Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9: Timing Attack
CVE-2023-46656 Published on October 25, 2023

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

Vendor Advisory NVD

Products Associated with CVE-2023-46656

Want to know whenever a new CVE is published for Jenkins Multibranch Scan Webhook Trigger? stack.watch will email you.

Jenkins Multibranch Scan Webhook Trigger

Affected Versions

Jenkins Project Jenkins Multibranch Scan Webhook Trigger Plugin:

Before and including 1.0.9 is affected.

Exploit Probability

EPSS

0.11%

Percentile

29.23%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9: Timing AttackCVE-2023-46656 Published on October 25, 2023

Products Associated with CVE-2023-46656

Affected Versions

Exploit Probability

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9: Timing Attack
CVE-2023-46656 Published on October 25, 2023