phab.bots.miraheze.wiki/phame/live/1/post/1/summary/