Security Advisory

CVE-2016-0790

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2016-04-07 23:00:00

Last updated 2024-08-05 22:30:05

Assigner redhat

State PUBLISHED

Description

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.

← Browse all CVEs View on cve.org ↗