pysec - pysec-2022-265

PYSEC-2022-265

Vulnerability from pysec - Published: 2022-09-06 17:15 - Updated: 2022-09-13 17:01

Details

Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure auth_rules to prevent new DIDs from being written to the ledger until the network can be upgraded.

Impacted products

Name	purl
indy-node	pkg:pypi/indy-node

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "indy-node",
        "purl": "pkg:pypi/indy-node"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "fe507474f77084faef4539101e2bbb4d508a97f5"
            }
          ],
          "repo": "https://github.com/hyperledger/indy-node",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.12.5rc1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.0.1.dev38",
        "0.0.1.dev40",
        "0.0.12",
        "0.0.2",
        "0.0.20",
        "0.0.21",
        "0.0.22",
        "0.0.23",
        "0.0.24",
        "0.0.25",
        "0.0.28",
        "0.0.3",
        "0.0.30",
        "0.0.31",
        "0.0.32",
        "0.0.4",
        "0.4.27",
        "1.0.28",
        "1.0.29",
        "1.1.1",
        "1.1.30",
        "1.1.31",
        "1.1.32",
        "1.1.33",
        "1.1.34",
        "1.1.35",
        "1.1.36",
        "1.1.37",
        "1.1.38",
        "1.1.39",
        "1.1.40",
        "1.1.41",
        "1.1.42",
        "1.1.43",
        "1.10.0",
        "1.10.0.dev1070",
        "1.10.0.dev1071",
        "1.10.0.dev1072",
        "1.10.0.dev1073",
        "1.10.0.dev1074",
        "1.10.0.dev1075",
        "1.10.0.dev1076",
        "1.10.0.dev1077",
        "1.10.0.dev1078",
        "1.10.0.dev1079",
        "1.10.0.dev1080",
        "1.10.0.dev1081",
        "1.10.0.dev1082",
        "1.10.0.dev1083",
        "1.10.0.dev1084",
        "1.10.0.dev1085",
        "1.10.0.dev1086",
        "1.10.0.dev1087",
        "1.10.0.dev1088",
        "1.10.0.dev1089",
        "1.10.0.dev1090",
        "1.10.0.dev1091",
        "1.10.0.dev1092",
        "1.10.0.dev1093",
        "1.10.0.dev1094",
        "1.10.0.dev1095",
        "1.10.0.dev1096",
        "1.10.0.dev1097",
        "1.10.0.dev1098",
        "1.10.0rc1",
        "1.11.0",
        "1.11.0.dev1099",
        "1.11.0.dev1100",
        "1.11.0.dev1101",
        "1.11.0.dev1102",
        "1.11.0.dev1103",
        "1.11.0.dev1104",
        "1.11.0.dev1105",
        "1.11.0.dev1106",
        "1.11.0.dev1107",
        "1.11.0.dev1108",
        "1.11.0.dev1109",
        "1.11.0.dev1110",
        "1.11.0.dev1111",
        "1.11.0.dev1112",
        "1.11.0.dev1113",
        "1.11.0.dev1114",
        "1.11.0.dev1115",
        "1.11.0.dev1116",
        "1.11.0.dev1117",
        "1.11.0.dev1118",
        "1.11.0.dev1119",
        "1.11.0.dev1120",
        "1.11.0.dev1121",
        "1.11.0.dev1122",
        "1.11.0.dev1123",
        "1.11.0rc1",
        "1.12.0",
        "1.12.0.dev1124",
        "1.12.0.dev1125",
        "1.12.0.dev1126",
        "1.12.0.dev1127",
        "1.12.0.dev1128",
        "1.12.0.dev1129",
        "1.12.0.dev1130",
        "1.12.0.dev1131",
        "1.12.0.dev1132",
        "1.12.0.dev1133",
        "1.12.0.dev1134",
        "1.12.0.dev1135",
        "1.12.0.dev1136",
        "1.12.0.dev1137",
        "1.12.0.dev1138",
        "1.12.0.dev1139",
        "1.12.0.dev1140",
        "1.12.0.dev1141",
        "1.12.0.dev1142",
        "1.12.0.dev1143",
        "1.12.0.dev1144",
        "1.12.0.dev1145",
        "1.12.0rc1",
        "1.12.1",
        "1.12.1.dev1146",
        "1.12.1.dev1147",
        "1.12.1.dev1148",
        "1.12.1.dev1149",
        "1.12.1.dev1150",
