CVE-2023-40349

CWE-6655 documents5 sources

Severity

5.3MEDIUM

EPSS

0.2%

top 63.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Project Jenkins Gogs Plugin Jenkins Gogs

Timeline

PublishedAug 16

Description

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:gogs-webhook1.0.15

▶CVEListV5jenkins_project/jenkins_gogs_plugin1.0.15

▶NVDjenkins/gogs1.0.15

🔴Vulnerability Details

GHSA

Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure↗2023-08-16

▶

CVEList

CVE-2023-40349: Jenkins Gogs Plugin 1↗2023-08-16

▶

OSV

Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure↗2023-08-16

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2023-08-16↗2023-08-16

▶