Quest Bot: Logging module can disclose private-channel message contents to...

5.7 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can see, including private channels the configuring user cannot access. This issue has been patched in version 1.0.4.

Basic Information

ID CVE-2026-47176

Source GitHub_M

Published Jun 11, 2026 at 18:29

Affected Product

Vendor duck-organization

Product quest-bot

Version < 1.0.4

Affected Versions duck-organization quest-bot < 1.0.4

CWE Classification

CWE-200

References

{
    "lastseen": "",
    "description": "Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channel they can read. The bot then logs deleted and edited message contents from every channel it can see, including private channels the configuring user cannot access. This issue has been patched in version 1.0.4.",
    "published": "2026-06-11T18:29:55.933Z",
    "modified": "2026-06-11T18:29:55.933Z",
    "type": "cve",
    "title": "Quest Bot: Logging module can disclose private-channel message contents to a lower-visibility log channel",
    "source": "GitHub_M",
    "references": "https://github.com/duck-organization/questbot/security/advisories/GHSA-fvvp-8g5q-hrc7\nhttps://github.com/duck-organization/questbot/releases/tag/questbot-v1.0.4",
    "id": "CVE-2026-47176",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "duck-organization quest-bot < 1.0.4",
    "sourceHref": "",
    "cvss": {
        "score": 5.7,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "quest-bot",
    "version": "< 1.0.4",
    "vendor": "duck-organization",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Quest Bot: Logging module can disclose private-channel message contents to a lower-visibility log channel_CVE-2026-47176