Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vulnrichmentJenkinsVULNRICHMENT:CVE-2024-23903
HistoryJan 24, 2024 - 5:52 p.m.

CVE-2024-23903

2024-01-2417:52:26
jenkins
github.com
2
jenkins
gitlab
branch source plugin
non-constant time comparison
vulnerability
webhook token

AI Score

6.4

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

Related

prion 1
github 1
cvelist 1
osv 1
nvd 1
cve 1
alpinelinux 1
nessus 1
redos 1
prion
prion
Code injection
2024-01-24 18:15:00
github
github
Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin
2024-01-24 18:31:02
cvelist
cvelist
CVE-2024-23903
2024-01-24 17:52:26
osv
osv
Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin
2024-01-24 18:31:02
nvd
nvd
CVE-2024-23903
2024-01-24 18:15:09
cve
cve
CVE-2024-23903
2024-01-24 18:15:09
alpinelinux
alpinelinux
CVE-2024-23903
2024-01-24 18:15:09
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2024-01-24)
2024-01-24 00:00:00
redos
redos
ROS-20240411-08
2024-04-11 00:00:00

AI Score

6.4

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON
Related for VULNRICHMENT:CVE-2024-23903
prion1github1cvelist1osv1nvd1cve1alpinelinux1nessus1redos1