Vulnerabilities > Jenkins > Configuration AS Code > 1.25
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-12 | CVE-2022-23106 | Information Exposure Through Discrepancy vulnerability in Jenkins Configuration AS Code Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. | 5.3 |
2019-08-07 | CVE-2019-10367 | Information Exposure Through Log Files vulnerability in Jenkins Configuration AS Code Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied. | 5.5 |