CVE-2021-4294
published 2022-12-28CVE-2021-4294: A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The…
medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | openshift_osin | >= 0 < 1.0.2-0.20210113124101-8612686d6dda | 1.0.2-0.20210113124101-8612686d6dda |
| openshift | osin | — | — |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_osin | — | — |
| redhat | openshift_osin | — | — |