CVE-2023-41935

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-697
View all →

Vulnerability Description

Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce.

Related Vulnerabilities

CVE-2005-2801

HIGH
CVSS:7.5(High)

xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied.

CWE-6972005

CVE-2016-10003

HIGH
CVSS:7.5(High)

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as b...

CWE-6972016

CVE-2020-15130

HIGH
CVSS:7.5(High)

In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or oppor...

CWE-6972020

CVE-2020-15131

HIGH
CVSS:7.5(High)

In SLP Validate (npm package slp-validate) before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wa...

CWE-6972020

CVE-2020-22784

HIGH
CVSS:7.5(High)

In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing acces...

CWE-6972020

CVE-2020-23478

HIGH
CVSS:7.5(High)

Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py.

CWE-6972020