Jenkins Google Login Plugin 1.7 and earlier uses a non-constant time comparison function when checking whether the provided and expected token are equal, potentially allowing attackers to use statistical methods to obtain a valid token.
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Google_login | Jenkins | * | 1.7 (including) |
This Pillar covers several possibilities: