CVE-2022-24912
Description
The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an attacker to recover this secret as an attacker and then forge webhook events.
References
ExploitIssue TrackingPatchThird Party Advisory
ExploitIssue TrackingThird Party Advisory
PatchThird Party Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
Could not find any metrics