Lucene search
Veracode Vulnerability DatabaseVERACODE:16900HistoryMay 02, 2019 - 5:29 a.m.
Timing Attack
2019-05-0205:29:28
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
EPSS
0.007
Percentile
80.6%
jenkins is vulnerable to timing attack. A remote attacker is able to bypass CSRF protection mechanism through a brute-force approach of analyzing server response time to guess the value of CSRF tokens. This is due to the verification of the CSRF tokens not being performed using a constant-time algorithm.
References
rhn.redhat.com/errata/RHSA-2016-1773.html
access.redhat.com/errata/RHSA-2016:0711
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1324664
jenkins.io/changelog-stable/#v1.642.2
rhn.redhat.com/errata/RHSA-2016-0711.html
wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
Related
cve
cve
CVE-2016-0791
2016-04-07 23:59:02
osv
osv
Exposure of Sensitive Information in Jenkins Core
2022-05-14 03:58:15
prion
prion
Cross site request forgery (csrf)
2016-04-07 23:59:00
ubuntucve
ubuntucve
CVE-2016-0791
2016-04-07 00:00:00
nvd
nvd
CVE-2016-0791
2016-04-07 23:59:02
github
github
Exposure of Sensitive Information in Jenkins Core
2022-05-14 03:58:15
cvelist
cvelist
CVE-2016-0791
2016-04-07 23:00:00
freebsd
freebsd
jenkins -- multiple vulnerabilities
2016-02-24 00:00:00
nessus
nessus
openvas
openvas
Fedora Update for jenkins FEDORA-2016-0
2016-03-18 00:00:00
Jenkins Multiple Vulnerabilities (Feb 2016) - Windows
2016-05-20 00:00:00
Fedora Update for jenkins-remoting FEDORA-2016-641
2016-03-18 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: jenkins-remoting-2.53.3-1.fc23
2016-03-17 21:00:40
[SECURITY] Fedora 23 Update: jenkins-1.625.3-3.fc23
2016-03-17 21:00:40
[SECURITY] Fedora 22 Update: jenkins-1.609.3-6.fc22
2016-03-17 21:25:57
redhat
redhat