CVE-2018-8023: Information Exposure

September 21, 2018 (updated December 20, 2018)

Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos, the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timing attack.

References

nvd.nist.gov/vuln/detail/CVE-2018-8023

Detect and mitigate CVE-2018-8023 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →