Auto-merge PR#3169

2025-08-04 08:44:25 +00:00 · 2020-01-30 18:55:19 -05:00 · 2020-01-30 18:55:19 -05:00 · 4c666110a8
commit 4c666110a8
parent 8f9423062c 765f2a7e99
1 changed files with 76 additions and 6 deletions
--- a/2020/5xxx/CVE-2020-5232.json
+++ b/2020/5xxx/CVE-2020-5232.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-5232",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Ethereum Name Service - Malicious takeover of previously owned ENS names"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "@ensdomains/ens",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< 0.4.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "ensdomains"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness.\n\nA new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 8.7,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-285: Improper Authorization"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/ensdomains/ens/security/advisories/GHSA-8f9f-pc5v-9r5h",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/ensdomains/ens/security/advisories/GHSA-8f9f-pc5v-9r5h"
+            },
+            {
+                "name": "https://github.com/ensdomains/ens/commit/36e10e71fcddcade88646821e0a57cc6c19e1ecf",
+                "refsource": "MISC",
+                "url": "https://github.com/ensdomains/ens/commit/36e10e71fcddcade88646821e0a57cc6c19e1ecf"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-8f9f-pc5v-9r5h",
+        "discovery": "UNKNOWN"
    }
 }