Vulnerabilities > CVE-2021-4294 - Information Exposure Through Discrepancy vulnerability in Redhat Openshift Container Platform and Openshift Osin

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

redhat

CWE-203

NVD

Published: 2022-12-28

Updated: 2024-04-11

Summary

A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Openshift Container Platform 4.0 Redhat Openshift Osin 1.0.1 Redhat Openshift Osin 1.0.0	3

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References