CVE-2023-40343

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Aug 16, 2023

Updated: Aug 18, 2023

CWE ID 203

Summary

CVE-2023-40343 is a vulnerability affecting the Jenkins Tuleap Authentication Plugin version 1.1.20 and earlier. This issue arises due to the plugin's use of a non-constant time comparison function during the validation of authentication tokens. Attackers can exploit this vulnerability by employing statistical methods to obtain valid authentication tokens, potentially gaining unauthorized access to Jenkins instances using the affected plugin. Organizations utilizing this plugin are strongly advised to upgrade to a patched version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sV8zXo
https://www.cve.org/CVERecord?id=CVE-2023-40343
https://nvd.nist.gov/vuln/detail/CVE-2023-40343

Back to Vulnerability Database

CVE-2023-40343

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations