Описание
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | jenkins | Will not fix | ||
| Red Hat OpenShift Container Platform 4.10 | jenkins | Fixed | RHSA-2023:0697 | 15.02.2023 |
| Red Hat OpenShift Container Platform 4.8 | jenkins | Fixed | RHSA-2023:0017 | 12.01.2023 |
| Red Hat OpenShift Container Platform 4.9 | jenkins | Fixed | RHSA-2023:0777 | 23.02.2023 |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm.
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable t ...
Observable timing discrepancy allows determining username validity in Jenkins
7.5 High
CVSS3