CVE-2016-0790

Опубликовано: 24 фев. 2016

Источник: redhat

CVSS2: 5.1

EPSS Низкий

Описание

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.

Ссылки на источники

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=1311948jenkins: Non-constant time comparison of API token (SECURITY-241)

EPSS

Процентиль: 44%

0.00212

Низкий

5.1 Medium

CVSS2

Связанные уязвимости

CVE-2016-0790

CVSS3: 5.3

ubuntu

почти 10 лет назад

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.

CVE-2016-0790

CVSS3: 5.3

nvd

почти 10 лет назад

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.

CVE-2016-0790

CVSS3: 5.3

debian

почти 10 лет назад

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time ...

GHSA-jgpr-qrw2-6gp3

CVSS3: 5.3

github

больше 3 лет назад

Exposure of Sensitive Information in Jenkins Core

EPSS

Процентиль: 44%

0.00212

Низкий

5.1 Medium

CVSS2