Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.
Jenkins GitHub Plugin versiones v1.34.4 y anteriores, usa una función de comparación de tiempo no constante cuando comprueba si las firmas de webhooks proporcionadas y calculadas son iguales, permitiendo a atacantes usar métodos estadísticos para obtener una firma de webhook válida
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.56. Issues addressed include bypass, code execution, cross site request forgery, cross site scripting, denial of service, deserialization, and improper authorization vulnerabilities.
