Lucene search

[email protected]CVE-2024-37159

HistoryJun 17, 2024 - 2:15 p.m.

CVE-2024-37159

2024-06-1714:15:10

CWE-285

[email protected]

web.nvd.nist.gov

evmos

validator creation

vulnerability

cosmos network

fixed

18.0.0

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

3.7 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. This vulnerability allowed a user to create a validator using vested tokens to deposit the self-bond. This vulnerability is fixed in 18.0.0.

Affected configurations

Vulners

Node

evmosevmosRange<18.0.0

CNA Affected

[
  {
    "vendor": "evmos",
    "product": "evmos",
    "versions": [
      {
        "version": "< 18.0.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/evmos/evmos/commit/b2a09ca66613d8b04decd3f2dcba8e1e77709dcb

github.com/evmos/evmos/security/advisories/GHSA-pxv8-qhrh-jc7v

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

3.7 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-37159

nvd1 cvelist1 veracode1 osv5