        "1.12.1.dev1151",
        "1.12.1.dev1152",
        "1.12.1.dev1153",
        "1.12.1.dev1154",
        "1.12.1.dev1155",
        "1.12.1.dev1156",
        "1.12.1.dev1157",
        "1.12.1.dev1158",
        "1.12.1.dev1159",
        "1.12.1.dev1160",
        "1.12.1.dev1161",
        "1.12.1.dev1162",
        "1.12.1.dev1163",
        "1.12.1.dev1164",
        "1.12.1.dev1165",
        "1.12.1.dev1166",
        "1.12.1.dev1167",
        "1.12.1.dev1168",
        "1.12.1.dev1169",
        "1.12.1.dev1170",
        "1.12.1.dev1171",
        "1.12.1.dev1172",
        "1.12.1.dev1173",
        "1.12.1.dev1174",
        "1.12.1.dev1175",
        "1.12.1.dev1176",
        "1.12.1.dev1177",
        "1.12.1.dev1178",
        "1.12.1.dev1179",
        "1.12.1rc1",
        "1.12.2",
        "1.12.2.dev1180",
        "1.12.2.dev1181",
        "1.12.2.dev1182",
        "1.12.2.dev1183",
        "1.12.2.dev1184",
        "1.12.2.dev1185",
        "1.12.2.dev1186",
        "1.12.2.dev1187",
        "1.12.2.dev1188",
        "1.12.2.dev1189",
        "1.12.2.dev1190",
        "1.12.2.dev1191",
        "1.12.2.dev1192",
        "1.12.2.dev1193",
        "1.12.2.dev1194",
        "1.12.2.dev1195",
        "1.12.2rc1",
        "1.12.3",
        "1.12.3rc1",
        "1.12.4",
        "1.12.4rc1",
        "1.2.44",
        "1.2.45",
        "1.2.46",
        "1.2.47",
        "1.2.48",
        "1.2.49",
        "1.2.50",
        "1.3.51",
        "1.3.52",
        "1.3.53",
        "1.3.54",
        "1.3.55",
        "1.3.56",
        "1.3.57",
        "1.3.58",
        "1.3.59",
        "1.3.60",
        "1.3.61",
        "1.3.62",
        "1.4.63",
        "1.4.64",
        "1.4.65",
        "1.4.66",
        "1.5.67",
        "1.5.68",
        "1.6.69",
        "1.6.70",
        "1.6.71",
        "1.6.72",
        "1.6.73",
        "1.6.74",
        "1.6.75",
        "1.6.76",
        "1.6.77",
        "1.6.78",
        "1.6.79",
        "1.6.80",
        "1.6.81",
        "1.6.82",
        "1.6.83",
        "1.7.0",
        "1.7.0.dev878",
        "1.7.0.dev879",
        "1.7.0.dev880",
        "1.7.0.dev881",
        "1.7.0.dev882",
        "1.7.0.dev883",
        "1.7.0.dev884",
        "1.7.0.dev885",
        "1.7.0.dev886",
        "1.7.0.dev887",
        "1.7.0.dev888",
        "1.7.0.dev889",
        "1.7.0.dev890",
        "1.7.0.dev891",
        "1.7.0.dev892",
        "1.7.0.dev893",
        "1.7.0.dev894",
        "1.7.0.dev895",
        "1.7.0.dev896",
        "1.7.0.dev897",
        "1.7.0.dev898",
        "1.7.0.dev899",
        "1.7.0.dev900",
        "1.7.0.dev901",
        "1.7.0.dev902",
        "1.7.0.dev903",
        "1.7.0.dev904",
        "1.7.0.dev905",
        "1.7.0.dev906",
        "1.7.0.dev907",
        "1.7.0.dev908",
        "1.7.0.dev909",
        "1.7.0.dev910",
        "1.7.0.dev911",
        "1.7.0.dev912",
        "1.7.0.dev913",
        "1.7.0.dev914",
        "1.7.1",
        "1.8.0",
        "1.8.0.dev915",
        "1.8.0.dev916",
        "1.8.0.dev917",
        "1.8.0.dev918",
        "1.8.0.dev919",
        "1.8.0.dev920",
        "1.8.0.dev921",
        "1.8.0.dev922",
        "1.8.0.dev923",
        "1.8.0.dev924",
        "1.8.0.dev925",
        "1.8.0.dev926",
        "1.8.0.dev927",
        "1.8.0.dev928",
        "1.8.0.dev929",
        "1.8.0.dev930",
        "1.8.0.dev931",
        "1.8.0.dev932",
        "1.8.0.dev933",
        "1.8.0.dev934",
        "1.8.0.dev935",
        "1.8.0.dev936",
        "1.8.0.dev937",
        "1.8.0.dev938",
        "1.8.0.dev939",
        "1.8.0.dev940",
