Approved changes feed: RSS · Atom

cpe:2.3:a:hyperledger:ursa:0.1.0:*:*:*:*:rust:*:*

part: a version: 0.1.0 update: *

VendorHyperledger (619acd7a-fe8a-59d2-9a70-2faf1d5c7fe4)
ProductUrsa (d3c37b04-6a21-5fa7-958a-fb8c001a2f56)
Edition*
Language*
Software edition*
Target softwarerust
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:cargo/ursa purl2cpe 2026-06-01 10:12:18.553554
pkg:github/hyperledger-archives/ursa purl2cpe 2026-06-01 10:12:18.553557

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-22192 vulnerable 2026-06-08 06:29:34.068653 Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
MEDIUM (6.5)
Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a verifiable presentation that includes a Non-Revocation proof. The impact of the flaw is that a malicious verifier may be able to determine a unique identifier for a holder presenting a Non-Revocation proof. Ursa has moved to end-of-life status and no fix is expected.
Published: 2024-01-16T21:44:53.121Z
Updated: 2025-06-16T19:46:20.983Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-21670 vulnerable 2026-06-08 06:27:36.327262 CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
MEDIUM (6.5)
Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being "not revoked" when in fact, the holder's credential has been revoked. Ursa has moved to end-of-life status and no fix is expected.
Published: 2024-01-16T21:44:05.572Z
Updated: 2024-08-01T22:27:35.720Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.