Lucene search
K

76 matches found

Prion
Prion
added 2023/10/25 6:17 p.m.23 views

Information disclosure

Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

5CVSS5.1AI score0.00569EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/25 1:45 p.m.16 views

CVE-2023-46660

Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

6.9AI score0.00462EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/10/25 1:45 p.m.23 views

CVE-2023-46660

Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

5.9AI score0.00462EPSS
Exploits0References2
CVE
CVE
added 2023/10/25 1:45 p.m.52 views

CVE-2023-46660

Summary: CVE-2023-46660 affects Jenkins Zanata Plugin prior to 0.7 (0.6 and earlier) and is due to a non-constant time comparison when verifying webhook token hashes. This vulnerable check could enable attackers to use statistical methods to obtain a valid webhook token, as stated in multiple sou...

5.3CVSS5.1AI score0.00462EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/10/25 1:45 p.m.72 views

CVE-2023-46657

The CVE concerns Jenkins Gogs Plugin

5.3CVSS5.1AI score0.00569EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/25 1:45 p.m.35 views

CVE-2023-46657

Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

5.9AI score0.00569EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/25 1:45 p.m.14 views

CVE-2023-46657

Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

6.9AI score0.00569EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.3 views

Jenkins Plugin MSTeams Webhook Trigger Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS6.6AI score0.00569EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.4 views

Jenkins Plugin Zanata Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS6.6AI score0.00462EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.6 views

PT-2023-30147 · Jenkins · Jenkins Zanata Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Zanata Plugin versions 0.6 and earlier Description: The issue is related to the use of a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal. This potentially allows...

5.3CVSS4.9AI score0.00462EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.4 views

Jenkins Plugin Gogs Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS6.6AI score0.00569EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.5 views

PT-2023-6545 · Jenkins · Jenkins Msteams Webhook Trigger Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins MSTeams Webhook Trigger Plugin versions 0.1.1 and earlier Description: The issue is related to information disclosure. It may allow a remote attacker to gain unauthorized access to protected information. The problem lies in the...

5.3CVSS5.1AI score0.00569EPSS
Exploits0References10
Veracode
Veracode
added 2023/08/06 7:57 p.m.16 views

Improper Access Control

gitlab is vulnerable to Improper Access Control. The vulnerability allows a project export leak the external webhook token value which allows a attacker to access to the projects...

5.3CVSS6.7AI score0.01245EPSS
Exploits0References4Affected Software1
FreeBSD
FreeBSD
added 2023/06/29 12:0 a.m.42 views

Gitlab -- Vulnerabilities

Gitlab reports: ReDoS via EpicReferenceFilter in any Markdown fields New commits to private projects visible in forks created while project was public New commits to private projects visible in forks created while project was public Maintainer can leak masked webhook secrets by manipulating URL...

7.5CVSS7.1AI score0.00905EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2022/11/30 12:0 a.m.30 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: DAST API scanner exposes Authorization headers in vulnerabilities Group IP allow-list not fully respected by the Package Registry Deploy keys and tokens may bypass External Authorization service if it is enabled Repository import still allows to import 40 hexadecimal branches...

9.3CVSS0.5AI score0.01074EPSS
Exploits9References1
Github Security Blog
Github Security Blog
added 2022/10/19 7:0 p.m.37 views

Non-constant time webhook token comparison in Jenkins GitLab Plugin

GitLab Plugin 1.5.35 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. GitLab Plugin 1.5.36 uses a constant-time comparison...

5.3CVSS5.5AI score0.00655EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/10/19 4:15 p.m.24 views

Code injection

Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

5CVSS5AI score0.00655EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/10/19 12:0 a.m.95 views

CVE-2022-43411

CVE-2022-43411 affects Jenkins GitLab Plugin (versions ≤ 1.5.35). The webhook token check uses a non-constant-time comparison, enabling potential timing-based…statistical attacks to deduce a valid token. The issue is fixed in GitLab Plugin 1.5.36, which adopts a constant-time comparison. Other co...

5.3CVSS5AI score0.00655EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.8 views

Jenkins Plugin GitLab 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.3CVSS5.8AI score0.00655EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.10 views

CVE-2022-43411

Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

6.8AI score0.00655EPSS
Exploits0References2
Rows per page
Query Builder