7.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-3143

GHSA ID

GHSA-jmj6-p2j9-68cp

EPSS Score

0.39392%

CWE

CWE-203

Published

1/13/2023

Updated

1/25/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-3143

CVE-2022-3143: Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator

wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.

(GitHub Advisory)

7.4

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-3143

GHSA ID

GHSA-jmj6-p2j9-68cp

EPSS Score

0.39392%

CWE

CWE-203

Published

1/13/2023

Updated

1/25/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.wildfly.security:wildfly-elytron	maven	< 1.15.15.Final	1.15.15.Final
org.wildfly.security:wildfly-elytron	maven	>= 1.16.0.CR1, < 1.20.3.Final	1.20.3.Final

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

wil**ly-*lytron: possi*l* timin* *tt**ks vi* us* o* uns*** *omp*r*tor. * *l*w w*s *oun* in Wil**ly-*lytron. Wil**ly-*lytron us*s `j*v*.util.*rr*ys.*qu*ls` in s*v*r*l pl***s, w*i** is uns*** *n* vuln*r**l* to timin* *tt**ks. To *omp*r* v*lu*s s**ur*ly

Reasoning

No *n*lysis *v*il**l*

7.4

Basic Information

Concerned about an active attack path?

CVE-2022-3143: Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator

7.4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI