CVE-2024-37154
MEDIUMevmos - Improper Authorization in ClawbackVestingAccount
Title source: llmDescription
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via `ClawbackVestingAccount`. This affects 18.1.0 and earlier.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/evmos/evmos/security/advisories/GHSA-7hrh-v6wp-53vw
Scores
CVSS v3
5.3
EPSS
0.0038
EPSS Percentile
29.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-285
CWE-863
Status
published
Products (2)
evmos/evmos
evmos/evmos
0 (13 CPE variants)Go
Published
Jun 06, 2024
Tracked Since
Feb 18, 2026