CVE-2024-37159 LOW

CVE-2024-37159: Evmos is missing create validator check

Vendor Evmos

Product evmos

Weakness CWE-285

Published June 17, 2024

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. This vulnerability allowed a user to create a validator using vested tokens to deposit the self-bond. This vulnerability is fixed in 18.0.0.

Key dates

02Disclosure timeline

June 17, 2024 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-37159

Related vulnerabilities

04Related CVE

CVE-2025-13576 code-projects Blog Site admin.php improper authorization CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer CVE-2026-10269 decolua 9router HTTP Header dashboardGuard.js isAuthenticated improper authorization CVE-2020-3386 Cisco Data Center Network Manager Improper Authorization Vulnerability CVE-2026-1894 WeKan REST API checklistItems.js Checklist REST Bleed improper authorization