cvelistv5 - cve-2022-31020

CVE-2022-31020 (GCVE-0-2022-31020)

Vulnerability from cvelistv5 – Published: 2022-09-06 16:30 – Updated: 2025-04-23 17:14

Summary

Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-287 - Improper Authentication
CWE-20 - Improper Input Validation

Assigner

GitHub_M

References

URL

Tags

	https://github.com/hyperledger/indy-node/security…	x_refsource_CONFIRM
	https://github.com/hyperledger/indy-node/commit/f…	x_refsource_MISC
	https://github.com/hyperledger/indy-node/releases…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	hyperledger	indy-node	Affected: <= 1.12.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:03:40.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-31020",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:49:58.564323Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T17:14:59.072Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "indy-node",
          "vendor": "hyperledger",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 1.12.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-06T16:30:19.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5"
        }
      ],
      "source": {
        "advisory": "GHSA-r6v9-p59m-gj2p",
        "discovery": "UNKNOWN"
      },
      "title": "Remote code execution in Indy\u0027s NODE_UPGRADE transaction",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-31020",
          "STATE": "PUBLIC",
          "TITLE": "Remote code execution in Indy\u0027s NODE_UPGRADE transaction"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "indy-node",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c= 1.12.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "hyperledger"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287: Improper Authentication"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20: Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p",
              "refsource": "CONFIRM",
              "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p"
            },
            {
              "name": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5",
              "refsource": "MISC",
              "url": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5"
            },
            {
              "name": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5",
              "refsource": "MISC",
              "url": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-r6v9-p59m-gj2p",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-31020",
    "datePublished": "2022-09-06T16:30:19.000Z",
    "dateReserved": "2022-05-18T00:00:00.000Z",
    "dateUpdated": "2025-04-23T17:14:59.072Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linuxfoundation:indy-node:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.12.4\", \"matchCriteriaId\": \"D7BDE3C0-0C97-4373-9BA4-EB3A9D1D177D\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded.\"}, {\"lang\": \"es\", \"value\": \"Indy Node es la parte del servidor de un libro mayor distribuido construido para la identidad descentralizada. En versiones 1.12.4 y anteriores, el administrador de peticiones \\\"pool-upgrade\\\" de Indy-Node permite a un atacante autenticado ejecutar c\\u00f3digo de forma remota en nodos de la red. El administrador de peticiones \\\"pool-upgrade\\\" en Indy-Node versi\\u00f3n 1.12.5, ha sido actualizado para autenticar apropiadamente las transacciones de pool-upgrade antes de que el administrador de peticiones las lleve a cabo. Las transacciones son saneadas adem\\u00e1s para evitar una ejecuci\\u00f3n de c\\u00f3digo remota. Como mitigaci\\u00f3n, los endosantes no deber\\u00edan crear DIDs para usuarios no confiables. Un libro mayor vulnerable deber\\u00eda configurar \\\"auth_rules\\\" para evitar que sean escritos nuevos DID en el libro mayor hasta que la red pueda ser actualizada.\\n\"}]",
      "id": "CVE-2022-31020",
      "lastModified": "2024-11-21T07:03:43.660",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2022-09-06T17:15:08.220",
      "references": "[{\"url\": \"https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/hyperledger/indy-node/releases/tag/v1.12.5\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/hyperledger/indy-node/releases/tag/v1.12.5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}, {\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-31020\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-09-06T17:15:08.220\",\"lastModified\":\"2024-11-21T07:03:43.660\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded.\"},{\"lang\":\"es\",\"value\":\"Indy Node es la parte del servidor de un libro mayor distribuido construido para la identidad descentralizada. En versiones 1.12.4 y anteriores, el administrador de peticiones \\\"pool-upgrade\\\" de Indy-Node permite a un atacante autenticado ejecutar c\u00f3digo de forma remota en nodos de la red. El administrador de peticiones \\\"pool-upgrade\\\" en Indy-Node versi\u00f3n 1.12.5, ha sido actualizado para autenticar apropiadamente las transacciones de pool-upgrade antes de que el administrador de peticiones las lleve a cabo. Las transacciones son saneadas adem\u00e1s para evitar una ejecuci\u00f3n de c\u00f3digo remota. Como mitigaci\u00f3n, los endosantes no deber\u00edan crear DIDs para usuarios no confiables. Un libro mayor vulnerable deber\u00eda configurar \\\"auth_rules\\\" para evitar que sean escritos nuevos DID en el libro mayor hasta que la red pueda ser actualizada.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"},{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:indy-node:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.12.4\",\"matchCriteriaId\":\"D7BDE3C0-0C97-4373-9BA4-EB3A9D1D177D\"}]}]}],\"references\":[{\"url\":\"https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/hyperledger/indy-node/releases/tag/v1.12.5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/hyperledger/indy-node/releases/tag/v1.12.5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/hyperledger/indy-node/releases/tag/v1.12.5\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T07:03:40.339Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-31020\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T15:49:58.564323Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-23T15:50:00.478Z\"}}], \"cna\": {\"title\": \"Remote code execution in Indy\u0027s NODE_UPGRADE transaction\", \"source\": {\"advisory\": \"GHSA-r6v9-p59m-gj2p\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"hyperledger\", \"product\": \"indy-node\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 1.12.4\"}]}], \"references\": [{\"url\": \"https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/hyperledger/indy-node/releases/tag/v1.12.5\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-287\", \"description\": \"CWE-287: Improper Authentication\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2022-09-06T16:30:19.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"advisory\": \"GHSA-r6v9-p59m-gj2p\", \"discovery\": \"UNKNOWN\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"\u003c= 1.12.4\"}]}, \"product_name\": \"indy-node\"}]}, \"vendor_name\": \"hyperledger\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p\", \"name\": \"https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5\", \"name\": \"https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5\", \"refsource\": \"MISC\"}, {\"url\": \"https://github.com/hyperledger/indy-node/releases/tag/v1.12.5\", \"name\": \"https://github.com/hyperledger/indy-node/releases/tag/v1.12.5\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-287: Improper Authentication\"}]}, {\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-20: Improper Input Validation\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-31020\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Remote code execution in Indy\u0027s NODE_UPGRADE transaction\", \"ASSIGNER\": \"security-advisories@github.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-31020\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-23T17:14:59.072Z\", \"dateReserved\": \"2022-05-18T00:00:00.000Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2022-09-06T16:30:19.000Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-R6V9-P59M-GJ2P

Vulnerability from github – Published: 2022-09-02 21:55 – Updated: 2024-11-18 16:26

Summary

Indy's NODE_UPGRADE transaction vulnerable to remote code execution

Details

Impact

The pool-upgrade request handler in Indy-Node <=1.12.4 allows an improperly authenticated attacker to remotely execute code on nodes within the network.

Network operators are strongly encouraged to upgrade to the latest Indy-Node release >=1.12.5 as soon as possible.

Patches

The pool-upgrade request handler in Indy-Node >=1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution.

Mitigations

Network operators are strongly encouraged to upgrade to the latest Indy-Node release >=1.12.5 as soon as possible.

Acknowledgements

Thank you to @shakreiner at CyberArk Labs for finding and responsibly disclosing this issue.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.1 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "indy-node"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.12.5rc1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31020"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-02T21:55:20Z",
    "nvd_published_at": "2022-09-06T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nThe `pool-upgrade` request handler in Indy-Node `\u003c=1.12.4` allows an improperly authenticated attacker to remotely execute code on nodes within the network.\n\nNetwork operators are strongly encouraged to upgrade to the latest Indy-Node release `\u003e=1.12.5` as soon as possible.\n\n### Patches\n\nThe `pool-upgrade` request handler in Indy-Node `\u003e=1.12.5` has been updated to properly authenticate `pool-upgrade` transactions before any processing is performed by the request handler.  The transactions are further sanitized to prevent remote code execution.\n\n### Mitigations\n\nNetwork operators are strongly encouraged to upgrade to the latest Indy-Node release `\u003e=1.12.5` as soon as possible.\n\n### Acknowledgements\nThank you to @shakreiner at CyberArk Labs for finding and responsibly disclosing this issue.",
  "id": "GHSA-r6v9-p59m-gj2p",
  "modified": "2024-11-18T16:26:27Z",
  "published": "2022-09-02T21:55:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31020"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hyperledger/indy-node"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/indy-node/PYSEC-2022-265.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Indy\u0027s NODE_UPGRADE transaction vulnerable to remote code execution"
}

FKIE_CVE-2022-31020

Vulnerability from fkie_nvd - Published: 2022-09-06 17:15 - Updated: 2024-11-21 07:03

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/hyperledger/indy-node/releases/tag/v1.12.5	Release Notes, Third Party Advisory
security-advisories@github.com	https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/hyperledger/indy-node/releases/tag/v1.12.5	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p	Third Party Advisory

Impacted products

	Vendor	Product	Version
	linuxfoundation	indy-node	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:linuxfoundation:indy-node:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7BDE3C0-0C97-4373-9BA4-EB3A9D1D177D",
              "versionEndIncluding": "1.12.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded."
    },
    {
      "lang": "es",
      "value": "Indy Node es la parte del servidor de un libro mayor distribuido construido para la identidad descentralizada. En versiones 1.12.4 y anteriores, el administrador de peticiones \"pool-upgrade\" de Indy-Node permite a un atacante autenticado ejecutar c\u00f3digo de forma remota en nodos de la red. El administrador de peticiones \"pool-upgrade\" en Indy-Node versi\u00f3n 1.12.5, ha sido actualizado para autenticar apropiadamente las transacciones de pool-upgrade antes de que el administrador de peticiones las lleve a cabo. Las transacciones son saneadas adem\u00e1s para evitar una ejecuci\u00f3n de c\u00f3digo remota. Como mitigaci\u00f3n, los endosantes no deber\u00edan crear DIDs para usuarios no confiables. Un libro mayor vulnerable deber\u00eda configurar \"auth_rules\" para evitar que sean escritos nuevos DID en el libro mayor hasta que la red pueda ser actualizada.\n"
    }
  ],
  "id": "CVE-2022-31020",
  "lastModified": "2024-11-21T07:03:43.660",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-09-06T17:15:08.220",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GSD-2022-31020

