Description

The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead.

Remediation

References

https://lists.apache.org/thread.html/6e8f42c88da7be3c60aafe3f6a85eb00b4f8b444de26b38d36233a43%40%3Cusers.tapestry.apache.org%3E

https://lists.apache.org/thread.html/7a437dad5af7309aba4d01bfc2463b3ac34e6aafaa565381d3a36460%40%3Cusers.tapestry.apache.org%3E

https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c%40%3Cusers.tapestry.apache.org%3E

https://lists.apache.org/thread.html/r7d9c54beb1dc97dcccc58d9b5d31f0f7166f9a25ad1beba5f8091e0c%40%3Ccommits.tapestry.apache.org%3E

https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843%40%3Ccommits.tapestry.apache.org%3E

Related Vulnerabilities

CVE-2023-40343 Vulnerability in maven package io.jenkins.plugins:tuleap-oauth

CVE-2020-1926 Vulnerability in maven package org.apache.hive:hive-service

CVE-2022-3143 Vulnerability in maven package org.wildfly.security:wildfly-elytron-credential

CVE-2020-26939 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on

CVE-2020-26939 Vulnerability in maven package org.bouncycastle:bcprov-ext-jdk15to18

Severity

Critical

Classification

CWE-203 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H