VYPR
Low severityNVD Advisory· Published Jan 12, 2022· Updated Aug 3, 2024

CVE-2022-23106

CVE-2022-23106

Description

Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.jenkins:configuration-as-codeMaven
>= 1.55, < 1.55.11.55.1
io.jenkins:configuration-as-codeMaven
>= 1.54, < 1.54.11.54.1
io.jenkins:configuration-as-codeMaven
>= 1.48, < 1.53.11.53.1
io.jenkins:configuration-as-codeMaven
< 1.47.11.47.1

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

1