{"id":"CVE-2022-3143","details":"wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user.","aliases":["GHSA-jmj6-p2j9-68cp"],"modified":"2026-04-10T04:47:53.723037Z","published":"2023-01-13T06:15:11.080Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2022-3143"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wildfly-security/wildfly-elytron","events":[{"introduced":"0"},{"last_affected":"be47dedc17c4bb8b7f4e8bdc7659196bc7c24745"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.15.15"}]}}],"versions":["1.0.0.Alpha1","1.0.0.Alpha2","1.0.0.Alpha3","1.1.0.Alpha1","1.1.0.Beta1","1.1.0.Beta10","1.1.0.Beta11","1.1.0.Beta12","1.1.0.Beta13","1.1.0.Beta14","1.1.0.Beta15","1.1.0.Beta16","1.1.0.Beta17","1.1.0.Beta18","1.1.0.Beta19","1.1.0.Beta2","1.1.0.Beta20","1.1.0.Beta21","1.1.0.Beta22","1.1.0.Beta23","1.1.0.Beta24","1.1.0.Beta25","1.1.0.Beta26","1.1.0.Beta27","1.1.0.Beta28","1.1.0.Beta29","1.1.0.Beta3","1.1.0.Beta30","1.1.0.Beta31","1.1.0.Beta32","1.1.0.Beta33","1.1.0.Beta34","1.1.0.Beta35","1.1.0.Beta36","1.1.0.Beta37","1.1.0.Beta38","1.1.0.Beta39","1.1.0.Beta4","1.1.0.Beta40","1.1.0.Beta41","1.1.0.Beta42","1.1.0.Beta43","1.1.0.Beta44","1.1.0.Beta45","1.1.0.Beta46","1.1.0.Beta47","1.1.0.Beta48","1.1.0.Beta49","1.1.0.Beta5","1.1.0.Beta50","1.1.0.Beta51","1.1.0.Beta53","1.1.0.Beta54","1.1.0.Beta55","1.1.0.Beta6","1.1.0.Beta7","1.1.0.Beta8","1.1.0.Beta9","1.1.0.CR1","1.1.0.CR2","1.1.0.CR3","1.10.0.CR1","1.10.0.CR2","1.10.0.CR3","1.10.0.CR4","1.10.0.CR5","1.10.0.CR6","1.10.0.Final","1.10.1.Final","1.10.2.Final","1.10.3.Final","1.11.0.CR1","1.11.0.CR2","1.11.0.CR3","1.11.0.CR4","1.11.0.CR5","1.11.0.Final","1.11.1.Final","1.11.2.Final","1.11.3.Final","1.11.4.Final","1.12.0.CR1","1.12.0.CR2","1.12.0.CR3","1.12.0.Final","1.12.1.Final","1.13.0.CR1","1.13.0.CR2","1.13.0.CR3","1.13.0.CR4","1.13.0.Final","1.13.1.Final","1.13.2.Final","1.14.0.Final","1.14.1.Final","1.14.2.Final","1.15.0.CR1","1.15.0.Final","1.15.1.Final","1.15.10.Final","1.15.11.Final","1.15.12.Final","1.15.13.Final","1.15.14.Final","1.15.15.Final","1.15.2.Final","1.15.3.Final","1.15.4.Final","1.15.5.Final","1.15.6.Final","1.15.7.Final","1.15.8.Final","1.15.9.Final","1.2.0.Beta1","1.2.0.Beta10","1.2.0.Beta11","1.2.0.Beta12","1.2.0.Beta2","1.2.0.Beta3","1.2.0.Beta4","1.2.0.Beta5","1.2.0.Beta6","1.2.0.Beta7","1.2.0.Beta8","1.2.0.Beta9","1.2.0.Final","1.3.0.Final","1.4.0.Final","1.5.0.Final","1.5.1.Final","1.5.2.Final","1.5.3.Final","1.5.4.Final","1.5.5.Final","1.6.0.Final","1.7.0.CR1","1.7.0.CR2","1.7.0.CR3","1.7.0.Final","1.9.0.CR3","1.9.0.CR4","1.9.0.CR5","1.9.0.Final","1.9.1.Final"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3143.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}