GHSA-jgpr-qrw2-6gp3

Опубликовано: 14 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.3

Описание

Exposure of Sensitive Information in Jenkins Core

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.

Ссылки

Пакеты

Наименование

org.jenkins-ci.main:jenkins-core

maven

Затронутые версииВерсия исправления

< 1.650

1.650

EPSS

Процентиль: 44%

0.00212

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2016-0790

Дефекты

CWE-200

Связанные уязвимости

CVE-2016-0790

CVSS3: 5.3

ubuntu

почти 10 лет назад

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.

CVE-2016-0790

redhat

почти 10 лет назад

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.

CVE-2016-0790

CVSS3: 5.3

nvd

почти 10 лет назад

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.

CVE-2016-0790

CVSS3: 5.3

debian

почти 10 лет назад

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time ...

EPSS

Процентиль: 44%

0.00212

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2016-0790

Дефекты

CWE-200