Lucene search
K

3243 matches found

OSV
OSV
added 2022/07/30 12:0 a.m.13 views

GHSA-JXQV-JCVH-7GR4 Atlantis Events vulnerable to Timing Attack

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 is vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an...

7.5CVSS7.2AI score0.00928EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/07/30 12:0 a.m.26 views

Atlantis Events vulnerable to Timing Attack

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 is vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an...

7.5CVSS7.2AI score0.00928EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2022/07/29 10:15 a.m.11 views

CVE-2022-24912

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an...

7.5CVSS7.5AI score
Exploits0References3
NVD
NVD
added 2022/07/29 10:15 a.m.14 views

CVE-2022-24912

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an...

7.5CVSS0.00928EPSS
Exploits1References3
Prion
Prion
added 2022/07/29 10:15 a.m.15 views

Code injection

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an...

5CVSS7.4AI score0.00928EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/07/29 10:0 a.m.21 views

CVE-2022-24912 Timing Attack

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an...

7.5CVSS7.6AI score0.00928EPSS
Exploits1References3
CVE
CVE
added 2022/07/29 10:0 a.m.74 views

CVE-2022-24912

The vulnerability is in github.com/runatlantis/atlantis/server/controllers/events (pre-0.19.7) where webhook secret validation uses a non-constant-time comparison, enabling timing attacks to recover the secret and forge webhook events. This aligns with CVE-2022-24912 and related advisories. Impac...

7.5CVSS7.3AI score0.00928EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/07/29 10:0 a.m.4 views

CVE-2022-24912

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an...

7.5CVSS5.8AI score0.00928EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/07/29 12:0 a.m.2 views

PT-2022-16979 · Atlantis · Atlantis

Name of the Vulnerable Software and Affected Versions: github.com/runatlantis/atlantis/server/controllers/events versions prior to 0.19.7 Description: The issue is related to a timing attack in the webhook event validator code, which does not use a constant-time comparison function to validate th...

7.5CVSS7.3AI score0.00928EPSS
Exploits1References11
CNNVD
CNNVD
added 2022/07/29 12:0 a.m.3 views

Atlantis 安全漏洞

Atlantis is Atlantis open source a self-hosted golang application . It listens to Terraform pull request events via webhook. A security vulnerability exists in Atlantis versions prior to 0.19.7, which stems from a Timing Attack vulnerability in the package...

7.5CVSS7.2AI score0.00928EPSS
Exploits1References4
CVE
CVE
added 2022/07/27 2:21 p.m.154 views

CVE-2022-36885

CVE-2022-36885 affects Jenkins GitHub Plugin 1.34.4 and earlier. The vulnerability arises from a non-constant time comparison when verifying webhook signatures, enabling attackers to use statistical methods to forge a valid webhook signature. Impact is limited to systems using the vulnerable plug...

5.3CVSS5.3AI score0.00707EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2022/07/19 1:40 p.m.5 views

Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS7AI score0.05773EPSS
Exploits0References4
OSV
OSV
added 2022/07/15 7:14 p.m.17 views

GHSA-376V-XGJX-7MFR fastify-bearer-auth vulnerable to Timing Attack Vector

Impact fastify-bearer-auth does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750, the bearer token has only base64 valid characters, reducing the range of characters for a brute force attack...

7.5CVSS7.4AI score0.01156EPSS
Exploits0References7
Snyk
Snyk
added 2022/07/15 11:17 a.m.1 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events...

7.5CVSS7AI score0.00928EPSS
Exploits1References2
OSV
OSV
added 2022/07/14 10:15 p.m.0 views

CVE-2022-32425

The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time...

5.3CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/07/14 10:15 p.m.2 views

CVE-2022-32425

The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time...

5.3CVSS6.1AI score0.00497EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/07/14 6:55 p.m.17 views

CVE-2022-31142 Potential Timing Attack Vector in @fastify/bearer-auth

@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750,...

7.5CVSS7.6AI score0.01156EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/07/14 6:55 p.m.5 views

CVE-2022-31142 Potential Timing Attack Vector in @fastify/bearer-auth

@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750,...

7.5CVSS6.7AI score0.01156EPSS
Exploits0References5
OSV
OSV
added 2022/07/14 6:55 p.m.24 views

CVE-2022-31142 Potential Timing Attack Vector in @fastify/bearer-auth

@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use crypto.timingSafeEqual. A malicious attacker could estimate the length of one valid bearer token. According to the corresponding RFC 6750,...

7.5CVSS7.4AI score0.01156EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/07/14 12:0 a.m.4 views

Mealie 安全漏洞

Mealie is a self-hosted recipe manager and meal planner by an individual developer in Hayden, USA. A security vulnerability exists in Mealie v1.0.0beta-2, which stems from a login feature that allows an attacker to enumerate existing usernames by timing the server's response time...

5.3CVSS5.8AI score0.00497EPSS
Exploits0References2
Rows per page
Query Builder