Observable Discrepancy

CVE-2022-3907

High

7.5/10

Summary

The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-203 - Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References

Advisory Timeline

Published Dec 05, 2022

Observable Discrepancy

CVE-2022-3907

Summary

CWE-203 - Observable Discrepancy

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS