5.3

CVE-2023-46658

Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JenkinsMsteams Webhook Trigger Version0.1.0 SwPlatformjenkins
JenkinsMsteams Webhook Trigger Version0.1.1 SwPlatformjenkins
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.57% 0.426
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-697 Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect.

http://www.openwall.com/lists/oss-security/2023/10/25/2
Mailing List
https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2876
Vendor Advisory