Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9: Timing Attack
CVE-2023-46656 Published on October 25, 2023
Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
Products Associated with CVE-2023-46656
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-46656 are published in Jenkins Multibranch Scan Webhook Trigger:
Affected Versions
Jenkins Project Jenkins Multibranch Scan Webhook Trigger Plugin:- Before and including 1.0.9 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.