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-31020

Aliases

CVE-2022-31020

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-31020",
    "description": "Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded.",
    "id": "GSD-2022-31020"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-31020"
      ],
      "details": "Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded.",
      "id": "GSD-2022-31020",
      "modified": "2023-12-13T01:19:17.504607Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-31020",
        "STATE": "PUBLIC",
        "TITLE": "Remote code execution in Indy\u0027s NODE_UPGRADE transaction"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "indy-node",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c= 1.12.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "hyperledger"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-287: Improper Authentication"
              }
            ]
          },
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-20: Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p",
            "refsource": "CONFIRM",
            "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p"
          },
          {
            "name": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5",
            "refsource": "MISC",
            "url": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5"
          },
          {
            "name": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5",
            "refsource": "MISC",
            "url": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-r6v9-p59m-gj2p",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c=1.12.4",
          "affected_versions": "All versions up to 1.12.4",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-287",
            "CWE-937",
            "CWE-78"
          ],
          "date": "2022-09-13",
          "description": "Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded.",
          "fixed_versions": [
            "1.12.5"
          ],
          "identifier": "CVE-2022-31020",
          "identifiers": [
            "CVE-2022-31020",
            "GHSA-r6v9-p59m-gj2p",
            "GMS-2022-4013"
          ],
          "not_impacted": "All versions after 1.12.4",
          "package_slug": "pypi/indy-node",
          "pubdate": "2022-09-06",
          "solution": "Upgrade to version 1.12.5 or above.",
          "title": "Improper Authentication",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-31020",
            "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5",
            "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p",
            "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5",
            "https://github.com/advisories/GHSA-r6v9-p59m-gj2p"
          ],
          "uuid": "0ec882dd-f810-4297-a017-d3c055b94c27"
        },
        {
          "affected_range": "\u003c0",
          "affected_versions": "All versions up to 1.12.4",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2022-09-02",
          "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027) in indy-node.",
          "fixed_versions": [
            "1.12.5"
          ],
          "identifier": "GMS-2022-4013",
          "identifiers": [
            "GHSA-r6v9-p59m-gj2p",
            "GMS-2022-4013",
            "CVE-2022-31020"
          ],
          "not_impacted": "All versions after 1.12.4",
          "package_slug": "pypi/indy-node",
          "pubdate": "2022-09-02",
          "solution": "Upgrade to version 1.12.5 or above.",
          "title": "Duplicate of ./pypi/indy-node/CVE-2022-31020.yml",
          "urls": [
            "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p",
            "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5",
            "https://github.com/advisories/GHSA-r6v9-p59m-gj2p"
          ],
          "uuid": "c43e1cf8-2918-4658-89b2-5ad70e868a26"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:linuxfoundation:indy-node:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.12.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-31020"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                },
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5"
            },
            {
              "name": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p"
            },
            {
              "name": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-09-13T14:23Z",
      "publishedDate": "2022-09-06T17:15Z"
    }
  }
}

PYSEC-2022-265

Vulnerability from pysec - Published: 2022-09-06 17:15 - Updated: 2022-09-13 17:01

Details

Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure auth_rules to prevent new DIDs from being written to the ledger until the network can be upgraded.

Impacted products

Name	purl
indy-node	pkg:pypi/indy-node

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "indy-node",
        "purl": "pkg:pypi/indy-node"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "fe507474f77084faef4539101e2bbb4d508a97f5"
            }
          ],
          "repo": "https://github.com/hyperledger/indy-node",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.12.5rc1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.0.1.dev38",
        "0.0.1.dev40",
        "0.0.12",
        "0.0.2",
        "0.0.20",
        "0.0.21",
        "0.0.22",
        "0.0.23",
        "0.0.24",
        "0.0.25",
        "0.0.28",
        "0.0.3",
        "0.0.30",
        "0.0.31",
        "0.0.32",
        "0.0.4",
        "0.4.27",
        "1.0.28",
        "1.0.29",
        "1.1.1",
        "1.1.30",
        "1.1.31",
        "1.1.32",
        "1.1.33",
        "1.1.34",
        "1.1.35",
        "1.1.36",
        "1.1.37",
        "1.1.38",
        "1.1.39",
        "1.1.40",
        "1.1.41",
        "1.1.42",
        "1.1.43",
        "1.10.0",
        "1.10.0.dev1070",
        "1.10.0.dev1071",
        "1.10.0.dev1072",
        "1.10.0.dev1073",
        "1.10.0.dev1074",
        "1.10.0.dev1075",
        "1.10.0.dev1076",
        "1.10.0.dev1077",
        "1.10.0.dev1078",
        "1.10.0.dev1079",
        "1.10.0.dev1080",
        "1.10.0.dev1081",
        "1.10.0.dev1082",
        "1.10.0.dev1083",
        "1.10.0.dev1084",
        "1.10.0.dev1085",
        "1.10.0.dev1086",
        "1.10.0.dev1087",
        "1.10.0.dev1088",
        "1.10.0.dev1089",
        "1.10.0.dev1090",
        "1.10.0.dev1091",
        "1.10.0.dev1092",
        "1.10.0.dev1093",
        "1.10.0.dev1094",
        "1.10.0.dev1095",
        "1.10.0.dev1096",
        "1.10.0.dev1097",
        "1.10.0.dev1098",
        "1.10.0rc1",
        "1.11.0",
        "1.11.0.dev1099",
        "1.11.0.dev1100",
        "1.11.0.dev1101",
        "1.11.0.dev1102",
        "1.11.0.dev1103",
        "1.11.0.dev1104",
        "1.11.0.dev1105",
        "1.11.0.dev1106",
        "1.11.0.dev1107",
        "1.11.0.dev1108",
        "1.11.0.dev1109",
        "1.11.0.dev1110",
        "1.11.0.dev1111",
        "1.11.0.dev1112",
        "1.11.0.dev1113",
        "1.11.0.dev1114",
        "1.11.0.dev1115",
        "1.11.0.dev1116",
        "1.11.0.dev1117",
        "1.11.0.dev1118",
        "1.11.0.dev1119",
        "1.11.0.dev1120",
        "1.11.0.dev1121",
        "1.11.0.dev1122",
        "1.11.0.dev1123",
        "1.11.0rc1",
        "1.12.0",
        "1.12.0.dev1124",
        "1.12.0.dev1125",
        "1.12.0.dev1126",
        "1.12.0.dev1127",
        "1.12.0.dev1128",
        "1.12.0.dev1129",
        "1.12.0.dev1130",
        "1.12.0.dev1131",
        "1.12.0.dev1132",
        "1.12.0.dev1133",
        "1.12.0.dev1134",
        "1.12.0.dev1135",
        "1.12.0.dev1136",
        "1.12.0.dev1137",
        "1.12.0.dev1138",
        "1.12.0.dev1139",
        "1.12.0.dev1140",
        "1.12.0.dev1141",
        "1.12.0.dev1142",
        "1.12.0.dev1143",
        "1.12.0.dev1144",
        "1.12.0.dev1145",
        "1.12.0rc1",
        "1.12.1",
        "1.12.1.dev1146",
        "1.12.1.dev1147",
        "1.12.1.dev1148",
        "1.12.1.dev1149",
        "1.12.1.dev1150",
        "1.12.1.dev1151",
        "1.12.1.dev1152",
        "1.12.1.dev1153",
        "1.12.1.dev1154",
        "1.12.1.dev1155",
        "1.12.1.dev1156",
        "1.12.1.dev1157",
        "1.12.1.dev1158",
        "1.12.1.dev1159",
