{"id":"GHSA-j257-jfvv-h3x5","summary":"Privilege Escalation in Channelmgnt plug-in for Sopel","details":"### Impact\nMalicious users are able to op/voice and take over a channel\n\n### Patches\nOn version 1.0.3\n\n### Workarounds\nDisable channelmgnt\n\n### References\nhttps://phab.bots.miraheze.wiki/T117\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Email us at [staff(at)mirahezebots(dot)org](mailto:staff@mirahezebots.org)","aliases":["CVE-2020-15251","GHSA-23pc-4339-95vg","PYSEC-2020-110"],"modified":"2026-03-10T23:14:00.369939070Z","published":"2020-10-13T17:30:30Z","related":["CVE-2020-15251"],"database_specific":{"nvd_published_at":"2020-10-13T18:15:00Z","github_reviewed_at":"2020-10-13T17:08:31Z","github_reviewed":true,"severity":"MODERATE","cwe_ids":["CWE-862","CWE-863"]},"references":[{"type":"WEB","url":"https://github.com/MirahezeBots/MirahezeBots/security/advisories/GHSA-23pc-4339-95vg"},{"type":"WEB","url":"https://github.com/MirahezeBots/sopel-channelmgnt/security/advisories/GHSA-j257-jfvv-h3x5"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15251"},{"type":"WEB","url":"https://github.com/MirahezeBots/sopel-channelmgnt/pull/3"},{"type":"PACKAGE","url":"https://github.com/MirahezeBots/MirahezeBots"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/sopel-plugins-channelmgnt/PYSEC-2020-110.yaml"},{"type":"WEB","url":"https://phab.bots.miraheze.wiki/T117"},{"type":"WEB","url":"https://phab.bots.miraheze.wiki/phame/live/1/post/1/summary"},{"type":"WEB","url":"https://pypi.org/project/sopel-plugins.channelmgnt"}],"affected":[{"package":{"name":"sopel-plugins-channelmgnt","ecosystem":"PyPI","purl":"pkg:pypi/sopel-plugins-channelmgnt"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.3"}]}],"versions":["1.0.0","1.0.1","1.0.2"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/10/GHSA-j257-jfvv-h3x5/GHSA-j257-jfvv-h3x5.json"}},{"package":{"name":"sopel-plugins-channelmgnt","ecosystem":"PyPI","purl":"pkg:pypi/sopel-plugins-channelmgnt"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.3"}]}],"versions":["1.0.0","1.0.1","1.0.2"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/10/GHSA-j257-jfvv-h3x5/GHSA-j257-jfvv-h3x5.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N"}]}