Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token.
{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:jenkins:google_login:*:*:*:*:*:jenkins:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "1.7"
}
]
}