CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
AI Score
Confidence
Low
EPSS
Percentile
37.2%
github.com/cubefs/cubefs is vulnerability to Timing Attack. The vulnerability is due to raw string comparisons within the CubeFS master component. This allow an attacker to steal user passwords by observing the timing between password attempts.