Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2023-09-06T12:08:55.693Z
Updated: 2024-08-02T19:09:49.440Z
Reserved: 2023-09-05T16:39:57.392Z
Link: CVE-2023-41935
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-06T13:15:10.297
Modified: 2023-09-11T17:54:37.170
Link: CVE-2023-41935
Redhat
No data.