Bug 2156871 (CVE-2021-4294)
| Summary: | CVE-2021-4294 osin: manipulation of the argument secret leads to observable timing discrepancy | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | dfreiber, jburrell, rogbas, sasakshi, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A vulnerability was found in OpenShift OSIN. This issue affects the ClientSecretMatches/CheckClientSecret function, where the manipulation of the argument secret leads to an observable timing discrepancy.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2156872 | ||
|
Description
Avinash Hanwate
2022-12-29 04:28:16 UTC
Hi Team, The customer is using openshift Version 4.10.20 and is affected by this vulnerability and wants to know when this will be fixed. Thanks Sakshi This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2023:5006 https://access.redhat.com/errata/RHSA-2023:5006 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:2047 https://access.redhat.com/errata/RHSA-2024:2047 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:2782 https://access.redhat.com/errata/RHSA-2024:2782 |