CVE-2023-41936

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Sep 6, 2023
Updated: Sep 11, 2023
CWE ID 697

Summary

CVE-2023-41936 is a vulnerability found in Jenkins Google Login Plugin version 1.7 and earlier. The plugin uses a non-constant time comparison function when checking the equality of provided and expected tokens, which could potentially allow attackers to obtain a valid token using statistical methods. The vulnerability affects several products, including Z2nogs, Z2nogt, Z2nogu, Z2nogv, Z2nogw, Z2nogx, Z2nogy, rXDzXJ, rXDzXI, and rXDzXK. Remediation for this vulnerability is not specified in the provided information. The vulnerability has a base severity rating of HIGH and can have a significant impact on the confidentiality of an organization's data.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-41936 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options