CVE-2023-40343

Summary

Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins Tuleap Authentication Plugin0 <= 1.1.20affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References