matrix-server-isenguard (=0.1.1), matrix-synapse-testutils (>=1.65.0.0 <=1.84.1.0) +7 more potentially affected by CVE-2023-32683 via matrix-synapse (>=0.33.9 <=1.84.1)

matrix-synapse PYPI version =0.33.9, =1.65.0.0, =0.1.2, =0.100.2, =0.1.0, =0.1.0, =0.8.0, =0.8.4 Source cves: CVE-2023-32683 Source advisory: OSV:GHSA-98PX-6486-J7QC...

Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin

Generic Webhook Trigger Plugin 1.84.1 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. Generic Webhook Trigger Plugin 1.84...

PT-2022-26897 · Jenkins · Jenkins Generic Webhook Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Generic Webhook Trigger Plugin versions 1.84.1 and earlier Description: The issue concerns a non-constant time comparison function used when checking the equality of provided and expected webhook tokens. This potentially allows...