[MAVEN:GHSA-8859-V9JP-CPHF] Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison
Severity
Low
Affected Packages
1
CVEs
1
Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal.
This could potentially allow attackers to use statistical methods to obtain a valid webhook token.
As of publication of this advisory, there is no fix.
Package | Affected Version |
---|---|
pkg:maven/igalg.jenkins.plugins/multibranch-scan-webhook-trigger | <= 1.0.9 |
- ID
- MAVEN:GHSA-8859-V9JP-CPHF
- Severity
- low
- URL
- https://github.com/advisories/GHSA-8859-v9jp-cphf
- Published
-
2023-10-25T18:32:25
(10 months ago) - Modified
-
2023-11-11T05:04:54
(10 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/igalg.jenkins.plugins/multibranch-scan-webhook-trigger | igalg.jenkins.plugins | multibranch-scan-webhook-trigger | <= 1.0.9 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |