Описание
Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.
Ссылки
- Mailing ListThird Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.55 (включая)
cpe:2.3:a:jenkins:configuration_as_code:*:*:*:*:*:jenkins:*:*
EPSS
Процентиль: 25%
0.00086
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-203
Связанные уязвимости
CVSS3: 5.3
redhat
около 4 лет назад
Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.
CVSS3: 3.7
github
около 4 лет назад
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin
EPSS
Процентиль: 25%
0.00086
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-203