Vulnerabilities > CVE-2022-23106 - Information Exposure Through Discrepancy vulnerability in Jenkins Configuration AS Code

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
jenkins
CWE-203

Summary

Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.

Vulnerable Configurations

Part Description Count
Application
Jenkins
71

Common Weakness Enumeration (CWE)