        "1.12.1.dev1160",
        "1.12.1.dev1161",
        "1.12.1.dev1162",
        "1.12.1.dev1163",
        "1.12.1.dev1164",
        "1.12.1.dev1165",
        "1.12.1.dev1166",
        "1.12.1.dev1167",
        "1.12.1.dev1168",
        "1.12.1.dev1169",
        "1.12.1.dev1170",
        "1.12.1.dev1171",
        "1.12.1.dev1172",
        "1.12.1.dev1173",
        "1.12.1.dev1174",
        "1.12.1.dev1175",
        "1.12.1.dev1176",
        "1.12.1.dev1177",
        "1.12.1.dev1178",
        "1.12.1.dev1179",
        "1.12.1rc1",
        "1.12.2",
        "1.12.2.dev1180",
        "1.12.2.dev1181",
        "1.12.2.dev1182",
        "1.12.2.dev1183",
        "1.12.2.dev1184",
        "1.12.2.dev1185",
        "1.12.2.dev1186",
        "1.12.2.dev1187",
        "1.12.2.dev1188",
        "1.12.2.dev1189",
        "1.12.2.dev1190",
        "1.12.2.dev1191",
        "1.12.2.dev1192",
        "1.12.2.dev1193",
        "1.12.2.dev1194",
        "1.12.2.dev1195",
        "1.12.2rc1",
        "1.12.3",
        "1.12.3rc1",
        "1.12.4",
        "1.12.4rc1",
        "1.2.44",
        "1.2.45",
        "1.2.46",
        "1.2.47",
        "1.2.48",
        "1.2.49",
        "1.2.50",
        "1.3.51",
        "1.3.52",
        "1.3.53",
        "1.3.54",
        "1.3.55",
        "1.3.56",
        "1.3.57",
        "1.3.58",
        "1.3.59",
        "1.3.60",
        "1.3.61",
        "1.3.62",
        "1.4.63",
        "1.4.64",
        "1.4.65",
        "1.4.66",
        "1.5.67",
        "1.5.68",
        "1.6.69",
        "1.6.70",
        "1.6.71",
        "1.6.72",
        "1.6.73",
        "1.6.74",
        "1.6.75",
        "1.6.76",
        "1.6.77",
        "1.6.78",
        "1.6.79",
        "1.6.80",
        "1.6.81",
        "1.6.82",
        "1.6.83",
        "1.7.0",
        "1.7.0.dev878",
        "1.7.0.dev879",
        "1.7.0.dev880",
        "1.7.0.dev881",
        "1.7.0.dev882",
        "1.7.0.dev883",
        "1.7.0.dev884",
        "1.7.0.dev885",
        "1.7.0.dev886",
        "1.7.0.dev887",
        "1.7.0.dev888",
        "1.7.0.dev889",
        "1.7.0.dev890",
        "1.7.0.dev891",
        "1.7.0.dev892",
        "1.7.0.dev893",
        "1.7.0.dev894",
        "1.7.0.dev895",
        "1.7.0.dev896",
        "1.7.0.dev897",
        "1.7.0.dev898",
        "1.7.0.dev899",
        "1.7.0.dev900",
        "1.7.0.dev901",
        "1.7.0.dev902",
        "1.7.0.dev903",
        "1.7.0.dev904",
        "1.7.0.dev905",
        "1.7.0.dev906",
        "1.7.0.dev907",
        "1.7.0.dev908",
        "1.7.0.dev909",
        "1.7.0.dev910",
        "1.7.0.dev911",
        "1.7.0.dev912",
        "1.7.0.dev913",
        "1.7.0.dev914",
        "1.7.1",
        "1.8.0",
        "1.8.0.dev915",
        "1.8.0.dev916",
        "1.8.0.dev917",
        "1.8.0.dev918",
        "1.8.0.dev919",
        "1.8.0.dev920",
        "1.8.0.dev921",
        "1.8.0.dev922",
        "1.8.0.dev923",
        "1.8.0.dev924",
        "1.8.0.dev925",
        "1.8.0.dev926",
        "1.8.0.dev927",
        "1.8.0.dev928",
        "1.8.0.dev929",
        "1.8.0.dev930",
        "1.8.0.dev931",
        "1.8.0.dev932",
        "1.8.0.dev933",
        "1.8.0.dev934",
        "1.8.0.dev935",
        "1.8.0.dev936",
        "1.8.0.dev937",
        "1.8.0.dev938",
        "1.8.0.dev939",
        "1.8.0.dev940",
        "1.8.0.dev941",
        "1.8.0.dev942",
        "1.8.0.dev943",
        "1.8.0.dev944",
        "1.8.0.dev945",
        "1.8.0.dev946",
        "1.8.0.dev947",
        "1.8.0.dev948",
