SCA: security update for github.com/codenotary/immudb (GHSA-672p-m5jq-mrh8)

medium Tenable Self-Hosted Container Security Plugin ID 411259

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- immudb is a database with built-in cryptographic proof and verification. In versions prior to 1.4.1, a
malicious immudb server can provide a falsified proof that will be accepted by the client SDK signing a
falsified transaction replacing the genuine one. This situation can not be triggered by a genuine immudb
server and requires the client to perform a specific list of verified operations resulting in acceptance
of an invalid state value. This vulnerability only affects immudb client SDKs, the immudb server itself is
not affected by this vulnerability. This issue has been patched in version 1.4.1. (CVE-2022-36111)

See Also

https://github.com/advisories/GHSA-672p-m5jq-mrh8

Plugin Details

Severity: Medium

ID: 411259

Version: Revision 1.6

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.2

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2022-36111

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.8

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/21/2022

Vulnerability Publication Date: 11/21/2022

Reference Information

CVE: CVE-2022-36111

cwe: CWE-345