CVE-2023-46656

Name of the Vulnerable Software and Affected Versions Jenkins Multibranch Scan Webhook Trigger Plugin versions 1.0.9 and earlier

Description The issue is related to information disclosure. It potentially allows a remote attacker to gain unauthorized access to protected information. The problem lies in the non-constant time comparison function used when checking the provided and expected webhook token for equality. This could allow attackers to use statistical methods to obtain a valid webhook token.

Recommendations For Jenkins Multibranch Scan Webhook Trigger Plugin versions 1.0.9 and earlier, as a temporary workaround, consider disabling the webhook token comparison function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.