Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-8859-v9jp-cphf: Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

ghsa
Open in Source
#vulnerability#web#git#java#maven

Skip to content

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
  • Pricing
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2023-46656

Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison

Low severity GitHub Reviewed Published Oct 25, 2023 to the GitHub Advisory Database • Updated Oct 30, 2023

Package

maven igalg.jenkins.plugins:multibranch-scan-webhook-trigger (Maven)

Affected versions

<= 1.0.9

Description

Published to the GitHub Advisory Database

Oct 25, 2023

Last updated

Oct 30, 2023

Related news

CVE-2023-46650: security - Multiple vulnerabilities in Jenkins plugins

Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

ghsa: Latest News

GHSA-9h9q-qhxg-89xr: Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
ghsa