How severe is CVE-2021-32646?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2021-32646?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2021-32646 - HIGH Severity | CVSS 7.3

Vulnerability Description

Roomer is a discord bot cog (extension) which provides automatic voice channel generation as well as private voice and text channels. A vulnerability has been discovered allowing discord users to get the ``manage channel`` permissions in a private VC they have joined. This allowed them to make changes to or delete the voice channel they have taken over. The exploit does not allow access or control to any other channels in the server. Upgrade to version 1.0.1 for a patched version of the cog. As a workaround you may disable private VCs in your guild(server) or unload the roomer cog to render the exploit unusable.

Related Vulnerabilities

CVE-2014-0097

HIGH

CVSS:7.3(High)

The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 and 3.1.0 to 3.1.5 does not check the password length. If the directory allows anonymous binds then it may incorrectly authentica...

CWE-2872014

CVE-2015-1772

HIGH

CVSS:7.3(High)

The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, mishandles simple unauthe...

CWE-2872015

CVE-2016-0755

HIGH

CVSS:7.3(High)

The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via...

CWE-2872016

CVE-2016-1502

HIGH

CVSS:7.3(High)

NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to partially bypass authentication and then list and delete backups via unspecified vectors.

CWE-2872016

CVE-2016-4860

HIGH

CVSS:7.3(High)

Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not require authentication for Logic Designer connections, which allows remote attackers to reconfigure the device or cause a denial of ser...

CWE-2872016

CVE-2016-6474

HIGH

CVSS:7.3(High)

A vulnerability in the implementation of X.509 Version 3 for SSH authentication functionality in Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass authentication ...

CWE-2872016