Back to search
CVE-2022-43411
Published: Oct 19, 2022
Modified: May 8, 2025
PUBLISHED
Description
Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
| Vendor | Product | Versions |
|---|---|---|
Jenkins project | Jenkins GitLab Plugin | affected unspecified - <= 1.5.35 |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now