Description
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form 7 Dynamic Text Extension Cross-Site Scripting (2.0.2.1)
phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-3902)
Envoy Proxy CVE-2024-7207 Vulnerability (CVE-2024-7207)
MongoDb Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6494)
WordPress Plugin YITH WooCommerce Ajax Search Security Bypass (1.6.9)