Описание
Jenkins Tuleap Authentication Plugin non-constant time token comparison
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier does not use a constant-time comparison when checking whether two authentication tokens are equal.
This could potentially allow attackers to use statistical methods to obtain a valid authentication token.
Tuleap Authentication Plugin 1.1.21 uses a constant-time comparison when validating authentication tokens.
Пакеты
Наименование
io.jenkins.plugins:tuleap-oauth
maven
Затронутые версииВерсия исправления
< 1.1.21
1.1.21
Связанные уязвимости
CVSS3: 5.9
nvd
больше 2 лет назад
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.