CVE-2024-31442

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Apr 8, 2024
CWE ID 276

Summary

CVE-2024-31442 is a vulnerability affecting Redon Hub, a Roblox Product Delivery Bot. Prior to version 1.0.2, all commands in the hub were not properly restricted, enabling all users, including non-admin ones, to execute admin commands.这个漏洞导致用户能够免费获得商品而且能够创建、更新商品、标签等。仅有一个命令 `/products admin clear` 未受影响,因为它之前就已经限制为bot拥有者使用。所有用户应升级到版本1.0.2以获得修补程序。 This vulnerability, identified as CVE-2024-31442, lies in the Redon Hub, a Roblox Product Delivery Bot. Before version 1.0.2, all commands within the hub were not adequately secured, giving all users, including non-admins, the ability to perform admin commands. Consequently, users could obtain products for free and manipulate products, tags, and more. Only the command `/products admin clear` remained unaltered, as it had already been restricted for bot owners. Users are urged to upgrade to version 1.0.2 to receive the patch. CVE-2024-31442 refers to a vulnerability in the Redon Hub, a popular Roblox Product Delivery Bot. In versions prior to 1.0.2, all commands were accessible to all users, including non-admin ones, permitting them to execute admin commands. As a result, users could acquire products for free and manage items, tags, and more. The command `/products admin clear` was the exception as it had previously been limited to bot owners. All users are advised to update to version 1.0.2 to apply the patch. The recently discovered CVE-2024-31442 impacted the Redon Hub, a commonly used Roblox Product Delivery Bot. Versions preceding 1.0.2 were susceptible to this issue, as all commands could be executed by all users, including non-admins. This vulnerability granted users the ability to obtain free products and manipulate items, tags, and more. The command `/products admin clear` was the sole exception, as it had already been restricted to bot owners. To address this issue, all users should update to version 1.0.2 and install the patch. A recently uncovered vulnerability, CVE-2024-31442, was found in the Redon Hub, a widely-used Roblox Product Delivery Bot. Prior to version 1.0.2, all commands in the hub were open to all users, including non-admins, leading to the execution of admin commands. With this vulnerability, users could acquire free products and manage items, tags, and more. The command `/products admin clear` was the lone exception as it had already been restricted to bot owners. To mitigate this risk, all users must upgrade to version 1.0.2 and apply the patch.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share