CVE-2016-0790

Опубликовано: 07 апр. 2016

Источник: debian

EPSS Низкий

Описание

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
jenkins	removed			package

Примечания

https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24

EPSS

Процентиль: 44%

0.00212

Низкий

Связанные уязвимости

CVE-2016-0790

CVSS3: 5.3

ubuntu

почти 10 лет назад

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.

CVE-2016-0790

redhat

почти 10 лет назад

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.

CVE-2016-0790

CVSS3: 5.3

nvd

почти 10 лет назад

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.

GHSA-jgpr-qrw2-6gp3

CVSS3: 5.3

github

больше 3 лет назад

Exposure of Sensitive Information in Jenkins Core

EPSS

Процентиль: 44%

0.00212

Низкий