CVE-2022-21669

Summary

PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are planning to update code to reflect this change at a later date.

Affected Software

VendorProductVersion RangeStatus
PuddingBotpudding-bot<= 0.0.6-b933652affected

Weaknesses

  • CWE-798: CWE-798: Use of Hard-coded Credentials

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References