Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eggheads | eggdrop_irc_bot | 1.6.11 |
| eggheads | eggdrop_irc_bot | 1.6.13 |
| eggheads | eggdrop_irc_bot | 1.6.14 |
| eggheads | eggdrop_irc_bot | 1.6.15 |
| eggheads | eggdrop_irc_bot | 1.6.12 |
| eggheads | eggdrop_irc_bot | 1.6.10 |
The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| eggheads | eggdrop_docker_image | 1.8.2 |
| eggheads | eggdrop_docker_image | 1.8.3 |
| eggheads | eggdrop_docker_image | 1.8.0 |
| eggheads | eggdrop_docker_image | 1.8.4 |
| eggheads | eggdrop_docker_image | 1.6.21 |
| eggheads | eggdrop_docker_image | 1.6 |
| eggheads | eggdrop_docker_image | 1.8.1 |