A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987.
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openshift_container_platform | Redhat | 4.0 (including) | 4.0 (including) |
| Openshift_osin | Redhat | 1.0.0 (including) | 1.0.0 (including) |
| Openshift_osin | Redhat | 1.0.1 (including) | 1.0.1 (including) |
| Red Hat OpenShift Container Platform 4.12 | RedHat | openshift4/ose-oauth-server-rhel8:v4.12.0-202405091536.p0.g0c434f4.assembly.stream.el8 | * |
| Red Hat OpenShift Container Platform 4.13 | RedHat | openshift4/ose-oauth-server-rhel8:v4.13.0-202404200313.p0.geb54be2.assembly.stream.el8 | * |
| Red Hat OpenShift Container Platform 4.14 | RedHat | openshift4/ose-oauth-server-rhel8:v4.14.0-202310201027.p0.g37df9ff.assembly.stream | * |