Vulnerability Description
A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift Container Platform | 4.0 |
| Redhat | Openshift Osin | 1.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/openshift/osin/commit/8612686d6dda34ae9ef6b5a974e4b7accb4fea2Patch
- https://github.com/openshift/osin/pull/200Issue Tracking
- https://vuldb.com/?ctiid.216987Permissions Required
- https://vuldb.com/?id.216987Permissions Required
- https://github.com/openshift/osin/commit/8612686d6dda34ae9ef6b5a974e4b7accb4fea2Patch
- https://github.com/openshift/osin/pull/200Issue Tracking
- https://vuldb.com/?ctiid.216987Permissions Required
- https://vuldb.com/?id.216987Permissions Required
FAQ
What is CVE-2021-4294?
CVE-2021-4294 is a vulnerability with a CVSS score of 2.6 (LOW). A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to ob...
How severe is CVE-2021-4294?
CVE-2021-4294 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-4294?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openshift Container Platform, Redhat Openshift Osin.