The following flaw was found in Jenkins: The verification of user-provided API tokens with the expected value did not use a constant-time comparison algorithm, potentially allowing attackers to use statistical methods to determine valid API tokens using brute-force methods. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
This issue has been addressed in the following products: Red Hat OpenShift Enterprise 3.1 Via RHSA-2016:0711 https://access.redhat.com/errata/RHSA-2016:0711
This issue has been addressed in the following products: Red Hat OpenShift Enterprise 2.2 Via RHSA-2016:1773 https://rhn.redhat.com/errata/RHSA-2016-1773.html