CVE-2022-23106
maven/io.jenkins/configuration-as-code
Observable Discrepancy
Jenkins Configuration as Code Plugin used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.
All versions up to 1.55
Unfortunately, there is no solution available yet.
2022-01-19
source |