Answering the question what is broken, with focus on cryptographic aspects:
"Green Pass" title implies yes/no decision, while the application actually scans the name, birthday, and vaccination info from QR-code, and prints it in cleartext. To achieve the goal, it requires infrastructure like publicly accessible database with medical information, and manual ID check.
No attempt is suggested in the technical description to use any well-known cryptographic tool for data privacy. Even worse, signatures require all the signed data to be available in the cleartext. Declaring signatures short-lived with X.509 attributes is not the solution to privacy. To be constructive, please let me remind zero-knowledge proofs were considered for democratic voting since late 80s.
According to "Interoperability of health certificates Trust framework V.1.0 2021-03-12" section "7 Verification protocol", scanner verifies signature and prints the the signed data (offline part):
Once this digital signature has been verified, the verification
software can decode the information in the 2D barcode and rely on its
content.
UVCI part of the certificate is the searching key into a database expected later (function creep):
Online verification will rely on the UVCI and it will be incorporated
in the next version of the specifications (V2).
EU Commission was asked on zero knowledge applicability:
Parliamentary questions, 13 April 2021, Pier Nicola Pedicini
(Verts/ALE)
...
Is the Commission considering:
- using ZKP for the Digital Green Certificate;
...
Brian Behlendorf (Linux Foundation) did say at the "Vaccine Passports: A public health solution or ethical & legal minefield?":
There’s been recent advancements in cryptography and mathematics that
are much better aligned with this idea of being able to prove a thing
without having to show a lot of information about that thing. .. That
same kind of zero-knowledge system and zero-knowledge proof needs to
be something that we standardize across the system.
Update: cryptographic aspects of the recent data leak may include reasoning like untraceability of copying signed data that was sent out for verification at least twice, and precise meaning of "unavailable" of that signed data.