Description
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a constant-time comparison function for validating connection secrets, which could potentially allow an attacker to use a timing attack to obtain this secret.
Remediation
References
Related Vulnerabilities
WordPress Plugin Magic Fields 2 Unspecified Vulnerability (2.3.2.2)
WordPress Plugin Double Opt-In for Download Multiple Cross-Site Scripting Vulnerabilities (2.1.5)
WordPress Plugin DW Question & Answer Cross-Site Scripting (1.4.2.2)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-45038)
WordPress Plugin Powerplay Gallery Multiple Vulnerabilities (3.3)