Jenkins: >> Configuration As Code >> 1.26 Security Vulnerabilities
Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-01-12
Due to an incomplete fix of CVE-2019-10343, Jenkins Configuration as Code Plugin 1.26 and earlier did not properly apply masking to some values expected to be hidden when logging the configuration being applied.
CVSS Score
5.5
EPSS Score
0.0
Published
2019-08-07