Lucene search
China National Vulnerability DatabaseCNVD-2022-86311HistoryNov 24, 2022 - 12:00 a.m.
immudb data forgery issue vulnerability
2022-11-2400:00:00
China National Vulnerability Database
www.cnvd.org.cn
6
immudb
data forgery
vulnerability
cryptographic proof
authentication
uuid
client sdk
modified
0.001 Low
EPSS
Percentile
26.9%
Immudb is a database with built-in cryptographic proof and authentication. codenotary immudb versions prior to 1.4.1 are vulnerable to a data forgery issue, which stems from the fact that the client SDK does not validate the UUID and can accept any value reported by the server, and an attacker can use the vulnerability to trick the client into treating the modified UUID as a different server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| codenotary immudb | lt | 1.4.1 |
Related
prion
prion
Design/Logic Flaw
2022-11-22 20:15:00
cve
cve
CVE-2022-39199
2022-11-22 20:15:11
cvelist
cvelist
CVE-2022-39199 Lack of proper validation in immudb
2022-11-22 00:00:00
veracode
veracode
Improper Authorization
2022-11-24 13:42:59
Improper Access Control
2022-11-24 04:12:02
github
github
osv
osv
CVE-2022-39199
2022-11-22 20:15:11
Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs
2022-11-21 20:38:51
Improper validation of UUIDs in github.com/codenotary/immudb
2022-12-22 20:40:16
nvd
nvd
CVE-2022-39199
2022-11-22 20:15:11