Описание
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret.
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-385
https://bugzilla.redhat.com/show_bug.cgi?id=1797084jenkins: Non-constant time comparison of inbound TCP agent connection secret
5.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
nvd
около 6 лет назад
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret.
CVSS3: 5.3
debian
около 6 лет назад
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a const ...
CVSS3: 5.3
github
больше 3 лет назад
Non-constant time comparison of inbound TCP agent connection secret
5.3 Medium
CVSS3