CVE-2022-23106

Publication date

2022-01-12 00:00:00

Family

jenkins

State

PUBLISHED

Description

Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.