Vulnerability Details CVE-2023-41936
Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.7%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2023-41936
-
cpe:2.3:a:jenkins:google_login:-
-
cpe:2.3:a:jenkins:google_login:1.0
-
cpe:2.3:a:jenkins:google_login:1.1
-
cpe:2.3:a:jenkins:google_login:1.2
-
cpe:2.3:a:jenkins:google_login:1.2.1
-
cpe:2.3:a:jenkins:google_login:1.3
-
cpe:2.3:a:jenkins:google_login:1.3.1
-
cpe:2.3:a:jenkins:google_login:1.4
-
cpe:2.3:a:jenkins:google_login:1.6
-
cpe:2.3:a:jenkins:google_login:1.7