Guild member objects can be edited regardless of right/permission.

Summary

A PATCH request to /guilds/:id/members/:id allows any user regardless of rights to edit any other user's nickname, guild profile bio, or guild avatar.

Mitigation

This is fixed as of commit 51239d6

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Guild member objects can be edited regardless of right/permission.

Package

Affected versions

Patched versions

Description

Summary

Mitigation

Severity

CVE ID

Weaknesses

Credits