CVE-2022-36885
CVE-2022-36885 affects Jenkins GitHub Plugin 1.34.4 and earlier. The vulnerability arises from a non-constant time comparison when verifying webhook signatures, enabling attackers to use statistical methods to forge a valid webhook signature. Impact is limited to systems using the vulnerable plug...