CVE-2020-5232

Опубликовано: 31 янв. 2020

Источник: nvd

CVSS3: 8.7

CVSS2: 4.9

EPSS Низкий

Описание

A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry.

Ссылки

https://github.com/ensdomains/ens/commit/36e10e71fcddcade88646821e0a57cc6c19e1ecf
Patch
Third Party Advisory
https://github.com/ensdomains/ens/security/advisories/GHSA-8f9f-pc5v-9r5h
Third Party Advisory
https://github.com/ensdomains/ens/commit/36e10e71fcddcade88646821e0a57cc6c19e1ecf
Patch
Third Party Advisory
https://github.com/ensdomains/ens/security/advisories/GHSA-8f9f-pc5v-9r5h
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ens.domains:ethereum_name_service:*:*:*:*:*:*:*:*

Версия до 0.1.0 (включая)

EPSS

Процентиль: 50%

0.00269

Низкий

8.7 High

CVSS3

4.9 Medium

CVSS2

Дефекты

CWE-285

NVD-CWE-Other

Связанные уязвимости

GHSA-8f9f-pc5v-9r5h