Lucene search
JenkinsCVELIST:CVE-2023-41935HistorySep 06, 2023 - 12:08 p.m.
CVE-2023-41935
2023-09-0612:08:55
jenkins
www.cve.org
1
jenkins
azure ad plugin
csrf
vulnerability
non-constant time comparison
Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce.
CNA Affected
[
{
"defaultStatus": "affected",
"product": "Jenkins Azure AD Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "397.v907382dd9b_98",
"versionType": "maven"
},
{
"lessThan": "378.*",
"status": "unaffected",
"version": "378.380.v545b_1154b_3fb_",
"versionType": "maven"
}
]
}
]Related
osv
osv
CVE-2023-41935
2023-09-06 13:15:10
nvd
nvd
CVE-2023-41935
2023-09-06 13:15:10
prion
prion
Cross site request forgery (csrf)
2023-09-06 13:15:00
alpinelinux
alpinelinux
CVE-2023-41935
2023-09-06 13:15:10
cve
cve
CVE-2023-41935
2023-09-06 13:15:10
github
github
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-09-06)
2023-09-07 00:00:00