Lucene search

K
githubGitHub Advisory DatabaseGHSA-399H-CMVP-QGX5
HistoryJun 29, 2021 - 9:32 p.m.

Incorrect Default Permissions in Binance tss-lib

2021-06-2921:32:11
CWE-276
GitHub Advisory Database
github.com
37

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

51.3%

The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties.

Specific Go Packages Affected

github.com/binance-chain/tss-lib/ecdsa/keygen

Affected configurations

Vulners
Node
github_advisory_databasegithub.com\/binance-chain\/tss-libRange<1.2.0

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

51.3%

Related for GHSA-399H-CMVP-QGX5