CVE-2024-22192

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 16, 2024

Updated: Jan 24, 2024

CWE ID 327

Summary

CVE-2024-22192 affects Ursa, a cryptographic library for blockchains. The library's CL-Signatures implementations include a flaw in the revocation scheme of Ursa's AnonCreds verifiable credential model. This vulnerability enables malicious verifiers to generate unique identifiers for holders presenting Non-Revocation proofs, potentially compromising privacy guarantees. Although Ursa has reached end-of-life status, no fix is expected.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Hyperledger

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uEUFea
https://www.cve.org/CVERecord?id=CVE-2024-22192
https://nvd.nist.gov/vuln/detail/CVE-2024-22192

Back to Vulnerability Database

CVE-2024-22192

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations