The package github.com/runatlantis/atlantis/server/controllers/events prior to 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. It can allow an malicious user to recover this secret as an attacker and then forge webhook events.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
runatlantis atlantis |