gsd-2021-4294
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2021-4294", "id": "GSD-2021-4294" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2021-4294" ], "details": "A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987.", "id": "GSD-2021-4294", "modified": "2023-12-13T01:23:11.702774Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2021-4294", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "OSIN", "version": { "version_data": [ { "version_affected": "=", "version_value": "n/a" } ] } } ] }, "vendor_name": "OpenShift" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987." }, { "lang": "deu", "value": "Es wurde eine Schwachstelle in OpenShift OSIN ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion ClientSecretMatches/CheckClientSecret. Dank Manipulation des Arguments secret mit unbekannten Daten kann eine observable timing discrepancy-Schwachstelle ausgenutzt werden. Der Patch wird als 8612686d6dda34ae9ef6b5a974e4b7accb4fea29 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen." } ] }, "impact": { "cvss": [ { "baseScore": 2.6, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, { "baseScore": 2.6, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-208", "lang": "eng", "value": "CWE-208 Observable Timing Discrepancy" } ] } ] }, "references": { "reference_data": [ { "name": "https://vuldb.com/?id.216987", "refsource": "MISC", "url": "https://vuldb.com/?id.216987" }, { "name": "https://vuldb.com/?ctiid.216987", "refsource": "MISC", "url": "https://vuldb.com/?ctiid.216987" }, { "name": "https://github.com/openshift/osin/pull/200", "refsource": "MISC", "url": "https://github.com/openshift/osin/pull/200" }, { "name": "https://github.com/openshift/osin/commit/8612686d6dda34ae9ef6b5a974e4b7accb4fea29", "refsource": "MISC", "url": "https://github.com/openshift/osin/commit/8612686d6dda34ae9ef6b5a974e4b7accb4fea29" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "\u003c=v1.0.1", "affected_versions": "All versions up to 1.0.1", "cvss_v3": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "cwe_ids": [ "CWE-1035", "CWE-203", "CWE-937" ], "date": "2023-01-09", "description": "A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987.", "fixed_versions": [], "identifier": "CVE-2021-4294", "identifiers": [ "GHSA-m7qp-cj9p-gj85", "CVE-2021-4294" ], "not_impacted": "", "package_slug": "go/github.com/openshift/osin", "pubdate": "2022-12-28", "solution": "Unfortunately, there is no solution available yet.", "title": "Observable Discrepancy", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2021-4294", "https://github.com/openshift/osin/pull/200", "https://github.com/openshift/osin/commit/8612686d6dda34ae9ef6b5a974e4b7accb4fea29", "https://vuldb.com/?ctiid.216987", "https://vuldb.com/?id.216987", "https://github.com/advisories/GHSA-m7qp-cj9p-gj85" ], "uuid": "67d31245-dc34-419d-82a0-9b99f29ebffe", "versions": [ { "commit": { "sha": "0f3357bb07e801ea62327872d19913969001dd7a", "tags": [ "v1.0.1" ], "timestamp": "20180718112322" }, "number": "v1.0.1" } ] } ] }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openshift_osin:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E014C6CF-3910-416E-812E-F987273190C0", "vulnerable": true }, { "criteria": "cpe:2.3:a:redhat:openshift_osin:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7C147329-7FD3-4F9E-AC5E-AA70CB45AEFD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987." }, { "lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en OpenShift OSIN. Ha sido clasificada como problem\u00e1tica. Esto afecta a la funci\u00f3n ClientSecretMatches/CheckClientSecret. La manipulaci\u00f3n del secreto argumental conduce a una discrepancia temporal observable. El nombre del parche es 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-216987." } ], "id": "CVE-2021-4294", "lastModified": "2024-04-11T01:13:40.763", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary" } ] }, "published": "2022-12-28T17:15:09.067", "references": [ { "source": "cna@vuldb.com", "tags": [ "Patch" ], "url": "https://github.com/openshift/osin/commit/8612686d6dda34ae9ef6b5a974e4b7accb4fea29" }, { "source": "cna@vuldb.com", "tags": [ "Issue Tracking" ], "url": "https://github.com/openshift/osin/pull/200" }, { "source": "cna@vuldb.com", "tags": [ "Permissions Required" ], "url": "https://vuldb.com/?ctiid.216987" }, { "source": "cna@vuldb.com", "tags": [ "Permissions Required" ], "url": "https://vuldb.com/?id.216987" } ], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-203" } ], "source": "nvd@nist.gov", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-208" } ], "source": "cna@vuldb.com", "type": "Secondary" } ] } } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.