CVE-2022-23106
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-23106
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23106.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-23106
- Aliases
- Published
- 2022-01-12T20:15:09Z
- Modified
- 2024-09-03T04:11:14.677042Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.
- References
Affected packages
Git / github.com/jenkinsci/configuration-as-code-plugin
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jenkinsci/configuration-as-code-plugin
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
configuration-as-code-0.*
configuration-as-code-0.1-alpha
configuration-as-code-0.10-alpha
configuration-as-code-0.11-alpha
configuration-as-code-0.2-alpha
configuration-as-code-0.3-alpha
configuration-as-code-0.4-alpha
configuration-as-code-0.5-alpha
configuration-as-code-0.6-alpha
configuration-as-code-0.7-alpha
configuration-as-code-0.8-alpha
configuration-as-code-0.9-alpha
configuration-as-code-1.*
configuration-as-code-1.0
configuration-as-code-1.0-rc1
configuration-as-code-1.0-rc2
configuration-as-code-1.0-rc3
configuration-as-code-1.1
configuration-as-code-1.10
configuration-as-code-1.11
configuration-as-code-1.12
configuration-as-code-1.13
configuration-as-code-1.14
configuration-as-code-1.15
configuration-as-code-1.16
configuration-as-code-1.17
configuration-as-code-1.18
configuration-as-code-1.19
configuration-as-code-1.2
configuration-as-code-1.20
configuration-as-code-1.21
configuration-as-code-1.22
configuration-as-code-1.23
configuration-as-code-1.24
configuration-as-code-1.25
configuration-as-code-1.26
configuration-as-code-1.27
configuration-as-code-1.28
configuration-as-code-1.29
configuration-as-code-1.3
configuration-as-code-1.30
configuration-as-code-1.31
configuration-as-code-1.32
configuration-as-code-1.33
configuration-as-code-1.34
configuration-as-code-1.35
configuration-as-code-1.36
configuration-as-code-1.37
configuration-as-code-1.38
configuration-as-code-1.39
configuration-as-code-1.4
configuration-as-code-1.40
configuration-as-code-1.41
configuration-as-code-1.42
configuration-as-code-1.43
configuration-as-code-1.44
configuration-as-code-1.45
configuration-as-code-1.46
configuration-as-code-1.47
configuration-as-code-1.48
configuration-as-code-1.49
configuration-as-code-1.5
configuration-as-code-1.50
configuration-as-code-1.51
configuration-as-code-1.52
configuration-as-code-1.53
configuration-as-code-1.54
configuration-as-code-1.55
configuration-as-code-1.6
configuration-as-code-1.7
configuration-as-code-1.8
configuration-as-code-1.9