CVE-2023-40343

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Aug 16, 2023
Updated: Aug 18, 2023
CWE ID 203

Summary

CVE-2023-40343 is a vulnerability affecting the Jenkins Tuleap Authentication Plugin version 1.1.20 and earlier. This issue arises due to the plugin's use of a non-constant time comparison function during the validation of authentication tokens. Attackers can exploit this vulnerability by employing statistical methods to obtain valid authentication tokens, potentially gaining unauthorized access to Jenkins instances using the affected plugin. Organizations utilizing this plugin are strongly advised to upgrade to a patched version to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share