vulnerability
Red Hat JBoss EAP: CVE-2022-3143: Observable Discrepancy
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:H/Au:N/C:C/I:C/A:N) | Sep 6, 2022 | Sep 19, 2024 | Jul 2, 2025 |
Severity
7
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:N)
Published
Sep 6, 2022
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-203
- CVE-2022-3143
- https://attackerkb.com/topics/CVE-2022-3143
- URL-https://access.redhat.com/security/cve/CVE-2022-3143
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2124682
- URL-https://access.redhat.com/errata/RHSA-2023:0552
- URL-https://access.redhat.com/errata/RHSA-2023:0553
- URL-https://access.redhat.com/errata/RHSA-2023:0554
- URL-https://access.redhat.com/errata/RHSA-2023:0556
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.