43 matches found
GHSA-RC33-44QP-VPVQ Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure
Jenkins Gogs Plugin provides a webhook endpoint at /gogs-webhook that can be used to trigger builds of jobs. In Gogs Plugin 1.0.15 and earlier, an option to specify a Gogs secret for this webhook is provided, but not enabled by default. This allows unauthenticated attackers to trigger builds of...
CVE-2023-40349
Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs...
CVE-2023-40348
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...
CVE-2023-40348
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...
CVE-2023-40349
Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs...
Code injection
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...
Information disclosure
Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs...
CVE-2023-40348
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...
CVE-2023-40348
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...
CVE-2023-40349
Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs...
CVE-2023-40348
CVE-2023-40348 affects the Jenkins Gogs Plugin (versions up to 1.0.15). The webhook endpoint at /gogs-webhook can be reached by unauthenticated attackers and discloses whether a specific job exists, even if the attacker lacks permission to access that job. The root cause is an information-disclos...
CVE-2023-40349
The CVE-2023-40349 entry concerns Jenkins Gogs Plugin (versions 1.0.15 and earlier). The vulnerability arises from improper initialization of the option intended to secure the webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs. The advisory notes that the webhook endpo...
PT-2023-27405 · Jenkins · Jenkins Gogs Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Gogs Plugin versions 1.0.15 and earlier Description: The webhook endpoint in Jenkins Gogs Plugin provides unauthenticated attackers with information about the existence of jobs in its output. This endpoint, located at "/gogs-webhook",...
PT-2023-27406 · Jenkins · Jenkins Gogs Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Gogs Plugin versions 1.0.15 and earlier Description: The Jenkins Gogs Plugin improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs. The plugin provides a webhook...
Jenkins Gogs Plugin stored credentials in plain text
Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Gogs Plugin now stores credentials encrypted...
GHSA-Q736-RGCP-Q443 Jenkins Gogs Plugin stored credentials in plain text
Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Gogs Plugin now stores credentials encrypted...
Unspecified Vulnerability in CloudBees Jenkins Gogs Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Gogs Plugin is used in one of the Gogs self-hosted Gi...
CVE-2019-10348
Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
CVE-2019-10348
Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...
Design/Logic Flaw
Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...