Timing Attack in Jenkins GitHub Plugin <=1.34.4
CVE-2022-36885 Published on July 27, 2022

Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.

NVD

Products Associated with CVE-2022-36885

Want to know whenever a new CVE is published for Jenkins Github? stack.watch will email you.

Jenkins Github

Affected Versions

Jenkins project Jenkins GitHub Plugin:

Version unspecified, <= 1.34.4 is affected.
Version 1.34.3.1 is unaffected.
Version 1.34.1.1 is unaffected.

Exploit Probability

EPSS

0.34%

Percentile

56.14%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Timing Attack in Jenkins GitHub Plugin <=1.34.4CVE-2022-36885 Published on July 27, 2022

Products Associated with CVE-2022-36885

Affected Versions

Exploit Probability

Timing Attack in Jenkins GitHub Plugin <=1.34.4
CVE-2022-36885 Published on July 27, 2022