Low severityNVD Advisory· Published Oct 25, 2023· Updated Feb 13, 2025
CVE-2023-46658
CVE-2023-46658
Description
Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.jenkins.plugins:teams-webhook-triggerMaven | <= 0.1.1 | — |
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-2xpq-5952-38w3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-46658ghsaADVISORY
- www.jenkins.io/security/advisory/2023-10-25/ghsavendor-advisoryWEB
- www.openwall.com/lists/oss-security/2023/10/25/2ghsaWEB
News mentions
1- Jenkins Security Advisory 2023-10-25Jenkins Security Advisories · Oct 25, 2023