You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events.
See doc/triage.md for instructions on how to triage this report.
module: std
package: Path is unknown
description: |+
The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events.
cves:
- CVE-2022-24912
credit: cedws
links:
commit: https://github.com/runatlantis/atlantis/commit/48870911974adddaa4c99c8089e79b7d787fa820
context:
- https://github.com/runatlantis/atlantis/issues/2391
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUNATLANTISATLANTISSERVERCONTROLLERSEVENTS-2950851
The text was updated successfully, but these errors were encountered:
CVE-2022-24912 references [Path is unknown](https://Path is unknown), which may be a Go module.
Description:
The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events.
Links:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: