How severe is CVE-2024-39696?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2024-39696?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2024-39696 - HIGH Severity | CVSS 8.1

Vulnerability Description

Evmos is a decentralized Ethereum Virtual Machine chain on the Cosmos Network. Prior to version 19.0.0, a user can create a vesting account with a 3rd party account (EOA or contract) as funder. Then, this user can create an authorization for the contract.CallerAddress, this is the authorization checked in the code. But the funds are taken from the funder address provided in the message. Consequently, the user can fund a vesting account with a 3rd party account without its permission. The funder address can be any address, so this vulnerability can be used to drain all the accounts in the chain. The issue has been patched in version 19.0.0.

Related Vulnerabilities

CVE-2013-4862

HIGH

CVSS:8.1(High)

MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) o...

CWE-8632013

CVE-2014-7914

HIGH

CVSS:8.1(High)

btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via c...

CWE-8632014

CVE-2017-3891

HIGH

CVSS:8.1(High)

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QN...

CWE-8632017

CVE-2018-1000197

HIGH

CVSS:8.1(High)

An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Bla...

CWE-8632018

CVE-2019-7639

HIGH

CVSS:8.1(High)

An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect passwo...

CWE-8632019

CVE-2020-15110

HIGH

CVSS:8.1(High)

In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. Th...

CWE-8632020