Lucene search
JenkinsVULNRICHMENT:CVE-2023-46657HistoryOct 25, 2023 - 1:45 p.m.
CVE-2023-46657
2023-10-2513:45:57
jenkins
github.com
1
cve-2023-46657
jenkins gogs plugin
non-constant time comparison
webhook token
statistical methods
AI Score
6.9
Confidence
High
EPSS
0.001
Percentile
20.2%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
Related
osv
osv
CVE-2023-46657
2023-10-25 18:17:40
Jenkins Gogs Plugin uses non-constant time webhook token comparison
2023-10-25 18:32:25
nvd
nvd
CVE-2023-46657
2023-10-25 18:17:40
cve
cve
CVE-2023-46657
2023-10-25 18:17:40
github
github
Jenkins Gogs Plugin uses non-constant time webhook token comparison
2023-10-25 18:32:25
prion
prion
Information disclosure
2023-10-25 18:17:00
cvelist
cvelist
CVE-2023-46657
2023-10-25 13:45:57
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-10-25)
2023-10-25 00:00:00
AI Score
6.9
Confidence
High
EPSS
0.001
Percentile
20.2%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2023-46657