CVE-2023-40348

CWE-200 — Information Exposure5 documents5 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 59.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Gogs Plugin Jenkins Gogs

Timeline

PublishedAug 16

Description

The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:gogs-webhook1.0.15

▶CVEListV5jenkins_project/jenkins_gogs_plugin1.0.15

▶NVDjenkins/gogs1.0.15

🔴Vulnerability Details

OSV

Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure↗2023-08-16

▶

CVEList

CVE-2023-40348: The webhook endpoint in Jenkins Gogs Plugin 1↗2023-08-16

▶

GHSA

Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure↗2023-08-16

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2023-08-16↗2023-08-16

▶