blob: 2edc572c1c2fee844098cb4fddf3daa978d40306 [file] [log] [blame]
id: GO-2022-1201
modules:
- module: github.com/openshift/osin
versions:
- fixed: 1.0.2-0.20210113124101-8612686d6dda
vulnerable_at: 1.0.1
packages:
- package: github.com/openshift/osin
symbols:
- DefaultClient.ClientSecretMatches
- CheckClientSecret
derived_symbols:
- Server.HandleAccessRequest
- Server.HandleAuthorizeRequest
summary: Timing attack in github.com/openshift/osin
description: |-
Client secret checks are vulnerable to timing attacks, which could permit an
attacker to determine client secrets.
cves:
- CVE-2021-4294
ghsas:
- GHSA-m7qp-cj9p-gj85
references:
- fix: https://github.com/openshift/osin/pull/200
- fix: https://github.com/openshift/osin/commit/8612686d6dda34ae9ef6b5a974e4b7accb4fea29
review_status: REVIEWED