Using the same random jitter for multiple rate limits allows an attacker to use one rate limiter to figure out the current jitter and then use this knowledge to de-randomize the other rate limiters.
This can be mitigated by using a separate randomized jitter for each rate limiter.
This issue was reported in Keyu Man et al.: SCAD: Towards a Universal and Automated Network Side-Channel Vulnerability Detection