Jenkins 2.218 and previous versions, LTS 2.204.1 and previous versions did not use a constant-time comparison function for validating connection secrets, which could potentially allow an malicious user to use a timing attack to obtain this secret.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins jenkins |