Description
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.
Remediation
References
Related Vulnerabilities
Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2019-9512)
WordPress Plugin Live Scores for SportsPress Multiple Vulnerabilities (1.9.0)
WordPress Plugin 301 Redirects-Easy Redirect Manager Cross-Site Request Forgery (2.72)
WordPress Plugin Project Supremacy V3 Lite Cross-Site Scripting (1.1)