vulnerability
Red Hat JBoss EAP: CVE-2022-3143: Observable Discrepancy
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:N) | Sep 6, 2022 | Sep 19, 2024 | Mar 25, 2026 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:N)
Published
Sep 6, 2022
Added
Sep 19, 2024
Modified
Mar 25, 2026
Description
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-203
- CVE-2022-3143
- https://attackerkb.com/topics/CVE-2022-3143
- https://access.redhat.com/security/cve/CVE-2022-3143
- https://bugzilla.redhat.com/show_bug.cgi?id=2124682
- https://access.redhat.com/errata/RHSA-2023:0552
- https://access.redhat.com/errata/RHSA-2023:0553
- https://access.redhat.com/errata/RHSA-2023:0554
- https://access.redhat.com/errata/RHSA-2023:0556
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-0497
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.