Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-f67f-2j6r-m4c9: Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin

Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

ghsa
#web#git

Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin

Low severity GitHub Reviewed Published Jan 24, 2024 to the GitHub Advisory Database • Updated Jan 24, 2024

ghsa: Latest News

GHSA-4j3c-42xv-3f84: Apache Tomcat Utilities is vulnerable to resource exhaustion when using the APR/Native connector