        "1.8.0.dev951",
        "1.8.0.dev952",
        "1.8.0.dev953",
        "1.8.0.dev954",
        "1.8.0.dev955",
        "1.8.0.dev956",
        "1.8.0.dev957",
        "1.8.0.dev958",
        "1.8.0.dev959",
        "1.8.0.dev960",
        "1.8.0.dev961",
        "1.8.0.dev963",
        "1.8.0.dev964",
        "1.8.0.dev965",
        "1.8.0.dev966",
        "1.8.0.dev967",
        "1.8.0.dev968",
        "1.8.0.dev969",
        "1.8.0.dev970",
        "1.8.0.dev971",
        "1.8.0.dev972",
        "1.8.0.dev975",
        "1.8.0.dev977",
        "1.8.0.dev978",
        "1.8.0.dev979",
        "1.8.0.dev980",
        "1.8.0.dev981",
        "1.8.0.dev982",
        "1.8.0.dev983",
        "1.8.0.dev984",
        "1.8.0rc1",
        "1.8.0rc2",
        "1.8.1",
        "1.8.1rc1",
        "1.9.0",
        "1.9.0.dev1000",
        "1.9.0.dev1001",
        "1.9.0.dev1002",
        "1.9.0.dev1003",
        "1.9.0.dev1004",
        "1.9.0.dev1005",
        "1.9.0.dev1006",
        "1.9.0.dev1007",
        "1.9.0.dev1008",
        "1.9.0.dev1009",
        "1.9.0.dev1010",
        "1.9.0.dev1011",
        "1.9.0.dev1012",
        "1.9.0.dev1013",
        "1.9.0.dev1014",
        "1.9.0.dev1016",
        "1.9.0.dev1017",
        "1.9.0.dev1018",
        "1.9.0.dev1019",
        "1.9.0.dev1020",
        "1.9.0.dev1021",
        "1.9.0.dev1022",
        "1.9.0.dev1023",
        "1.9.0.dev1024",
        "1.9.0.dev1025",
        "1.9.0.dev1026",
        "1.9.0.dev1027",
        "1.9.0.dev1028",
        "1.9.0.dev1029",
        "1.9.0.dev1030",
        "1.9.0.dev1031",
        "1.9.0.dev1032",
        "1.9.0.dev1033",
        "1.9.0.dev1034",
        "1.9.0.dev1035",
        "1.9.0.dev1036",
        "1.9.0.dev1037",
        "1.9.0.dev1038",
        "1.9.0.dev1039",
        "1.9.0.dev985",
        "1.9.0.dev986",
        "1.9.0.dev987",
        "1.9.0.dev988",
        "1.9.0.dev989",
        "1.9.0.dev990",
        "1.9.0.dev991",
        "1.9.0.dev992",
        "1.9.0.dev993",
        "1.9.0.dev994",
        "1.9.0.dev995",
        "1.9.0.dev996",
        "1.9.0.dev997",
        "1.9.0.dev998",
        "1.9.0.dev999",
        "1.9.0rc1",
        "1.9.0rc2",
        "1.9.0rc3",
        "1.9.0rc4",
        "1.9.1",
        "1.9.1.dev1040",
        "1.9.1.dev1041",
        "1.9.1.dev1042",
        "1.9.1.dev1043",
        "1.9.1.dev1044",
        "1.9.1.dev1045",
        "1.9.1.dev1046",
        "1.9.1.dev1047",
        "1.9.1.dev1048",
        "1.9.1.dev1049",
        "1.9.1rc1",
        "1.9.2",
        "1.9.2.dev1050",
        "1.9.2.dev1051",
        "1.9.2.dev1052",
        "1.9.2.dev1053",
        "1.9.2.dev1054",
        "1.9.2.dev1055",
        "1.9.2.dev1056",
        "1.9.2.dev1057",
        "1.9.2.dev1058",
        "1.9.2.dev1059",
        "1.9.2.dev1060",
        "1.9.2.dev1061",
        "1.9.2.dev1062",
        "1.9.2.dev1063",
        "1.9.2.dev1064",
        "1.9.2.dev1065",
        "1.9.2.dev1066",
        "1.9.2.dev1067",
        "1.9.2.dev1068",
        "1.9.2.dev1069",
        "1.9.2rc1"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31020",
    "GHSA-r6v9-p59m-gj2p"
  ],
  "details": "Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded.",
  "id": "PYSEC-2022-265",
  "modified": "2022-09-13T17:01:18.154930Z",
  "published": "2022-09-06T17:15:00Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-31020 (GCVE-0-2022-31020)

GHSA-R6V9-P59M-GJ2P

Impact

Patches

Mitigations

Acknowledgements

FKIE_CVE-2022-31020

GSD-2022-31020

PYSEC-2022-265

Tags

Sightings

Nomenclature