{"id":"CVE-2022-23106","details":"Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.","aliases":["GHSA-fpj7-9xm6-8hgr"],"modified":"2026-03-14T11:31:59.310376Z","published":"2022-01-12T20:15:09.207Z","references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2022/01/12/6"},{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2022-01-12/#SECURITY-2141"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/configuration-as-code-plugin","events":[{"introduced":"0"},{"last_affected":"0f58028cffa17394c3eda2818da6482731189ee5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.55"}]}}],"versions":["configuration-as-code-0.1-alpha","configuration-as-code-0.10-alpha","configuration-as-code-0.11-alpha","configuration-as-code-0.2-alpha","configuration-as-code-0.3-alpha","configuration-as-code-0.4-alpha","configuration-as-code-0.5-alpha","configuration-as-code-0.6-alpha","configuration-as-code-0.7-alpha","configuration-as-code-0.8-alpha","configuration-as-code-0.9-alpha","configuration-as-code-1.0","configuration-as-code-1.0-rc1","configuration-as-code-1.0-rc2","configuration-as-code-1.0-rc3","configuration-as-code-1.1","configuration-as-code-1.10","configuration-as-code-1.11","configuration-as-code-1.12","configuration-as-code-1.13","configuration-as-code-1.14","configuration-as-code-1.15","configuration-as-code-1.16","configuration-as-code-1.17","configuration-as-code-1.18","configuration-as-code-1.19","configuration-as-code-1.2","configuration-as-code-1.20","configuration-as-code-1.21","configuration-as-code-1.22","configuration-as-code-1.23","configuration-as-code-1.24","configuration-as-code-1.25","configuration-as-code-1.26","configuration-as-code-1.27","configuration-as-code-1.28","configuration-as-code-1.29","configuration-as-code-1.3","configuration-as-code-1.30","configuration-as-code-1.31","configuration-as-code-1.32","configuration-as-code-1.33","configuration-as-code-1.34","configuration-as-code-1.35","configuration-as-code-1.36","configuration-as-code-1.37","configuration-as-code-1.38","configuration-as-code-1.39","configuration-as-code-1.4","configuration-as-code-1.40","configuration-as-code-1.41","configuration-as-code-1.42","configuration-as-code-1.43","configuration-as-code-1.44","configuration-as-code-1.45","configuration-as-code-1.46","configuration-as-code-1.47","configuration-as-code-1.48","configuration-as-code-1.49","configuration-as-code-1.5","configuration-as-code-1.50","configuration-as-code-1.51","configuration-as-code-1.52","configuration-as-code-1.53","configuration-as-code-1.54","configuration-as-code-1.55","configuration-as-code-1.6","configuration-as-code-1.7","configuration-as-code-1.8","configuration-as-code-1.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23106.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}