GHSA-QXWC-WCHR-5H29 Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure

Jenkins Gogs Plugin provides a webhook endpoint at /gogs-webhook that can be used to trigger builds of jobs. In Gogs Plugin 1.0.15 and earlier, an option to specify a Gogs secret for this webhook is provided, but not enabled by default. This allows unauthenticated attackers to trigger builds of...

CVE-2023-40348

The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...

CVE-2023-40349

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs...

CVE-2023-40349

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs...

Information disclosure

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs...

Code injection

The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...

CVE-2023-40348

The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...

CVE-2023-40349

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs...

PT-2023-27227 · Unknown · Woodpecker

Name of the Vulnerable Software and Affected Versions: Woodpecker versions prior to 1.0.2 Description: An attacker can post malformed webhook data which leads to an update of the repository data, potentially allowing the takeover of a repository. This issue is critical if the CI is configured for...

Woodpecker 输入验证错误漏洞

Woodpecker is a community branch of the Drone CI system. An input validation error vulnerability exists in Woodpecker versions 1.0.0 through 1.0.2, which can be exploited by an attacker to publish incorrectly formatted Webhook data, resulting in repository data updates...

PT-2023-27405 · Jenkins · Jenkins Gogs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gogs Plugin versions 1.0.15 and earlier Description: The webhook endpoint in Jenkins Gogs Plugin provides unauthenticated attackers with information about the existence of jobs in its output. This endpoint, located at "/gogs-webhook",...

Jenkins Plugin Gogs 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-27406 · Jenkins · Jenkins Gogs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gogs Plugin versions 1.0.15 and earlier Description: The Jenkins Gogs Plugin improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs. The plugin provides a webhook...

Jenkins Plugin Gogs 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Leak Of Webhook Secret Token

gitlab is vulnerable to Leak Of Webhook Secret Token. The vulnerability exists because the project maintainer could leak a webhook secret token by changing the webhook URL to an endpoint, allowing them to capture request headers...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability may allow an authenticated user to unmask the Discord Webhook URL through viewing the raw API response...

Leakage Of Webhook Secret

gitlab is vulnerable to Leakage of Webhook Secret. An attacker can leak masked webhook secrets by changing target URL of the webhook...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerable allows an attacker to modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

Improper Access Control

gitlab is vulnerable to Improper Access Control. The vulnerability allows a project export leak the external webhook token value which allows a attacker to access to the projects...

Directory Traversal

gitLab is vulnerable to a directory traversal. The vulnerability occurs because GitLab does not properly validate the URL of a webhook. An attacker can exploit this vulnerability by creating a malicious webhook with a URL that contains a crafted directory traversal sequence. This will cause GitLa...