Jenkins Observable Differences in Behavior to Error Inputs Vulnerability - CVE-2020-2101 - Vulnerability Database

Jenkins Observable Differences in Behavior to Error Inputs Vulnerability - CVE-2020-2101

Medium

Reference: CVE-2020-2101

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-2101

Title: Jenkins Observable Differences in Behavior to Error Inputs Vulnerability

Overview:

Jenkins 2.218 and earlier LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets which could potentially allow an attacker to use a timing attack to obtain this secret.