Jenkins Configuration as Code Plugin 1.55 and previous versions used a non-constant time comparison function when validating an authentication token allowing malicious users to use statistical methods to obtain a valid authentication token.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jenkins configuration as code |