CVE-2024-37154 Evmos allows unvested token delegations

2024-06-0619:04:08

CWE-285

GitHub_M

github.com

evmos

vulnerability

unvested tokens

delegations

employees

grantees

clawbackvestingaccount

cosmos network

ethereum virtual machine

18.1.0

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via ClawbackVestingAccount. This affects 18.1.0 and earlier.

CNA Affected

[
  {
    "vendor": "evmos",
    "product": "evmos",
    "versions": [
      {
        "version": "<= 18.1.0",
        "status": "affected"
      }
    ]
  }
]