Lucene search

Veracode Vulnerability DatabaseVERACODE:47460

HistoryJun 11, 2024 - 6:06 a.m.

Improper Authorization

2024-06-1106:06:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

github

evmos

vulnerability

authorization

tokens

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

github.com/evmos/evmos is vulnerable to Improper Authorization. The vulnerability is due to the absence of proper checks to prevent the delegation of unvested tokens, which enables attackers to prematurely access and utilize these tokens in ways not intended by the vesting agreements.

CPENameOperatorVersion
github.com/evmos/evmoslev18.0.0
github.com/evmos/evmoslev18.0.0

CPE	Name	Operator	Version
	github.com/evmos/evmos	le	v18.0.0
	github.com/evmos/evmos	le	v18.0.0

References

github.com/evmos/evmos/security/advisories/GHSA-7hrh-v6wp-53vw

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VERACODE:47460