CVE-2016-0790
MEDIUMJenkins <1.650-1.642.2 - Info Disclosure
Title source: llmDescription
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach.
Scores
CVSS v3
5.3
EPSS
0.0021
EPSS Percentile
43.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Classification
CWE
CWE-254
CWE-200
Status
draft
Affected Products (4)
jenkins/jenkins
< 1.642.1
redhat/openshift
jenkins/jenkins
< 1.649
org.jenkins-ci.main/jenkins-core
< 1.650Maven
Timeline
Published
Apr 07, 2016
Tracked Since
Feb 18, 2026