CVE-2018-12056

{"id": "CVE-2018-12056", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2018-08-15T17:29:00.610", "references": [{"url": "https://lists.apache.org/thread.html/a62aa2706105d68f1c02023fe24aaa3c13b4d8a1826181fed07d9682%40%3Cnotifications.zookeeper.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://medium.com/%40jonghyk.song/to-be-a-winner-of-ethereum-gambling-game-all-for-one-by-breaking-prng-1ab011163d40", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-338"}]}], "descriptions": [{"lang": "en", "value": "The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards."}, {"lang": "es", "value": "La funci\u00f3n maxRandom de la implementaci\u00f3n de contrato inteligente para All For One, un juego de apuestas de Ethereum, genera un valor aleatorio con variables legibles p\u00fablicamente porque se puede recuperar el valor _seed con una llamada getStorageAt. Por lo tanto, permite que los atacantes siempre ganen y obtengan premios."}], "lastModified": "2023-11-07T02:52:01.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:all-for-one:all_for_one:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9DA85DC-8AAF-42C1-9199-5824B1332F16"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}