Vulnerability Details CVE-2020-5232
A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.8%
CVSS Severity
CVSS v3 Score 8.7
CVSS v2 Score 4.9
References
- https://github.com/ensdomains/ens/commit/36e10e71fcddcade88646821e0a57cc6c19e1ecf
- https://github.com/ensdomains/ens/security/advisories/GHSA-8f9f-pc5v-9r5h
- https://github.com/ensdomains/ens/commit/36e10e71fcddcade88646821e0a57cc6c19e1ecf
- https://github.com/ensdomains/ens/security/advisories/GHSA-8f9f-pc5v-9r5h
Products affected by CVE-2020-5232
-
cpe:2.3:a:ens.domains:ethereum_name_service:-
-
cpe:2.3:a:ens.domains:ethereum_name_service:0.0.21
-
cpe:2.3:a:ens.domains:ethereum_name_service:0.0.22