Security Advisory

CVE-2022-24912

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-07-29 10:00:15

Last updated 2024-09-17 02:53:19

Assigner snyk

State PUBLISHED

Description

The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events.

← Browse all CVEs View on cve.org ↗