CVE-2022-23106

Observable Discrepancy in maven/io.jenkins/configuration-as-code

Identifiers

CVE-2022-23106

Package Slug

maven/io.jenkins/configuration-as-code

Vulnerability

Observable Discrepancy

Description

Jenkins Configuration as Code Plugin used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.

Affected Versions

All versions up to 1.55

Solution

Upgrade to version 1.55.1 or above.

Last Modified

2022-01-19

source