Description
Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2023-2345 | Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs. |
Github GHSA |
GHSA-rc33-44qp-vpvq | Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure |
References
History
Tue, 08 Oct 2024 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Status: PUBLISHED
Assigner: jenkins
Published:
Updated: 2024-10-08T18:22:33.595Z
Reserved: 2023-08-14T16:02:56.436Z
Link: CVE-2023-40349
Updated: 2024-08-02T18:31:53.589Z
Status : Modified
Published: 2023-08-16T15:15:12.187
Modified: 2026-06-17T06:17:21.860
Link: CVE-2023-40349
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-665
Improper Initialization
EUVD
Github GHSA