CVE-2024-23903

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 24, 2024

Updated: Jan 31, 2024

CWE ID 697

Summary

CVE-2024-23903 is a vulnerability affecting the Jenkins GitLab Branch Source Plugin version 684 and earlier. The issue lies in the plugin's implementation of a token comparison function, which is not constant time. This weakness allows attackers to use statistical methods to obtain valid webhook tokens by analyzing the differences in response times. The vulnerability poses a risk of unauthorized access to Jenkins environments through webhook tokens. Users are advised to update the plugin to the latest version to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uQMvi9
https://www.cve.org/CVERecord?id=CVE-2024-23903
https://nvd.nist.gov/vuln/detail/CVE-2024-23903

Back to Vulnerability Database

CVE-2024-23903

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations