Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: jenkins
Published: 2023-09-06T12:08:56.365Z
Updated: 2024-08-02T19:09:49.355Z
Reserved: 2023-09-05T16:39:57.392Z
Link: CVE-2023-41936
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-06T13:15:10.367
Modified: 2023-09-11T17:53:27.380
Link: CVE-2023-41936
Redhat
No data.