Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-4294

A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987.

Published

2022-12-28T17:15:09.067

Last Modified

2024-11-21T06:37:20.517

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 2.6 (LOW)

Weaknesses

Type: Secondary
CWE-208
Type: Primary
CWE-203

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	openshift_container_platform	4.0	Yes
Application	redhat	openshift_osin	1.0.0	Yes
Application	redhat	openshift_osin	1.0.1	Yes

References

https://github.com/openshift/osin/commit/8612686d6dda34ae9ef6b5a974e4b7accb4fea29 Patch ([email protected])
https://github.com/openshift/osin/pull/200 Issue Tracking ([email protected])
https://vuldb.com/?ctiid.216987 Permissions Required ([email protected])
https://vuldb.com/?id.216987 Permissions Required ([email protected])
https://github.com/openshift/osin/commit/8612686d6dda34ae9ef6b5a974e4b7accb4fea29 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/openshift/osin/pull/200 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://vuldb.com/?ctiid.216987 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://vuldb.com/?id.216987 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)