Lucene search
PRIOn knowledge basePRION:CVE-2023-46657HistoryOct 25, 2023 - 6:17 p.m.
Information disclosure
2023-10-2518:17:00
PRIOn knowledge base
www.prio-n.com
4
jenkins
gogs plugin
non-constant time comparison
webhook token
statistical methods
information disclosure
security vulnerability
0.0005 Low
EPSS
Percentile
17.0%
Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
Related
osv
osv
CVE-2023-46657
2023-10-25 18:17:40
Jenkins Gogs Plugin uses non-constant time webhook token comparison
2023-10-25 18:32:25
nvd
nvd
CVE-2023-46657
2023-10-25 18:17:40
cve
cve
CVE-2023-46657
2023-10-25 18:17:40
cvelist
cvelist
CVE-2023-46657
2023-10-25 13:45:57
github
github
Jenkins Gogs Plugin uses non-constant time webhook token comparison
2023-10-25 18:32:25
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-10-25)
2023-10-25 00:00:00