CVE-2022-34174 Information

Description

In Jenkins 2.355 and earlier LTS 2.332.3 and earlier an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username and login attempts with a valid username and wrong password when using the Jenkins user database security realm.

Reference

https://www.jenkins.io/security/advisory/2022-06-22/#SECURITY-2566