CVE-2024-35237
📋 TL;DR
This vulnerability in MIT IdentiBot allows unauthorized Discord servers to execute commands that reveal personal information of verified MIT affiliates. It affects all users who have verified with vulnerable instances of the bot that use public Discord applications. The flaw enables data exposure without proper server authorization checks.
💻 Affected Systems
- MIT IdentiBot
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Mass exposure of MIT affiliates' full names and personal information across multiple Discord servers, potentially enabling targeted harassment, doxxing, or identity theft.
Likely Case
Unauthorized users creating Discord servers with the vulnerable bot to harvest personal information of MIT community members.
If Mitigated
No data exposure occurs as only authorized servers can execute commands that access user information.
🎯 Exploit Status
Exploitation requires adding the vulnerable bot to a Discord server and executing simple slash commands like /kerbid. No technical expertise needed beyond basic Discord server administration.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e
Vendor Advisory: https://github.com/ZelnickB/mit-identibot/security/advisories/GHSA-h8r9-7r8x-78v6
Restart Required: Yes
Instructions:
1. Pull the latest code from the GitHub repository
2. Update to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e or later
3. Restart the IdentiBot application
4. Verify the patch is applied by checking server authorization functionality
🔧 Temporary Workarounds
Take Bot Offline
allImmediately stop the vulnerable IdentiBot instance to prevent data exposure
pm2 stop identibot
systemctl stop identibot
kill [identibot_pid]
Convert to Private Discord Application
allChange Discord application settings to private to prevent unauthorized server additions
🧯 If You Can't Patch
- Take the vulnerable IdentiBot instance completely offline immediately
- Notify all verified users about potential data exposure and recommend they monitor for misuse of their information
🔍 How to Verify
Check if Vulnerable:
Check if your IdentiBot instance is running code prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e and if it's configured as a public Discord application.Check Version:
git log --oneline -1Verify Fix Applied:
Test that slash commands like /kerbid only work in authorized Discord servers after applying the patch.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns from unauthorized Discord servers
- Multiple /kerbid or similar commands from new/unexpected servers
Network Indicators:
- Bot responding to commands from servers not in authorized list
SIEM Query:
source="identibot" AND (command="/kerbid" OR command="/verify") AND server_id NOT IN [authorized_server_ids]🔗 References
- https://github.com/ZelnickB/mit-identibot/commit/48e3e5e7ead6777fa75d57c7711c8e55b501c24e
- https://github.com/ZelnickB/mit-identibot/security/advisories/GHSA-h8r9-7r8x-78v6
- https://github.com/ZelnickB/mit-identibot/commit/48e3e5e7ead6777fa75d57c7711c8e55b501c24e
- https://github.com/ZelnickB/mit-identibot/security/advisories/GHSA-h8r9-7r8x-78v6
