Jenkins prior to 1.650 and LTS prior to 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote malicious users to determine API tokens via a brute-force approach.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins jenkins |
||
redhat openshift 3.1 |