CVE-2023-41935 - Vulnerability Details - OpenCVE

Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00072.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Jenkins	Azure Ad

Configuration 1 [-]

OR	cpe:2.3:a:jenkins:azure_ad::::::jenkins::*
	cpe:2.3:a:jenkins:azure_ad::::::jenkins::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-2522	Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce.
Github GHSA	GHSA-hj7p-h74j-6gxj	Non-constant time nonce comparison in Jenkins Microsoft Entra ID (previously Azure AD) Plugin

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2023/09/06/9
https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3227

History

Thu, 26 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: jenkins

Published: 2023-09-06T12:08:55.693Z

Updated: 2024-09-26T19:55:15.254Z

Reserved: 2023-09-05T16:39:57.392Z

Link: CVE-2023-41935

Vulnrichment

Updated: 2024-08-02T19:09:49.440Z

NVD

Status : Modified

Published: 2023-09-06T13:15:10.297

Modified: 2024-11-21T08:21:57.173

Link: CVE-2023-41935

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41935", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2023-09-05T16:39:57.392Z", "datePublished": "2023-09-06T12:08:55.693Z", "dateUpdated": "2024-09-26T19:55:15.254Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Jenkins Azure AD Plugin", "vendor": "Jenkins Project", "versions": [{"lessThan": "*", "status": "unaffected", "version": "397.v907382dd9b_98", "versionType": "maven"}, {"lessThan": "378.*", "status": "unaffected", "version": "378.380.v545b_1154b_3fb_", "versionType": "maven"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T12:51:44.823Z"}, "references": [{"name": "Jenkins Security Advisory 2023-09-06", "tags": ["vendor-advisory"], "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3227"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:09:49.440Z"}, "title": "CVE Program Container", "references": [{"name": "Jenkins Security Advisory 2023-09-06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3227"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T19:55:05.096531Z", "id": "CVE-2023-41935", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T19:55:15.254Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41935", "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "state": "PUBLISHED", "assignerShortName": "jenkins", "dateReserved": "2023-09-05T16:39:57.392Z", "datePublished": "2023-09-06T12:08:55.693Z", "dateUpdated": "2024-09-26T19:55:15.254Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Jenkins Azure AD Plugin", "vendor": "Jenkins Project", "versions": [{"lessThan": "*", "status": "unaffected", "version": "397.v907382dd9b_98", "versionType": "maven"}, {"lessThan": "378.*", "status": "unaffected", "version": "378.380.v545b_1154b_3fb_", "versionType": "maven"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce."}], "providerMetadata": {"orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b", "shortName": "jenkins", "dateUpdated": "2023-10-24T12:51:44.823Z"}, "references": [{"name": "Jenkins Security Advisory 2023-09-06", "tags": ["vendor-advisory"], "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3227"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:09:49.440Z"}, "title": "CVE Program Container", "references": [{"name": "Jenkins Security Advisory 2023-09-06", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3227"}, {"url": "http://www.openwall.com/lists/oss-security/2023/09/06/9", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41935", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-26T19:55:05.096531Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T19:55:11.651Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jenkins:azure_ad:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "1DB49479-D1D1-4DED-918B-E73292121907", "versionEndIncluding": "348.vefd011eea_20b", "vulnerable": true}, {"criteria": "cpe:2.3:a:jenkins:azure_ad:*:*:*:*:*:jenkins:*:*", "matchCriteriaId": "77E0A6BF-D2E6-4FE7-9BD5-E702FDBCB161", "versionEndIncluding": "396.v86ce29279947", "versionStartIncluding": "378.vd6e2874a_69eb", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce."}, {"lang": "es", "value": "El complemento Jenkins Azure AD 396.v86ce29279947 y versiones anteriores, excepto 378.380.v545b_1154b_3fb_, usa una funci\u00f3n de comparaci\u00f3n de tiempo no constante al comprobar si el nonce de protecci\u00f3n CSRF proporcionado y esperado es igual, lo que podr\u00eda permitir a los atacantes usar m\u00e9todos estad\u00edsticos para obtener un nonce v\u00e1lido."}], "id": "CVE-2023-41935", "lastModified": "2024-11-21T08:21:57.173", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-06T13:15:10.297", "references": [{"source": "jenkinsci-cert@googlegroups.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/06/9"}, {"source": "jenkinsci-cert@googlegroups.com", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3227"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/09/06/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.jenkins.io/security/advisory/2023-09-06/#SECURITY-3227"}], "sourceIdentifier": "jenkinsci-cert@googlegroups.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-697"}], "source": "nvd@nist.gov", "type": "Primary"}]}