add CVE-2020-5232 for GHSA-8f9f-pc5v-9r5h

2025-08-04 08:44:25 +00:00 · 2020-01-30 16:52:58 -07:00 · 2020-01-30 16:52:58 -07:00 · 765f2a7e99
commit 765f2a7e99
parent a9dc41cec3
1 changed files with 76 additions and 6 deletions
--- a/2020/5xxx/CVE-2020-5232.json
+++ b/2020/5xxx/CVE-2020-5232.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-5232",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Ethereum Name Service - Malicious takeover of previously owned ENS names"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "@ensdomains/ens",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< 0.4.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "ensdomains"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness.\n\nA new ENS deployment is being rolled out that fixes this vulnerability in the ENS registry."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 8.7,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-285: Improper Authorization"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/ensdomains/ens/security/advisories/GHSA-8f9f-pc5v-9r5h",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/ensdomains/ens/security/advisories/GHSA-8f9f-pc5v-9r5h"
+            },
+            {
+                "name": "https://github.com/ensdomains/ens/commit/36e10e71fcddcade88646821e0a57cc6c19e1ecf",
+                "refsource": "MISC",
+                "url": "https://github.com/ensdomains/ens/commit/36e10e71fcddcade88646821e0a57cc6c19e1ecf"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-8f9f-pc5v-9r5h",
+        "discovery": "UNKNOWN"
    }
 }