← Retour aux CVEs

CVE-2021-39167

CRITICAL

10.0

Description

OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role from accounts not strictly under the team's control. We recommend revoking all executors that are not also proposers. When applying this mitigation, ensure there is at least one proposer and executor remaining.

Details CVE

Score CVSS v3.110.0

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie8/27/2021

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

openzeppelin:contracts

Faiblesses (CWE)

CWE-269CWE-269

References

https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431(security-advisories@github.com)

https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5(security-advisories@github.com)

https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-fg47-3c2x-m2wr(security-advisories@github.com)

https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/CHANGELOG.md#431(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/OpenZeppelin/openzeppelin-contracts/commit/cec4f2ef57495d8b1742d62846da212515d99dd5(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-fg47-3c2x-m2wr(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.