CVE-2024-37154 Evmos allows unvested token delegations

2024-06-0619:04:08

CWE-285

GitHub_M

www.cve.org

evmos

ethereum virtual machine

cosmos network

token delegations

clawbackvestingaccount

vulnerability

18.1.0

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. This affects 18.1.0 and earlier.

CNA Affected

[
  {
    "vendor": "evmos",
    "product": "evmos",
    "versions": [
      {
        "version": "<= 18.1.0",
        "status": "affected"
      }
    ]
  }
]