{
  "id": "CVE-2022-36111",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2022-11-23T18:15:11.787",
  "lastModified": "2024-11-21T07:12:24.857",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "immudb is a database with built-in cryptographic proof and verification. In versions prior to 1.4.1, a malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb server and requires the client to perform a specific list of verified operations resulting in acceptance of an invalid state value. This vulnerability only affects immudb client SDKs, the immudb server itself is not affected by this vulnerability. This issue has been patched in version 1.4.1."
    },
    {
      "lang": "es",
      "value": "immudb es una base de datos con prueba y verificaci\u00f3n criptogr\u00e1fica incorporada. En versiones anteriores a la 1.4.1, un servidor immudb malicioso puede proporcionar una prueba falsificada que ser\u00e1 aceptada por el SDK del cliente al firmar una transacci\u00f3n falsificada que reemplaza la genuina. Esta situaci\u00f3n no puede ser provocada por un servidor immudb genuino y requiere que el cliente realice una lista espec\u00edfica de operaciones verificadas que resultan en la aceptaci\u00f3n de un valor de estado no v\u00e1lido. Esta vulnerabilidad solo afecta a los SDK del cliente immudb; el servidor immudb en s\u00ed no se ve afectado por esta vulnerabilidad. Este problema se solucion\u00f3 en la versi\u00f3n 1.4.1."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 4.0
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:codenotary:immudb:*:*:*:*:*:*:*:*",
              "versionEndExcluding": "1.4.1",
              "matchCriteriaId": "0EA9B368-DD84-4E51-ABFB-7FDEF2E9807E"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/codenotary/immudb/releases/tag/v1.4.1",
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/codenotary/immudb/security/advisories/GHSA-672p-m5jq-mrh8",
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/codenotary/immudb/tree/master/docs/security/vulnerabilities/linear-fake",
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://pkg.go.dev/github.com/codenotary/immudb/pkg/client",
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/codenotary/immudb/releases/tag/v1.4.1",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/codenotary/immudb/security/advisories/GHSA-672p-m5jq-mrh8",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/codenotary/immudb/tree/master/docs/security/vulnerabilities/linear-fake",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://pkg.go.dev/github.com/codenotary/immudb/pkg/client",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
}