A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987. https://vuldb.com/?id.216987 https://github.com/openshift/osin/commit/8612686d6dda34ae9ef6b5a974e4b7accb4fea29 https://github.com/openshift/osin/pull/200 https://vuldb.com/?ctiid.216987
Hi Team, The customer is using openshift Version 4.10.20 and is affected by this vulnerability and wants to know when this will be fixed. Thanks Sakshi
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2023:5006 https://access.redhat.com/errata/RHSA-2023:5006
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:2047 https://access.redhat.com/errata/RHSA-2024:2047
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:2782 https://access.redhat.com/errata/RHSA-2024:2782