        "1.8.0.dev941",
        "1.8.0.dev942",
        "1.8.0.dev943",
        "1.8.0.dev944",
        "1.8.0.dev945",
        "1.8.0.dev946",
        "1.8.0.dev947",
        "1.8.0.dev948",
        "1.8.0.dev951",
        "1.8.0.dev952",
        "1.8.0.dev953",
        "1.8.0.dev954",
        "1.8.0.dev955",
        "1.8.0.dev956",
        "1.8.0.dev957",
        "1.8.0.dev958",
        "1.8.0.dev959",
        "1.8.0.dev960",
        "1.8.0.dev961",
        "1.8.0.dev963",
        "1.8.0.dev964",
        "1.8.0.dev965",
        "1.8.0.dev966",
        "1.8.0.dev967",
        "1.8.0.dev968",
        "1.8.0.dev969",
        "1.8.0.dev970",
        "1.8.0.dev971",
        "1.8.0.dev972",
        "1.8.0.dev975",
        "1.8.0.dev977",
        "1.8.0.dev978",
        "1.8.0.dev979",
        "1.8.0.dev980",
        "1.8.0.dev981",
        "1.8.0.dev982",
        "1.8.0.dev983",
        "1.8.0.dev984",
        "1.8.0rc1",
        "1.8.0rc2",
        "1.8.1",
        "1.8.1rc1",
        "1.9.0",
        "1.9.0.dev1000",
        "1.9.0.dev1001",
        "1.9.0.dev1002",
        "1.9.0.dev1003",
        "1.9.0.dev1004",
        "1.9.0.dev1005",
        "1.9.0.dev1006",
        "1.9.0.dev1007",
        "1.9.0.dev1008",
        "1.9.0.dev1009",
        "1.9.0.dev1010",
        "1.9.0.dev1011",
        "1.9.0.dev1012",
        "1.9.0.dev1013",
        "1.9.0.dev1014",
        "1.9.0.dev1016",
        "1.9.0.dev1017",
        "1.9.0.dev1018",
        "1.9.0.dev1019",
        "1.9.0.dev1020",
        "1.9.0.dev1021",
        "1.9.0.dev1022",
        "1.9.0.dev1023",
        "1.9.0.dev1024",
        "1.9.0.dev1025",
        "1.9.0.dev1026",
        "1.9.0.dev1027",
        "1.9.0.dev1028",
        "1.9.0.dev1029",
        "1.9.0.dev1030",
        "1.9.0.dev1031",
        "1.9.0.dev1032",
        "1.9.0.dev1033",
        "1.9.0.dev1034",
        "1.9.0.dev1035",
        "1.9.0.dev1036",
        "1.9.0.dev1037",
        "1.9.0.dev1038",
        "1.9.0.dev1039",
        "1.9.0.dev985",
        "1.9.0.dev986",
        "1.9.0.dev987",
        "1.9.0.dev988",
        "1.9.0.dev989",
        "1.9.0.dev990",
        "1.9.0.dev991",
        "1.9.0.dev992",
        "1.9.0.dev993",
        "1.9.0.dev994",
        "1.9.0.dev995",
        "1.9.0.dev996",
        "1.9.0.dev997",
        "1.9.0.dev998",
        "1.9.0.dev999",
        "1.9.0rc1",
        "1.9.0rc2",
        "1.9.0rc3",
        "1.9.0rc4",
        "1.9.1",
        "1.9.1.dev1040",
        "1.9.1.dev1041",
        "1.9.1.dev1042",
        "1.9.1.dev1043",
        "1.9.1.dev1044",
        "1.9.1.dev1045",
        "1.9.1.dev1046",
        "1.9.1.dev1047",
        "1.9.1.dev1048",
        "1.9.1.dev1049",
        "1.9.1rc1",
        "1.9.2",
        "1.9.2.dev1050",
        "1.9.2.dev1051",
        "1.9.2.dev1052",
        "1.9.2.dev1053",
        "1.9.2.dev1054",
        "1.9.2.dev1055",
        "1.9.2.dev1056",
        "1.9.2.dev1057",
        "1.9.2.dev1058",
        "1.9.2.dev1059",
        "1.9.2.dev1060",
        "1.9.2.dev1061",
        "1.9.2.dev1062",
        "1.9.2.dev1063",
        "1.9.2.dev1064",
        "1.9.2.dev1065",
        "1.9.2.dev1066",
        "1.9.2.dev1067",
        "1.9.2.dev1068",
        "1.9.2.dev1069",
        "1.9.2rc1"
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31020",
    "GHSA-r6v9-p59m-gj2p"
  ],
  "details": "Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded.",
  "id": "PYSEC-2022-265",
  "modified": "2022-09-13T17:01:18.154930Z",
  "published": "2022-09-06T17:15:00Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5"
    }
  ]
}

