Lucene search
K

3243 matches found

Prion
Prion
added 2022/10/14 7:15 p.m.16 views

Design/Logic Flaw

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 inclusive are subject to a timing attack in validation of access tokens due to use of regular string comparison f...

2.6CVSS5.5AI score0.00622EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2022/10/14 12:0 a.m.67 views

CVE-2022-39308

GoCD versions 19.2.0–19.10.0 are vulnerable to a timing-attack in access token validation due to non–constant-time string comparison, potentially enabling brute-forcing of API tokens. The issue is fixed in GoCD 19.11.0. Workarounds include rate limiting or introducing random delays at the GoCD se...

6.5CVSS5.8AI score0.00622EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/14 12:0 a.m.8 views

CVE-2022-39308 GoCD API authentication of user access tokens subject to timing attack during comparison

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 inclusive are subject to a timing attack in validation of access tokens due to use of regular string comparison f...

6.5CVSS6.2AI score0.00622EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/10/14 12:0 a.m.36 views

CVE-2022-39308 GoCD API authentication of user access tokens subject to timing attack during comparison

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 inclusive are subject to a timing attack in validation of access tokens due to use of regular string comparison f...

6.5CVSS6.4AI score0.00622EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/10/14 12:0 a.m.5 views

PT-2022-24889 · Gocd · Gocd

Name of the Vulnerable Software and Affected Versions: GoCD versions 19.2.0 through 19.10.0 Description: The issue concerns a timing attack in the validation of access tokens due to the use of regular string comparison instead of a constant time algorithm. This could allow a brute force attack on...

6.5CVSS5.5AI score0.00622EPSS
Exploits0References7
OSV
OSV
added 2022/10/14 12:0 a.m.23 views

CVE-2022-39308 GoCD API authentication of user access tokens subject to timing attack during comparison

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 inclusive are subject to a timing attack in validation of access tokens due to use of regular string comparison f...

6.5CVSS5.7AI score0.00622EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2022/10/13 12:0 p.m.36 views

New Timing Attack Against NPM Registry API Could Expose Private Packages

A novel timing attack discovered against the npm's registry API can be exploited to potentially disclose private packages used by organizations, putting developers at risk of supply chain threats. "By creating a list of possible package names, threat actors can detect organizations' scoped privat...

0.5AI score
Exploits0
OSV
OSV
added 2022/10/10 9:15 p.m.2 views

CVE-2022-2891

The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared...

5.9CVSS5.8AI score0.00747EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 5:45 a.m.32 views

Security Bulletin: IBM Informix Cryptographic Library Updates (CVE-2012-2190, CVE-2012-2191, CVE-2012-2203)

Abstract Multiple security problems exist in the IBM GSKit libraries that IBM Informix and IBM Informix ClientSDK use to provide communications security and other cryptographic functionality. Content CVE ID: CVE-2012-2190 DESCRIPTION: GSKit allows remote attackers to cause a denial of service...

7.5CVSS7AI score0.0388EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.3 views

PT-2022-23195 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 7.6.58 ELTS TYPO3 versions prior to 8.7.48 ELTS TYPO3 versions prior to 9.5.37 ELTS TYPO3 versions prior to 10.4.32 TYPO3 versions prior to 11.5.16 Description: It has been discovered that observing response time durin...

5.3CVSS5.1AI score0.00977EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2022/09/09 7:12 a.m.2 views

Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS7AI score0.05773EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.9 views

Red Hat wildfly-elytron 安全漏洞

Red Hat wildfly-elytron is the United States Red Hat Red Hat a security framework. It is used to unify security across application servers. A security vulnerability exists in Red Hat wildfly-elytron, which stems from the possibility of timing attacks through the use of insecure comparators...

7.4CVSS6.6AI score0.00584EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.20 views

Ubuntu: Security Advisory (USN-4417-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.4CVSS6.9AI score0.00337EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.21 views

Ubuntu: Security Advisory (USN-4236-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS7.5AI score0.0051EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.31 views

Ubuntu: Security Advisory (USN-4397-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.4CVSS6.8AI score0.00651EPSS
Exploits0References2
OSV
OSV
added 2022/08/23 4:15 p.m.3 views

DEBIAN-CVE-2021-3714

A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a network...

5.9CVSS7AI score0.01095EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/08/19 12:0 a.m.1 views

PT-2022-22251 · Mealie · Mealie

Name of the Vulnerable Software and Affected Versions: Mealie version 1.0.0beta3 Description: The issue allows user enumeration via timing response discrepancy between users and non-users when an invalid password message is displayed during an authentication attempt. Recommendations: For Mealie...

6.3AI score
Exploits0References3
OSV
OSV
added 2022/08/11 8:54 p.m.27 views

GO-2022-0534 Timing attack in github.com/runatlantis/atlantis

Validation of Gitlab requests can leak secrets. The package github.com/runatlantis/atlantis/server/controllers/events uses a non-constant time comparison for secrets while validating a Gitlab request. This allows for a timing attack where an attacker can recover a secret and then forge the reques...

7.5CVSS7.3AI score0.00928EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/08/04 4:46 a.m.4 views

wildfly-elytron: possible timing attack in ScramServer

A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality...

5.3CVSS5.7AI score0.00846EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/08/02 12:0 a.m.19 views

AMD CPU Information Disclosure Vulnerability (AMD-SB-1038, Hertzbleed)

The AMD CPU on the remote host might be prone to an information disclosure vulnerability dubbed Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

6.5CVSS6.5AI score0.01037EPSS
Exploits0References5
Rows per page
Query Builder