2 matches found
CVE-2022-24912 Timing Attack
The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an...
OpenSSL: out-of-bounds read in X509_cmp_time
An out-of-bounds read flaw was found in the X509cmptime function of OpenSSL, which is used to test the expiry dates of SSL/TLS certificates. An attacker could possibly use a specially crafted SSL/TLS certificate or CRL Certificate Revocation List, which when parsed by an application would cause...