5.9

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2021-4294

GHSA ID

GHSA-m7qp-cj9p-gj85

EPSS Score

0.32387%

CWE

CWE-203

Published

12/28/2022

Updated

3/1/2024

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-4294

CVE-2021-4294: OpenShift OSIN vulnerable to Observable Timing Discrepancy

A vulnerability was found in OpenShift OSIN. It has been classified as problematic. This affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads to observable timing discrepancy. The name of the patch is 8612686d6dda34ae9ef6b5a974e4b7accb4fea29. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216987.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2021-4294

CVE-2021-4294:

5.9

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2021-4294

GHSA ID

GHSA-m7qp-cj9p-gj85

EPSS Score

0.32387%

CWE

CWE-203

Published

12/28/2022

Updated

3/1/2024

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/openshift/osin	go	< 1.0.2-0.20210113124101-8612686d6dda	1.0.2-0.20210113124101-8612686d6dda

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from using insecure string comparisons in authentication checks. Both functions originally used direct equality checks (==) which have variable execution times depending on input matches. The patch replaced these with crypto/subtle.ConstantTimeCompare to ensure constant-time comparisons. The commit diff clearly shows these functions were modified to address timing vulnerabilities, and the CWE-208 classification directly matches this type of weakness.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.9

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2021-4294: OpenShift OSIN vulnerable to Observable Timing Discrepancy

CVE-2021-4294:

5.9

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

5.9

5.9

CVE-2021-4294: OpenShift OSIN vulnerable to Observable Timing Discrepancy

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI