{"id":"CVE-2023-46658","details":"Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.","aliases":["GHSA-2xpq-5952-38w3"],"modified":"2026-03-14T12:15:32.430113Z","published":"2023-10-25T18:17:40.307Z","references":[{"type":"ADVISORY","url":"https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2876"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2023/10/25/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jenkinsci/teams-webhook-trigger-plugin","events":[{"introduced":"0"},{"last_affected":"f452f13f118a5a1650cc0fae824695f90751f5bf"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.1.1"}]}}],"versions":["teams-webhook-trigger-0.0.1","teams-webhook-trigger-0.1.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"0.1.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46658.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}