CVE-2023-40348: The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.

medium5.3CVSS 3.1

AVNACLPRNUINSUCLINAN

The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.

Affected

15 ranges

Vendor	Product	Version range	Fixed in
jenkins	blue_ocean_plugin	—	—
jenkins	config_file_provider_plugin	—	—
jenkins	delphix_plugin	—	—
jenkins	docker_swarm_plugin	—	—
jenkins	favorite_view_plugin	—	—
jenkins	flaky_test_handler_plugin	—	—
jenkins	folders_plugin	—	—
jenkins	fortify_plugin	—	—
jenkins	gogs	<= 1.0.15	—
jenkins	gogs_plugin	—	—
jenkins	improper_masking_of_credentials_in_nodejs_plugin	—	—
jenkins	nodejs_plugin	—	—
jenkins	shortcut_job_plugin	—	—
jenkins	tuleap_authentication_plugin	—	—
jenkins_project	jenkins_gogs_plugin	<= 1.0.15	—