Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-f9f9-4r63-4qcc

GitHub Security Advisory

Non-constant time webhook token comparison in Jenkins GitLab Plugin

✓ GitHub Reviewed LOW Has CVE
View on GitHub

Advisory Details

GitLab Plugin 1.5.35 and earlier does not use a constant-time comparison when checking whether the provided and expected webhook token are equal.

This could potentially allow attackers to use statistical methods to obtain a valid webhook token.

GitLab Plugin 1.5.36 uses a constant-time comparison when validating the webhook token.

Affected Packages

Maven org.jenkins-ci.plugins:gitlab-plugin
Affected versions: 0 (fixed in 1.5.36)

Related CVEs

CVE-2022-43411

Key Information

GHSA ID
GHSA-f9f9-4r63-4qcc
Published
October 19, 2022 7:00 PM
Last Modified
December 16, 2022 5:22 PM
CVSS Score
2.5 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:gitlab-plugin
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.