CVE-2018-17111

EUVD-2018-8889
The onlyOwner modifier of a smart contract implementation for Coinlancer (CL), an Ethereum ERC20 token, has a potential access control vulnerability. All contract users can access functions that use this onlyOwner modifier, because the comparison between msg.sender and owner is incorrect.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
coinlancercoinlancer
-
𝑥
= Vulnerable software versions
References
https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17111
https://github.com/TEAM-C4B/CVE-LIST/tree/master/CVE-2018-17111