Jenkins Generic Webhook Trigger vulnerabilities

CVE-2022-43412 [MEDIUM] CWE-203 CVE-2022-43412: Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison functi Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

CVE-2022-25185 [MEDIUM] CWE-79 CVE-2022-25185: Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using t Jenkins Generic Webhook Trigger Plugin 1.81 and earlier does not escape the build cause when using the webhook, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

CVE-2021-21669 [CRITICAL] CVE-2021-21669: Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.