3 matches found
CVE-2023-40343
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...
EUVD-2023-2218
Malicious code in bioql PyPI...
PT-2023-27401 · Jenkins · Jenkins Tuleap Authentication Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Tuleap Authentication Plugin versions 1.1.20 and earlier Description: The issue concerns a non-constant time comparison function used when validating an authentication token, allowing attackers to potentially use statistical methods t...