CVE-2020-5232
HIGHENS Domains < 0.1.0 and ensdomains/ens < 0.4.0 - Improper Authorization via Ownership Transfer Trapdoor
Title source: llmDescription
A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/ensdomains/ens/security/advisories/GHSA-8f9f-pc5v-9r5h
Patch, Third Party Advisory x_refsource_misc
https://github.com/ensdomains/ens/commit/36e10e71fcddcade88646821e0a57cc6c19e1ecf
Scores
CVSS v3
8.7
EPSS
0.0118
EPSS Percentile
63.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Details
CWE
CWE-285
Status
published
Products (2)
ens.domains/ethereum_name_service
< 0.1.0
ensdomains/ens
0 - 0.4.0npm
Published
Jan 31, 2020
Tracked Since
Feb 18, 2026