2 matches found
jenkins: REST APIs vulnerable to clickjacking
REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earlier were vulnerable to clickjacking attacks...
jenkins: Non-constant time comparison of inbound TCP agent connection secret
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret...