CVE-2023-46656

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

PT-2023-6546 · Jenkins · Jenkins Multibranch Scan Webhook Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Multibranch Scan Webhook Trigger Plugin versions 1.0.9 and earlier Description: The issue is related to information disclosure. It potentially allows a remote attacker to gain unauthorized access to protected information. The problem...