CVE-2023-40349
published 2023-08-16CVE-2023-40349: Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | blue_ocean_plugin | — | — |
| jenkins | config_file_provider_plugin | — | — |
| jenkins | delphix_plugin | — | — |
| jenkins | docker_swarm_plugin | — | — |
| jenkins | favorite_view_plugin | — | — |
| jenkins | flaky_test_handler_plugin | — | — |
| jenkins | folders_plugin | — | — |
| jenkins | fortify_plugin | — | — |
| jenkins | gogs | <= 1.0.15 | — |
| jenkins | gogs_plugin | — | — |
| jenkins | improper_masking_of_credentials_in_nodejs_plugin | — | — |
| jenkins | nodejs_plugin | — | — |
| jenkins | shortcut_job_plugin | — | — |
| jenkins | tuleap_authentication_plugin | — | — |
| jenkins_project | jenkins_gogs_plugin | <= 1.0.15 | — |