CVE-2021-4294

MEDIUM Year: 2021
CVSS v3 Score
5.9
Medium
Weakness Type
CWE-208
View all →

Vulnerability Description

A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987.

Related Vulnerabilities

CVE-2016-10535

MEDIUM
CVSS:5.9(Medium)

csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This enab...

CWE-2082016

CVE-2019-13420

MEDIUM
CVSS:5.9(Medium)

Search Guard versions before 21.0 had an timing side channel issue when using the internal user database.

CWE-2082019

CVE-2019-16782

MEDIUM
CVSS:5.9(Medium)

There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions...

CWE-2082019

CVE-2019-9494

MEDIUM
CVSS:5.9(Medium)

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain ...

CWE-2082019

CVE-2020-1926

MEDIUM
CVSS:5.9(Medium)

Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue ...

CWE-2082020

CVE-2022-39308

MEDIUM
CVSS:5.9(Medium)

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are ...

CWE-2082022