Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-46658

UNKNOWN
Published 2023-10-25T13:45:58.198Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-46658. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Jenkins Project

Jenkins MSTeams Webhook Trigger Plugin

Affected Versions:

0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed LOW

Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison

GHSA-2xpq-5952-38w3

Advisory Details

Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal. This could potentially allow attackers to use statistical methods to obtain a valid webhook token. As of publication of this advisory, there is no fix.

Affected Packages

Maven io.jenkins.plugins:teams-webhook-trigger
ECOSYSTEM: ≥0 ≤0.1.1

CVSS Scoring

CVSS Score

2.5

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-46658
PACKAGE https://github.com/jenkinsci/teams-webhook-trigger-plugin
WEB https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2876
WEB http://www.openwall.com/lists/oss-security/2023/10/25/2

Advisory provided by GitHub Security Advisory Database. Published: October 25, 2023, Modified: November 2, 2023

References

https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2876
http://www.openwall.com/lists/oss-security/2023/10/25/2
Published: 2023-10-25T13:45:58.198Z
Last Modified: 2025-02-13T17:14:30.193Z
Copied to clipboard!