CVE-2018-17111

{"id": "CVE-2018-17111", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-09-18T21:29:03.933", "references": [{"url": "https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17111", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17111", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use this onlyOwner modifier, because the comparison between msg.sender and owner is incorrect."}, {"lang": "es", "value": "El modificador onlyOwner de una implementaci\u00f3n de contrato inteligente para Coinlancer (CL), un token de Ethereum ERC20, tiene una potencial vulnerabilidad de control de acceso. Todos los usuarios del contrato pueden acceder a funciones que emplean este modificador onlyOwner, debido a que la comparaci\u00f3n entre msg.sender y owner es incorrecta."}], "lastModified": "2024-11-21T03:53:54.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:coinlancer:coinlancer:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2318BB44-736A-460D-8489-BE159858474E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}