CVE-2022-24912

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:runatlantis:atlantis:*:*:*:*:*:*:*:*

Information

Published : 2022-07-29 03:15

Updated : 2022-08-08 10:40


NVD link : CVE-2022-24912

Mitre link : CVE-2022-24912


JSON object : View

CWE
CWE-203

Observable Discrepancy

Advertisement

dedicated server usa

Products Affected

runatlantis

  • atlantis