This security bulletin contains one low risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected plugin does not use a constant-time comparison when checking whether the provided and computed webhook signatures are equal. A remote user can use statistical methods to obtain a valid webhook signature.Mitigation
Install updates from vendor's website.Vulnerable software versions
GitHub: 0.1 - 1.34.4
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?