CVE-2023-46658

Name of the Vulnerable Software and Affected Versions Jenkins MSTeams Webhook Trigger Plugin versions 0.1.1 and earlier

Description The issue is related to information disclosure. It may allow a remote attacker to gain unauthorized access to protected information. The problem lies in the non-constant time comparison function used when checking the provided and expected webhook token for equality. This potentially allows attackers to use statistical methods to obtain a valid webhook token.

Recommendations For Jenkins MSTeams Webhook Trigger Plugin versions 0.1.1 and earlier, as a temporary workaround, consider disabling the webhook token comparison function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.