cbcvebase.
CVE-2022-43411
published 2022-10-19

CVE-2022-43411: Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal…

PriorityP425medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.66%
46.7th percentile
Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

Affected

35 ranges· showing 25
VendorProductVersion rangeFixed in
gitlabgitlab
jenkinsbmc_ami_devx_code_debug_code_coverage_plugin
jenkinsbmc_ami_devx_total_test_plugin
jenkinsbmc_ami_strobe_measurement_task_plugin
jenkinscode_pipeline_plugin
jenkinscompuware_topaz_utilities_plugin
jenkinscontrast_continuous_application_security_plugin
jenkinscredentials_plugin
jenkinscustom_checkbox_parameter_plugin
jenkinscve-2022-43401_in_script_security_plugin
jenkinsdeclarative_plugin
jenkinsdeprecated_groovy_libraries_plugin
jenkinsfireline_plugin
jenkinsgeneric_webhook_trigger_plugin
jenkinsgitlab< 1.5.361.5.36
jenkinsgitlab_plugin
jenkinsgroovy_libraries_plugin
jenkinsgroovy_plugin
jenkinsinput_step_plugin
jenkinsjob_import_plugin
jenkinsjob_plugin
jenkinskatalon_plugin
jenkinsmercurial_plugin
jenkinsnunit_plugin
jenkinsrepo_plugin
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.