Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2023-10-25T13:45:56.888Z
Updated: 2024-09-12T20:51:12.087Z
Reserved: 2023-10-24T16:05:00.960Z
Link: CVE-2023-46656
Vulnrichment
Updated: 2024-08-02T20:53:21.182Z
NVD
Status : Modified
Published: 2023-10-25T18:17:40.223
Modified: 2024-11-21T08:28:59.563
Link: CVE-2023-46656
Redhat
No data.