Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-46656

UNKNOWN
Published 2023-10-25T13:45:56.888Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-46656. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Jenkins Project

Jenkins Multibranch Scan Webhook Trigger Plugin

Affected Versions:

0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed LOW

Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison

GHSA-8859-v9jp-cphf

Advisory Details

Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, there is no fix.

Affected Packages

Maven igalg.jenkins.plugins:multibranch-scan-webhook-trigger
ECOSYSTEM: ≥0 ≤1.0.9

CVSS Scoring

CVSS Score

2.5

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-46656
PACKAGE https://github.com/jenkinsci/multibranch-scan-webhook-trigger-plugin
WEB https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2875
WEB http://www.openwall.com/lists/oss-security/2023/10/25/2

Advisory provided by GitHub Security Advisory Database. Published: October 25, 2023, Modified: November 2, 2023

References

https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2875
http://www.openwall.com/lists/oss-security/2023/10/25/2
Published: 2023-10-25T13:45:56.888Z
Last Modified: 2025-02-13T17:14:29.123Z
Copied to clipboard!