QwikSec

Security Database

CVE

CWE

Training

CVE-2025-46552

Published: Apr 29, 2025

Modified: Apr 30, 2025

PUBLISHED

Description

KHC-INVITATION-AUTOMATION is a GitHub automation script that automatically invites followers of a bot account to join your organization. In some commits on version 1.2, a vulnerability was identified where user data, including email addresses and Discord usernames, were exposed in API responses without proper access controls. This allowed unauthorized users to access sensitive user information by directly calling specific endpoints. This issue has been patched in a later commit on version 1.2.

Vendor	Product	Versions
Krypto-Hashers-Community	KHC-INVITATION-AUTOMATION	affected `< 1.3`

Weaknesses (CWE)

References

https://github.com/Krypto-Hashers-Community/KHC-INVITATION-AUTOMATION/security/advisories/GHSA-7mpf-6gg2-2fjp

x_refsource_CONFIRM

https://github.com/Krypto-Hashers-Community/KHC-INVITATION-AUTOMATION/commit/bc908a4ef538b24d4543ae95a413be6afa308bf5

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.