Описание
RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This enables token manipulation, as exploited in the wild in February 2022. NOTE: although 2022-02-17 is the vendor's vulnerability announcement date, the vulnerability will not be remediated until a major protocol upgrade occurs.
Ссылки
- ProductThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- ProductThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2022-02-17 (включая)
cpe:2.3:a:rigoblock:drago:*:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00364
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863
Связанные уязвимости
CVSS3: 7.5
github
почти 4 года назад
RigoBlock Dragos through 2022-02-17 lacks the onlyOwner modifier for setMultipleAllowances. This enables token manipulation, as exploited in the wild in February 2022. NOTE: although 2022-02-17 is the vendor's vulnerability announcement date, the vulnerability will not be remediated until a major protocol upgrade occurs.
EPSS
Процентиль: 58%
0.00364
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863