Maven package
org.jenkins-ci.plugins/zanata
pkg:maven/org.jenkins-ci.plugins/zanata
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-46660 | — | <= 0.6 | — | Oct 25, 2023 | Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. |
- CVE-2023-46660Oct 25, 2023affected <= 0.6
Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.