Vulnerabilities > CVE-2022-43412 - Information Exposure Through Discrepancy vulnerability in Jenkins Generic Webhook Trigger

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

jenkins

CWE-203

NVD

Published: 2022-10-19

Updated: 2023-11-01

Summary

Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

Vulnerable Configurations

Part	Description	Count
Application	Jenkins Jenkins Generic Webhook Trigger - Jenkins Generic Webhook Trigger 1.0 Jenkins Generic Webhook Trigger 1.1 Jenkins Generic Webhook Trigger 1.2 Jenkins Generic Webhook Trigger 1.3 Jenkins Generic Webhook Trigger 1.4 Jenkins Generic Webhook Trigger 1.5 Jenkins Generic Webhook Trigger 1.6 Jenkins Generic Webhook Trigger 1.7 Jenkins Generic Webhook Trigger 1.8 Jenkins Generic Webhook Trigger 1.9 Jenkins Generic Webhook Trigger 1.10 Jenkins Generic Webhook Trigger 1.11 Jenkins Generic Webhook Trigger 1.12 Jenkins Generic Webhook Trigger 1.13 Jenkins Generic Webhook Trigger 1.14 Jenkins Generic Webhook Trigger 1.15 Jenkins Generic Webhook Trigger 1.16 Jenkins Generic Webhook Trigger 1.17 Jenkins Generic Webhook Trigger 1.18 Jenkins Generic Webhook Trigger 1.19 Jenkins Generic Webhook Trigger 1.20 Jenkins Generic Webhook Trigger 1.21 Jenkins Generic Webhook Trigger 1.22 Jenkins Generic Webhook Trigger 1.23 Jenkins Generic Webhook Trigger 1.24 Jenkins Generic Webhook Trigger 1.25 Jenkins Generic Webhook Trigger 1.26 Jenkins Generic Webhook Trigger 1.27 Jenkins Generic Webhook Trigger 1.28 Jenkins Generic Webhook Trigger 1.29 Jenkins Generic Webhook Trigger 1.30 Jenkins Generic Webhook Trigger 1.31 Jenkins Generic Webhook Trigger 1.32 Jenkins Generic Webhook Trigger 1.33 Jenkins Generic Webhook Trigger 1.34 Jenkins Generic Webhook Trigger 1.35 Jenkins Generic Webhook Trigger 1.36 Jenkins Generic Webhook Trigger 1.37 Jenkins Generic Webhook Trigger 1.38 Jenkins Generic Webhook Trigger 1.39 Jenkins Generic Webhook Trigger 1.40 Jenkins Generic Webhook Trigger 1.41 Jenkins Generic Webhook Trigger 1.42 Jenkins Generic Webhook Trigger 1.43 Jenkins Generic Webhook Trigger 1.44 Jenkins Generic Webhook Trigger 1.45 Jenkins Generic Webhook Trigger 1.46 Jenkins Generic Webhook Trigger 1.47 Jenkins Generic Webhook Trigger 1.48 Jenkins Generic Webhook Trigger 1.49 Jenkins Generic Webhook Trigger 1.50 Jenkins Generic Webhook Trigger 1.51 Jenkins Generic Webhook Trigger 1.52 Jenkins Generic Webhook Trigger 1.53 Jenkins Generic Webhook Trigger 1.54 Jenkins Generic Webhook Trigger 1.55 Jenkins Generic Webhook Trigger 1.56 Jenkins Generic Webhook Trigger 1.57 Jenkins Generic Webhook Trigger 1.58 Jenkins Generic Webhook Trigger 1.59 Jenkins Generic Webhook Trigger 1.60 Jenkins Generic Webhook Trigger 1.61 Jenkins Generic Webhook Trigger 1.62 Jenkins Generic Webhook Trigger 1.63 Jenkins Generic Webhook Trigger 1.64 Jenkins Generic Webhook Trigger 1.65 Jenkins Generic Webhook Trigger 1.66 Jenkins Generic Webhook Trigger 1.67 Jenkins Generic Webhook Trigger 1.68 Jenkins Generic Webhook Trigger 1.69 Jenkins Generic Webhook Trigger 1.70 Jenkins Generic Webhook Trigger 1.71 Jenkins Generic Webhook Trigger 1.72 Jenkins Generic Webhook Trigger 1.73 Jenkins Generic Webhook Trigger 1.74 Jenkins Generic Webhook Trigger 1.75 Jenkins Generic Webhook Trigger 1.76 Jenkins Generic Webhook Trigger 1.77 Jenkins Generic Webhook Trigger 1.78 Jenkins Generic Webhook Trigger 1.79 Jenkins Generic Webhook Trigger 1.80 Jenkins Generic Webhook Trigger 1.81 Jenkins Generic Webhook Trigger 1.82 Jenkins Generic Webhook Trigger 1.84.1	85

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References