Search criteria
9 vulnerabilities found for ursa by hyperledger
FKIE_CVE-2024-22192
Vulnerability from fkie_nvd - Published: 2024-01-16 22:15 - Updated: 2024-11-21 08:55
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a verifiable presentation that includes a Non-Revocation proof. The impact of the flaw is that a malicious verifier may be able to determine a unique identifier for a holder presenting a Non-Revocation proof. Ursa has moved to end-of-life status and no fix is expected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hyperledger | ursa | 0.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hyperledger:ursa:0.1.0:*:*:*:*:rust:*:*",
"matchCriteriaId": "8997F554-6E18-4F21-B042-4954CD22436D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a verifiable presentation that includes a Non-Revocation proof. The impact of the flaw is that a malicious verifier may be able to determine a unique identifier for a holder presenting a Non-Revocation proof. Ursa has moved to end-of-life status and no fix is expected."
},
{
"lang": "es",
"value": "Ursa es una librer\u00eda criptogr\u00e1fica para usar con blockchains. El esquema de revocaci\u00f3n que forma parte de las implementaciones de Ursa CL-Signatures tiene un fallo que podr\u00eda afectar las garant\u00edas de privacidad definidas por el modelo de credenciales verificables de AnonCreds. En particular, un verificador malicioso puede generar un identificador \u00fanico para un titular que proporcione una presentaci\u00f3n verificable que incluya una prueba de no revocaci\u00f3n. El impacto del fallo es que un verificador malicioso puede determinar un identificador \u00fanico para un titular que presenta una prueba de no revocaci\u00f3n. Ursa ha pasado al estado de fin de vida \u00fatil y no se espera ninguna soluci\u00f3n."
}
],
"id": "CVE-2024-22192",
"lastModified": "2024-11-21T08:55:45.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-16T22:15:46.220",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-6698-mhxx-r84g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-6698-mhxx-r84g"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-21670
Vulnerability from fkie_nvd - Published: 2024-01-16 22:15 - Updated: 2024-11-21 08:54
Severity ?
6.5 (Medium) - CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being "not revoked" when in fact, the holder's credential has been revoked. Ursa has moved to end-of-life status and no fix is expected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hyperledger | ursa | 0.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hyperledger:ursa:0.1.0:*:*:*:*:rust:*:*",
"matchCriteriaId": "8997F554-6E18-4F21-B042-4954CD22436D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being \"not revoked\" when in fact, the holder\u0027s credential has been revoked. Ursa has moved to end-of-life status and no fix is expected."
},
{
"lang": "es",
"value": "Ursa es una librer\u00eda criptogr\u00e1fica para usar con blockchains. El esquema de revocaci\u00f3n que forma parte de las implementaciones de Ursa CL-Signatures tiene un fallo que podr\u00eda afectar las garant\u00edas de privacidad definidas por el modelo de credencial verificable de AnonCreds, permitiendo a un titular malicioso de una credencial revocada generar una prueba de no revocaci\u00f3n v\u00e1lida para esa credencial como parte de una presentaci\u00f3n de AnonCreds. Un verificador puede verificar que una credencial de un titular est\u00e1 \"not revoked\" cuando, en realidad, la credencial del titular ha sido revocada. Ursa ha pasado al estado de fin de vida \u00fatil y no se espera ninguna soluci\u00f3n."
}
],
"id": "CVE-2024-21670",
"lastModified": "2024-11-21T08:54:50.227",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.2,
"impactScore": 5.8,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-16T22:15:45.810",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-r78f-4q2q-hvv4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-r78f-4q2q-hvv4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-31021
Vulnerability from fkie_nvd - Published: 2024-01-16 22:15 - Updated: 2024-11-21 07:03
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to meet the unlinkability guarantees of AnonCreds. The Ursa and AnonCreds CL-Signatures implementations always generate a sufficient private key. A malicious issuer could in theory create a custom CL Signature implementation (derived from the Ursa or AnonCreds CL-Signatures implementations) that uses weakened private keys such that presentations from holders could be shared by verifiers to the issuer who could determine the holder to which the credential was issued. This vulnerability could impact holders of AnonCreds credentials implemented using the CL-signature scheme in the Ursa and AnonCreds implementations of CL Signatures. The ursa project has has moved to end-of-life status and no fix is expected.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/hyperledger/ursa/security/advisories/GHSA-2q6j-gqc4-4gw3 | Vendor Advisory | |
| security-advisories@github.com | https://www.brics.dk/RS/98/29/BRICS-RS-98-29.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/hyperledger/ursa/security/advisories/GHSA-2q6j-gqc4-4gw3 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.brics.dk/RS/98/29/BRICS-RS-98-29.pdf | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hyperledger | ursa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hyperledger:ursa:*:*:*:*:*:rust:*:*",
"matchCriteriaId": "63E49704-6855-45F1-894D-1CE5118D7D6F",
"versionEndExcluding": "0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to meet the unlinkability guarantees of AnonCreds. The Ursa and AnonCreds CL-Signatures implementations always generate a sufficient private key. A malicious issuer could in theory create a custom CL Signature implementation (derived from the Ursa or AnonCreds CL-Signatures implementations) that uses weakened private keys such that presentations from holders could be shared by verifiers to the issuer who could determine the holder to which the credential was issued. This vulnerability could impact holders of AnonCreds credentials implemented using the CL-signature scheme in the Ursa and AnonCreds implementations of CL Signatures. The ursa project has has moved to end-of-life status and no fix is expected."
