CVE-2024-45304
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2024-45304 affects Cairo-Contracts developed by OpenZeppelin for the Starknet decentralized ZK Rollup platform, allowing unauthorized ownership transfers when the original owner renounces ownership. This vulnerability permits an unintended party to gain control of a contract, posing a significant security risk if exploited by a malicious actor who could simulate relinquishing ownership to reclaim it later. The issue has been addressed in release version 0.16.0, and all users are strongly advised to upgrade, as there are no known workarounds available. The exploitability of this vulnerability is rated as medium, with a base score of 5.3 and high integrity impact. Organizations utilizing affected products should prioritize remediation to mitigate potential risks associated with unauthorized control over smart contracts.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.