Lucene search
+L

10 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-2693

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.00462EPSS
Exploits0References4
osv
osv
added 2023/10/25 6:32 p.m.37 views

GHSA-86J9-25M2-9W97 Non-constant time webhook token hash comparison in Jenkins Zanata Plugin

Jenkins Zanata Plugin 0.6 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token hashes are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, ther...

3.7CVSS5.5AI score0.00462EPSS
Exploits0References4
github
github
added 2023/10/25 6:32 p.m.23 views

Non-constant time webhook token hash comparison in Jenkins Zanata Plugin

Jenkins Zanata Plugin 0.6 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token hashes are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, ther...

5.3CVSS5.2AI score0.00462EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2023/10/25 6:17 p.m.33 views

CVE-2023-46660

Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

5.3CVSS6AI score0.00462EPSS
Exploits0References2
osv
osv
added 2023/10/25 6:17 p.m.4 views

CVE-2023-46660

Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

5.3CVSS5.8AI score0.00462EPSS
Exploits0References2
prion
prion
added 2023/10/25 6:17 p.m.26 views

Code injection

Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

5CVSS5.1AI score0.00462EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2023/10/25 1:45 p.m.16 views

CVE-2023-46660

Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

6.9AI score0.00462EPSS
Exploits0References2
cve
cve
added 2023/10/25 1:45 p.m.55 views

CVE-2023-46660

Summary: CVE-2023-46660 affects Jenkins Zanata Plugin prior to 0.7 (0.6 and earlier) and is due to a non-constant time comparison when verifying webhook token hashes. This vulnerable check could enable attackers to use statistical methods to obtain a valid webhook token, as stated in multiple sou...

5.3CVSS5.1AI score0.00462EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2023/10/25 1:45 p.m.26 views

CVE-2023-46660

Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

5.9AI score0.00462EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/10/25 12:0 a.m.6 views

PT-2023-30147 · Jenkins · Jenkins Zanata Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Zanata Plugin versions 0.6 and earlier Description: The issue is related to the use of a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal. This potentially allows...

5.3CVSS4.9AI score0.00462EPSS
Exploits0References6
Rows per page
Query Builder