},
{
"lang": "es",
"value": "Ursa es una librer\u00eda criptogr\u00e1fica para usar con blockchains. Una debilidad en la especificaci\u00f3n Hyperledger AnonCreds que no se mitiga en las implementaciones Ursa y AnonCreds es que el Emisor no publica una prueba de correcci\u00f3n de clave que demuestre que una clave privada generada es suficiente para cumplir con las garant\u00edas de desvinculaci\u00f3n de AnonCreds. Las implementaciones Ursa y AnonCreds CL-Signatures siempre generan una clave privada suficiente. En teor\u00eda, un emisor malintencionado podr\u00eda crear una implementaci\u00f3n personalizada de CL Signature (derivada de las implementaciones Ursa o AnonCreds CL-Signatures) que utilice claves privadas debilitadas, de modo que los verificadores puedan compartir las presentaciones de los titulares con el emisor, quien podr\u00eda determinar a qu\u00e9 titular se se emiti\u00f3 la credencial. Esta vulnerabilidad podr\u00eda afectar a los titulares de credenciales de AnonCreds implementadas utilizando el esquema de firma CL en las implementaciones Ursa y AnonCreds de CL Signatures. El proyecto Ursa ha llegado al estado de fin de vida \u00fatil y no se espera ninguna soluci\u00f3n."
}
],
"id": "CVE-2022-31021",
"lastModified": "2024-11-21T07:03:43.770",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-16T22:15:37.080",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/hyperledger/ursa/security/advisories/GHSA-2q6j-gqc4-4gw3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.brics.dk/RS/98/29/BRICS-RS-98-29.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/hyperledger/ursa/security/advisories/GHSA-2q6j-gqc4-4gw3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.brics.dk/RS/98/29/BRICS-RS-98-29.pdf"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-829"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
CVE-2024-22192 (GCVE-0-2024-22192)
Vulnerability from cvelistv5 – Published: 2024-01-16 21:44 – Updated: 2025-06-16 19:46
VLAI?
Summary
Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a verifiable presentation that includes a Non-Revocation proof. The impact of the flaw is that a malicious verifier may be able to determine a unique identifier for a holder presenting a Non-Revocation proof. Ursa has moved to end-of-life status and no fix is expected.
Severity ?
6.5 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| hyperledger-archives | ursa |
Affected:
<= 0.3.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-6698-mhxx-r84g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-6698-mhxx-r84g"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T19:57:42.792215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T19:46:20.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ursa",
"vendor": "hyperledger-archives",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a verifiable presentation that includes a Non-Revocation proof. The impact of the flaw is that a malicious verifier may be able to determine a unique identifier for a holder presenting a Non-Revocation proof. Ursa has moved to end-of-life status and no fix is expected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T21:44:53.121Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-6698-mhxx-r84g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-6698-mhxx-r84g"
}
],
"source": {
"advisory": "GHSA-6698-mhxx-r84g",
"discovery": "UNKNOWN"
},
"title": "Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22192",
"datePublished": "2024-01-16T21:44:53.121Z",
"dateReserved": "2024-01-08T04:59:27.370Z",
"dateUpdated": "2025-06-16T19:46:20.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21670 (GCVE-0-2024-21670)
Vulnerability from cvelistv5 – Published: 2024-01-16 21:44 – Updated: 2024-08-01 22:27
VLAI?
Summary
Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being "not revoked" when in fact, the holder's credential has been revoked. Ursa has moved to end-of-life status and no fix is expected.
Severity ?
6.5 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| hyperledger-archives | ursa |
Affected:
<= 0.3.7
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hyperledger:ursa:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ursa",
"vendor": "hyperledger",
"versions": [
{
"lessThanOrEqual": "0.3.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21670",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T20:46:39.280934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:45.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:35.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-r78f-4q2q-hvv4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-r78f-4q2q-hvv4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ursa",
"vendor": "hyperledger-archives",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being \"not revoked\" when in fact, the holder\u0027s credential has been revoked. Ursa has moved to end-of-life status and no fix is expected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T21:44:05.572Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-r78f-4q2q-hvv4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-r78f-4q2q-hvv4"
}
],
"source": {
"advisory": "GHSA-r78f-4q2q-hvv4",
"discovery": "UNKNOWN"
},
"title": "CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-21670",
"datePublished": "2024-01-16T21:44:05.572Z",
"dateReserved": "2023-12-29T16:10:20.368Z",
"dateUpdated": "2024-08-01T22:27:35.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31021 (GCVE-0-2022-31021)
Vulnerability from cvelistv5 – Published: 2024-01-16 21:35 – Updated: 2025-06-02 15:08
VLAI?
Summary
Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to meet the unlinkability guarantees of AnonCreds. The Ursa and AnonCreds CL-Signatures implementations always generate a sufficient private key. A malicious issuer could in theory create a custom CL Signature implementation (derived from the Ursa or AnonCreds CL-Signatures implementations) that uses weakened private keys such that presentations from holders could be shared by verifiers to the issuer who could determine the holder to which the credential was issued. This vulnerability could impact holders of AnonCreds credentials implemented using the CL-signature scheme in the Ursa and AnonCreds implementations of CL Signatures. The ursa project has has moved to end-of-life status and no fix is expected.
Severity ?
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| hyperledger | ursa |
Affected:
<= 0.3.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/hyperledger/ursa/security/advisories/GHSA-2q6j-gqc4-4gw3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hyperledger/ursa/security/advisories/GHSA-2q6j-gqc4-4gw3"
},
{
"name": "https://www.brics.dk/RS/98/29/BRICS-RS-98-29.pdf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.brics.dk/RS/98/29/BRICS-RS-98-29.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31021",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T20:11:37.077048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:08:17.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ursa",
"vendor": "hyperledger",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to meet the unlinkability guarantees of AnonCreds. The Ursa and AnonCreds CL-Signatures implementations always generate a sufficient private key. A malicious issuer could in theory create a custom CL Signature implementation (derived from the Ursa or AnonCreds CL-Signatures implementations) that uses weakened private keys such that presentations from holders could be shared by verifiers to the issuer who could determine the holder to which the credential was issued. This vulnerability could impact holders of AnonCreds credentials implemented using the CL-signature scheme in the Ursa and AnonCreds implementations of CL Signatures. The ursa project has has moved to end-of-life status and no fix is expected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T21:35:31.306Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/hyperledger/ursa/security/advisories/GHSA-2q6j-gqc4-4gw3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hyperledger/ursa/security/advisories/GHSA-2q6j-gqc4-4gw3"
},
{
"name": "https://www.brics.dk/RS/98/29/BRICS-RS-98-29.pdf",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.brics.dk/RS/98/29/BRICS-RS-98-29.pdf"
}
],
"source": {
"advisory": "GHSA-2q6j-gqc4-4gw3",
"discovery": "UNKNOWN"
},
"title": "Unlinkability broken in ursa when verifiers use malicious keys"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31021",
"datePublished": "2024-01-16T21:35:31.306Z",
"dateReserved": "2022-05-18T18:37:25.395Z",
"dateUpdated": "2025-06-02T15:08:17.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22192 (GCVE-0-2024-22192)
Vulnerability from nvd – Published: 2024-01-16 21:44 – Updated: 2025-06-16 19:46
VLAI?
Summary
Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a verifiable presentation that includes a Non-Revocation proof. The impact of the flaw is that a malicious verifier may be able to determine a unique identifier for a holder presenting a Non-Revocation proof. Ursa has moved to end-of-life status and no fix is expected.
Severity ?
