How severe is CVE-2022-31021?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2022-31021?

This is classified as CWE-829, which is a common weakness in software security.

CVE-2022-31021 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to meet the unlinkability guarantees of AnonCreds. The Ursa and AnonCreds CL-Signatures implementations always generate a sufficient private key. A malicious issuer could in theory create a custom CL Signature implementation (derived from the Ursa or AnonCreds CL-Signatures implementations) that uses weakened private keys such that presentations from holders could be shared by verifiers to the issuer who could determine the holder to which the credential was issued. This vulnerability could impact holders of AnonCreds credentials implemented using the CL-signature scheme in the Ursa and AnonCreds implementations of CL Signatures. The ursa project has has moved to end-of-life status and no fix is expected.

Related Vulnerabilities

CVE-2019-16951

MEDIUM

CVSS:5.3(Medium)

A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST ...

CWE-8292019

CVE-2021-29777

MEDIUM

CVSS:5.3(Medium)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could a...

CWE-8292021

CVE-2022-24329

MEDIUM

CVSS:5.3(Medium)

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.

CWE-8292022

CVE-2022-24824

MEDIUM

CVSS:5.3(Medium)

Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler...

CWE-8292022

CVE-2021-20843

MEDIUM

CVSS:5.4(Medium)

Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier all...

CWE-8292021

CVE-2020-13977

MEDIUM

CVSS:4.9(Medium)

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of th...

CWE-8292020