3496 matches found
CVE-2023-46658
Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
Information disclosure
Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
Code injection
Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
Code injection
Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46660
Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46660
Summary: CVE-2023-46660 affects Jenkins Zanata Plugin prior to 0.7 (0.6 and earlier) and is due to a non-constant time comparison when verifying webhook token hashes. This vulnerable check could enable attackers to use statistical methods to obtain a valid webhook token, as stated in multiple sou...
CVE-2023-46660
Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46658
Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46658
Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46658
CVE-2023-46658 affects Jenkins MSTeams Webhook Trigger Plugin (versions 0.1.1 and earlier). The root cause is a non-constant time comparison when verifying the webhook token, which could enable attackers to use statistical methods to deduce a valid token. Public references (GHSA/NVD) describe the...
CVE-2023-46657
Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46657
The CVE concerns Jenkins Gogs Plugin
CVE-2023-46657
Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46656
CVE-2023-46656 affects Jenkins Multibranch Scan Webhook Trigger Plugin versions 1.0.9 and earlier. The root cause is a non-constant time comparison when verifying the webhook token, which can enable attackers to use statistical methods to determine a valid token. Public references (including Red ...
CVE-2023-46656
Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46656
Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
PT-2023-30147 · Jenkins · Jenkins Zanata Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Zanata Plugin versions 0.6 and earlier Description: The issue is related to the use of a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal. This potentially allows...
Jenkins Plugin Gogs Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugin Zanata Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Plugin MSTeams Webhook Trigger Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...