6.5 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| hyperledger-archives | ursa |
Affected:
<= 0.3.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-6698-mhxx-r84g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-6698-mhxx-r84g"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T19:57:42.792215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T19:46:20.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ursa",
"vendor": "hyperledger-archives",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a verifiable presentation that includes a Non-Revocation proof. The impact of the flaw is that a malicious verifier may be able to determine a unique identifier for a holder presenting a Non-Revocation proof. Ursa has moved to end-of-life status and no fix is expected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T21:44:53.121Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-6698-mhxx-r84g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-6698-mhxx-r84g"
}
],
"source": {
"advisory": "GHSA-6698-mhxx-r84g",
"discovery": "UNKNOWN"
},
"title": "Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22192",
"datePublished": "2024-01-16T21:44:53.121Z",
"dateReserved": "2024-01-08T04:59:27.370Z",
"dateUpdated": "2025-06-16T19:46:20.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21670 (GCVE-0-2024-21670)
Vulnerability from nvd – Published: 2024-01-16 21:44 – Updated: 2024-08-01 22:27
VLAI?
Summary
Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being "not revoked" when in fact, the holder's credential has been revoked. Ursa has moved to end-of-life status and no fix is expected.
Severity ?
6.5 (Medium)
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| hyperledger-archives | ursa |
Affected:
<= 0.3.7
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hyperledger:ursa:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ursa",
"vendor": "hyperledger",
"versions": [
{
"lessThanOrEqual": "0.3.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21670",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T20:46:39.280934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:45.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:35.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-r78f-4q2q-hvv4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-r78f-4q2q-hvv4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ursa",
"vendor": "hyperledger-archives",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being \"not revoked\" when in fact, the holder\u0027s credential has been revoked. Ursa has moved to end-of-life status and no fix is expected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T21:44:05.572Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-r78f-4q2q-hvv4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-r78f-4q2q-hvv4"
}
],
"source": {
"advisory": "GHSA-r78f-4q2q-hvv4",
"discovery": "UNKNOWN"
},
"title": "CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-21670",
"datePublished": "2024-01-16T21:44:05.572Z",
"dateReserved": "2023-12-29T16:10:20.368Z",
"dateUpdated": "2024-08-01T22:27:35.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31021 (GCVE-0-2022-31021)
Vulnerability from nvd – Published: 2024-01-16 21:35 – Updated: 2025-06-02 15:08
VLAI?
Summary
Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to meet the unlinkability guarantees of AnonCreds. The Ursa and AnonCreds CL-Signatures implementations always generate a sufficient private key. A malicious issuer could in theory create a custom CL Signature implementation (derived from the Ursa or AnonCreds CL-Signatures implementations) that uses weakened private keys such that presentations from holders could be shared by verifiers to the issuer who could determine the holder to which the credential was issued. This vulnerability could impact holders of AnonCreds credentials implemented using the CL-signature scheme in the Ursa and AnonCreds implementations of CL Signatures. The ursa project has has moved to end-of-life status and no fix is expected.
Severity ?
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| hyperledger | ursa |
Affected:
<= 0.3.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/hyperledger/ursa/security/advisories/GHSA-2q6j-gqc4-4gw3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/hyperledger/ursa/security/advisories/GHSA-2q6j-gqc4-4gw3"
},
{
"name": "https://www.brics.dk/RS/98/29/BRICS-RS-98-29.pdf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.brics.dk/RS/98/29/BRICS-RS-98-29.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31021",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T20:11:37.077048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:08:17.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ursa",
"vendor": "hyperledger",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.3.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to meet the unlinkability guarantees of AnonCreds. The Ursa and AnonCreds CL-Signatures implementations always generate a sufficient private key. A malicious issuer could in theory create a custom CL Signature implementation (derived from the Ursa or AnonCreds CL-Signatures implementations) that uses weakened private keys such that presentations from holders could be shared by verifiers to the issuer who could determine the holder to which the credential was issued. This vulnerability could impact holders of AnonCreds credentials implemented using the CL-signature scheme in the Ursa and AnonCreds implementations of CL Signatures. The ursa project has has moved to end-of-life status and no fix is expected."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T21:35:31.306Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/hyperledger/ursa/security/advisories/GHSA-2q6j-gqc4-4gw3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hyperledger/ursa/security/advisories/GHSA-2q6j-gqc4-4gw3"
},
{
"name": "https://www.brics.dk/RS/98/29/BRICS-RS-98-29.pdf",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.brics.dk/RS/98/29/BRICS-RS-98-29.pdf"
}
],
"source": {
"advisory": "GHSA-2q6j-gqc4-4gw3",
"discovery": "UNKNOWN"
},
"title": "Unlinkability broken in ursa when verifiers use malicious keys"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31021",
"datePublished": "2024-01-16T21:35:31.306Z",
"dateReserved": "2022-05-18T18:37:25.395Z",
"dateUpdated": "2025-06-02T15:08:17.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}