CVE-2022-31021: Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and ...

Description

Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to meet the unlinkability guarantees of AnonCreds. The Ursa and AnonCreds CL-Signatures implementations always generate a sufficient private key. A malicious issuer could in theory create a custom CL Signature implementation (derived from the Ursa or AnonCreds CL-Signatures implementations) that uses weakened private keys such that presentations from holders could be shared by verifiers to the issuer who could determine the holder to which the credential was issued. This vulnerability could impact holders of AnonCreds credentials implemented using the CL-signature scheme in the Ursa and AnonCreds implementations of CL Signatures. The ursa project has has moved to end-of-life status and no fix is expected.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Probability

0.43%

34.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-829

Affected Software

Vendor	Product	Versions
Hyperledger	Ursa	< 0.3

References

https://github.com/hyperledger/ursa/security/advisories/GHSA-2q6j-gqc4-4gw3Vendor Advisory
https://www.brics.dk/RS/98/29/BRICS-RS-98-29.pdfExploit, Third Party Advisory
https://github.com/hyperledger/ursa/security/advisories/GHSA-2q6j-gqc4-4gw3Vendor Advisory
https://www.brics.dk/RS/98/29/BRICS-RS-98-29.pdfExploit, Third Party Advisory

Timeline

Published: Jan 16, 2024
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-31021?

Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to meet the unlinkability guarantees of AnonCreds. The Ursa and AnonCreds CL-Signatures implementations always generate a sufficient private key. A malicious issuer could in theory create a custom CL Signature implementation (derived from the Ursa or AnonCreds CL-Signatures implementations) that uses weakened private keys such that presentations from holders could be shared by verifiers to the issuer who could determine the holder to which the credential was issued. This vulnerability could impact holders of AnonCreds credentials implemented using the CL-signature scheme in the Ursa and AnonCreds implementations of CL Signatures. The ursa project has has moved to end-of-life status and no fix is expected.

How severe is CVE-2022-31021?

CVE-2022-31021 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.43% probability of exploitation in the next 30 days.

How do I fix CVE-2022-31021?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.