GHSA-R6V9-P59M-GJ2P

Vulnerability from github – Published: 2022-09-02 21:55 – Updated: 2024-11-18 16:26

Summary

Indy's NODE_UPGRADE transaction vulnerable to remote code execution

Details

Impact

The pool-upgrade request handler in Indy-Node <=1.12.4 allows an improperly authenticated attacker to remotely execute code on nodes within the network.

Network operators are strongly encouraged to upgrade to the latest Indy-Node release >=1.12.5 as soon as possible.

Patches

The pool-upgrade request handler in Indy-Node >=1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution.

Mitigations

Network operators are strongly encouraged to upgrade to the latest Indy-Node release >=1.12.5 as soon as possible.

Acknowledgements

Thank you to @shakreiner at CyberArk Labs for finding and responsibly disclosing this issue.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.1 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "indy-node"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.12.5rc1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31020"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-09-02T21:55:20Z",
    "nvd_published_at": "2022-09-06T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nThe `pool-upgrade` request handler in Indy-Node `\u003c=1.12.4` allows an improperly authenticated attacker to remotely execute code on nodes within the network.\n\nNetwork operators are strongly encouraged to upgrade to the latest Indy-Node release `\u003e=1.12.5` as soon as possible.\n\n### Patches\n\nThe `pool-upgrade` request handler in Indy-Node `\u003e=1.12.5` has been updated to properly authenticate `pool-upgrade` transactions before any processing is performed by the request handler.  The transactions are further sanitized to prevent remote code execution.\n\n### Mitigations\n\nNetwork operators are strongly encouraged to upgrade to the latest Indy-Node release `\u003e=1.12.5` as soon as possible.\n\n### Acknowledgements\nThank you to @shakreiner at CyberArk Labs for finding and responsibly disclosing this issue.",
  "id": "GHSA-r6v9-p59m-gj2p",
  "modified": "2024-11-18T16:26:27Z",
  "published": "2022-09-02T21:55:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31020"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hyperledger/indy-node"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/indy-node/PYSEC-2022-265.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Indy\u0027s NODE_UPGRADE transaction vulnerable to remote code execution"
}

CVE-2022-31020 (GCVE-0-2022-31020)

Vulnerability from cvelistv5 – Published: 2022-09-06 16:30 – Updated: 2025-04-23 17:14

Summary

Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-287 - Improper Authentication
CWE-20 - Improper Input Validation

Assigner

GitHub_M

References

URL

Tags

	https://github.com/hyperledger/indy-node/security…	x_refsource_CONFIRM
	https://github.com/hyperledger/indy-node/commit/f…	x_refsource_MISC
	https://github.com/hyperledger/indy-node/releases…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	hyperledger	indy-node	Affected: <= 1.12.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T07:03:40.339Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-31020",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:49:58.564323Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T17:14:59.072Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "indy-node",
          "vendor": "hyperledger",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 1.12.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-06T16:30:19.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5"
        }
      ],
      "source": {
        "advisory": "GHSA-r6v9-p59m-gj2p",
        "discovery": "UNKNOWN"
      },
      "title": "Remote code execution in Indy\u0027s NODE_UPGRADE transaction",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-31020",
          "STATE": "PUBLIC",
          "TITLE": "Remote code execution in Indy\u0027s NODE_UPGRADE transaction"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "indy-node",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c= 1.12.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "hyperledger"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-287: Improper Authentication"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20: Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p",
              "refsource": "CONFIRM",
              "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p"
            },
            {
              "name": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5",
              "refsource": "MISC",
              "url": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5"
            },
            {
              "name": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5",
              "refsource": "MISC",
              "url": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-r6v9-p59m-gj2p",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-31020",
    "datePublished": "2022-09-06T16:30:19.000Z",
    "dateReserved": "2022-05-18T00:00:00.000Z",
    "dateUpdated": "2025-04-23T17:14:59.072Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

PYSEC-2022-265

GHSA-R6V9-P59M-GJ2P

Impact

Patches

Mitigations

Acknowledgements

CVE-2022-31020 (GCVE-0-2022-31020)

Tags

Sightings

Nomenclature