Description
Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.
Solution(s)
jenkins-lts-upgrade-2_319_2 jenkins-upgrade-2_330
Referenceshttps://attackerkb.com/topics/cve-2022-23106 CVE - 2022-23106 https://jenkins.io/security/advisory/2022-01-12/