CVE-2024-21670

Name of the Vulnerable Software and Affected Versions Ursa (affected versions not specified)

Description The revocation schema in Ursa's CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. This flaw allows a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being "not revoked" when in fact, the holder's credential has been revoked.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.