Lucene search
HistoryAug 16, 2023 - 3:15 p.m.
CVE-2023-40349
jenkins
gogs plugin
cve-2023-40349
security vulnerability
build triggering
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
20.8%
Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.
Affected configurations
Node
jenkinsgogsRange≤1.0.15jenkins
| CPE | Name | Operator | Version |
|---|---|---|---|
| jenkins:gogs | jenkins gogs | le | 1.0.15 |
CNA Affected
[
{
"defaultStatus": "unknown",
"product": "Jenkins Gogs Plugin",
"vendor": "Jenkins Project",
"versions": [
{
"lessThanOrEqual": "1.0.15",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
}
]Related
cvelist
cvelist
CVE-2023-40349
2023-08-16 14:32:57
osv
osv
Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure
2023-08-16 15:30:18
CVE-2023-40349
2023-08-16 15:15:12
nvd
nvd
CVE-2023-40349
2023-08-16 15:15:12
prion
prion
Information disclosure
2023-08-16 15:15:00
github
github
nessus
nessus
Jenkins plugins Multiple Vulnerabilities (2023-08-16)
2023-08-21 00:00:00
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
20.8%
Related for CVE-2023-40349