Vulnerabilities > CVE-2022-47547 - Improper Preservation of Permissions vulnerability in Protocol Gossipsub 1.1

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

protocol

CWE-281

NVD

Published: 2022-12-19

Updated: 2023-01-04

Summary

GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages.

Vulnerable Configurations

Part	Description	Count
Application	Protocol Protocol Gossipsub 1.1	1

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://arxiv.org/pdf/2212.05197.pdf