5.9

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-4294

GHSA ID

GHSA-m7qp-cj9p-gj85

EPSS Score

0.32387%

CWE

CWE-203

Published

12/28/2022

Updated

3/1/2024

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-4294

CVE-2021-4294: OpenShift OSIN vulnerable to Observable Timing Discrepancy

A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987.

(GitHub Advisory)

5.9

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-4294

GHSA ID

GHSA-m7qp-cj9p-gj85

EPSS Score

0.32387%

CWE

CWE-203

Published

12/28/2022

Updated

3/1/2024

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/openshift/osin	go	< 1.0.2-0.20210113124101-8612686d6dda	1.0.2-0.20210113124101-8612686d6dda

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from using insecure string comparisons in authentication checks. Both functions originally used direct equality checks (==) which have variable execution times depending on input matches. The patch replaced these with crypto/subtle.ConstantTimeCompare to ensure constant-time comparisons. The commit diff clearly shows these functions were modified to address timing vulnerabilities, and the CWE-208 classification directly matches this type of weakness.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility w*s *oun* in Op*nS*i*t OSIN. It **s ***n *l*ssi*i** *s pro*l*m*ti*. T*is *****ts t** *un*tion `*li*ntS**r*tM*t***s/****k*li*ntS**r*t`. T** m*nipul*tion o* t** *r*um*nt s**r*t l***s to o*s*rv**l* timin* *is*r*p*n*y. T** n*m* o* t** p*t

Reasoning

T** vuln*r**ility st*ms *rom usin* ins**ur* strin* *omp*risons in *ut**nti**tion ****ks. *ot* *un*tions ori*in*lly us** *ir**t *qu*lity ****ks (==) w*i** **v* v*ri**l* *x**ution tim*s **p*n*in* on input m*t***s. T** p*t** r*pl**** t**s* wit* *rypto/s

5.9

Basic Information

Concerned about an active attack path?

CVE-2021-4294: OpenShift OSIN vulnerable to Observable Timing Discrepancy

5.9

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI