How severe is CVE-2023-34234?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-34234?

This is classified as CWE-862, which is a common weakness in software security.

CVE-2023-34234 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the `Governor` contract in v4.9.0 only, and the `GovernorCompatibilityBravo` contract since v4.3.0. This problem has been patched in 4.9.1 by introducing opt-in frontrunning protection. Users are advised to upgrade. Users unable to upgrade may submit the proposal creation transaction to an endpoint with frontrunning protection as a workaround.

Related Vulnerabilities

CVE-2017-1000105

MEDIUM

CVSS:5.3(Medium)

The optional Run/Artifacts permission can be enabled by setting a Java system property. Blue Ocean did not check this permission before providing access to archived artifacts, Item/Read permission was...

CWE-8622017

CVE-2017-8217

MEDIUM

CVSS:5.3(Medium)

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface.

CWE-8622017

CVE-2018-1000022

MEDIUM

CVSS:5.3(Medium)

Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to version 3.0.5 contains a Missing Authorization vulnerability in JSONRPC interface that can result in Bitcoin theft, if the user's wa...

CWE-8622018

CVE-2018-10207

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted...

CWE-8622018

CVE-2018-18004

MEDIUM

CVSS:5.3(Medium)

Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL paramet...

CWE-8622018

CVE-2018-21257

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API.

CWE-8622018