Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2020-01-29 16:15
Updated : 2024-02-28 17:28
NVD link : CVE-2020-2101
Mitre link : CVE-2020-2101
CVE.ORG link : CVE-2020-2101
JSON object : View
Products Affected
jenkins
- jenkins
CWE
CWE-203
Observable Discrepancy