github.com/runatlantis/atlantis is vulnerable to information disclosure. The vulnerability exists in the ParseAndValidate
function in gitlab_request_parser_validator.go
because the webhook event is not properly validated with a constant time comparison which allows an attacker to recover the secret and gain access to webhook events.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/runatlantis/atlantis | le | v0.19.7-pre.20220713 | |
github.com/runatlantis/atlantis | le | v0.19.7-pre.20220713 |