Timing Leak in Jenkins MSTeams Webhook Trigger Plugin <0.1.1: Token Compromise
CVE-2023-46658 Published on October 25, 2023

Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

Vendor Advisory NVD

Products Associated with CVE-2023-46658

Want to know whenever a new CVE is published for Jenkins Msteams Webhook Trigger? stack.watch will email you.

Jenkins Msteams Webhook Trigger

Affected Versions

Jenkins Project Jenkins MSTeams Webhook Trigger Plugin:

Before and including 0.1.1 is affected.

Exploit Probability

EPSS

0.08%

Percentile

23.61%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Timing Leak in Jenkins MSTeams Webhook Trigger Plugin <0.1.1: Token CompromiseCVE-2023-46658 Published on October 25, 2023

Products Associated with CVE-2023-46658

Affected Versions

Exploit Probability

Timing Leak in Jenkins MSTeams Webhook Trigger Plugin <0.1.1: Token Compromise
CVE-2023-46658 Published on October 25, 2023