Jenkins: >> Azure Ad >> 158.v437429002c6b Security Vulnerabilities
Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-09-06
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-01-26