10 matches found
EUVD-2023-2693
Malicious code in bioql PyPI...
GHSA-86J9-25M2-9W97 Non-constant time webhook token hash comparison in Jenkins Zanata Plugin
Jenkins Zanata Plugin 0.6 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token hashes are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, ther...
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin
Jenkins Zanata Plugin 0.6 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token hashes are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, ther...
CVE-2023-46660
Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46660
Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
Code injection
Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46660
Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46660
Summary: CVE-2023-46660 affects Jenkins Zanata Plugin prior to 0.7 (0.6 and earlier) and is due to a non-constant time comparison when verifying webhook token hashes. This vulnerable check could enable attackers to use statistical methods to obtain a valid webhook token, as stated in multiple sou...
CVE-2023-46660
Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
PT-2023-30147 · Jenkins · Jenkins Zanata Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Zanata Plugin versions 0.6 and earlier Description: The issue is related to the use of a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal. This potentially allows...