3 matches found
CVE-2024-22192 Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a...
CVE-2024-22192
CVE-2024-22192 concerns Hyperledger Ursa CL-Signatures revocation: the revocation scheme may allow a malicious verifier to derive a unique identifier for a holder when a Non-Revocation proof is presented. The flaw affects Ursa CL-Signatures implementations across the chain, with Ursa reported to ...
aries-askar (=0.1.2), indy-credx (>=0.2.0 <=0.3.1) +5 more potentially affected by CVE-2024-22192 via ursa (>=0.3.6 <=0.3.7)
ursa CARGO version =0.3.6, =0.2.0, =0.5.0, =0.3.1, =0.1.0, =0.1.0, =0.0.6, =0.0.8 Source cves: CVE-2024-22192 Source advisory: OSV:GHSA-6698-MHXX-R84G...