Lucene search
K

43 matches found

OSV
OSV
added 2023/08/16 3:30 p.m.18 views

GHSA-RC33-44QP-VPVQ Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure

Jenkins Gogs Plugin provides a webhook endpoint at /gogs-webhook that can be used to trigger builds of jobs. In Gogs Plugin 1.0.15 and earlier, an option to specify a Gogs secret for this webhook is provided, but not enabled by default. This allows unauthenticated attackers to trigger builds of...

6.5CVSS5.5AI score0.00577EPSS
Exploits0References3
NVD
NVD
added 2023/08/16 3:15 p.m.28 views

CVE-2023-40349

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs...

5.3CVSS5.3AI score0.00577EPSS
Exploits0References2
NVD
NVD
added 2023/08/16 3:15 p.m.49 views

CVE-2023-40348

The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...

5.3CVSS5.2AI score0.00547EPSS
Exploits0References2
OSV
OSV
added 2023/08/16 3:15 p.m.16 views

CVE-2023-40348

The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...

5.3CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2023/08/16 3:15 p.m.17 views

CVE-2023-40349

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs...

5.3CVSS7.1AI score
Exploits0References2
Prion
Prion
added 2023/08/16 3:15 p.m.22 views

Code injection

The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...

5CVSS5.2AI score0.00547EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/08/16 3:15 p.m.22 views

Information disclosure

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs...

5CVSS5.3AI score0.00577EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/08/16 2:32 p.m.44 views

CVE-2023-40348

The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...

5.9AI score0.00547EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/08/16 2:32 p.m.19 views

CVE-2023-40348

The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...

6.9AI score0.00547EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/16 2:32 p.m.39 views

CVE-2023-40349

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs...

6AI score0.00577EPSS
Exploits0References2
CVE
CVE
added 2023/08/16 2:32 p.m.253 views

CVE-2023-40348

CVE-2023-40348 affects the Jenkins Gogs Plugin (versions up to 1.0.15). The webhook endpoint at /gogs-webhook can be reached by unauthenticated attackers and discloses whether a specific job exists, even if the attacker lacks permission to access that job. The root cause is an information-disclos...

5.3CVSS5.1AI score0.00547EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/08/16 2:32 p.m.248 views

CVE-2023-40349

The CVE-2023-40349 entry concerns Jenkins Gogs Plugin (versions 1.0.15 and earlier). The vulnerability arises from improper initialization of the option intended to secure the webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs. The advisory notes that the webhook endpo...

5.3CVSS5.2AI score0.00577EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.11 views

PT-2023-27405 · Jenkins · Jenkins Gogs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gogs Plugin versions 1.0.15 and earlier Description: The webhook endpoint in Jenkins Gogs Plugin provides unauthenticated attackers with information about the existence of jobs in its output. This endpoint, located at "/gogs-webhook",...

6.5CVSS6.4AI score0.00547EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.6 views

PT-2023-27406 · Jenkins · Jenkins Gogs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gogs Plugin versions 1.0.15 and earlier Description: The Jenkins Gogs Plugin improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs. The plugin provides a webhook...

6.5CVSS5AI score0.00577EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/24 4:50 p.m.25 views

Jenkins Gogs Plugin stored credentials in plain text

Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Gogs Plugin now stores credentials encrypted...

8.8CVSS6.6AI score0.01668EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 4:50 p.m.18 views

GHSA-Q736-RGCP-Q443 Jenkins Gogs Plugin stored credentials in plain text

Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins controller. These credentials could be viewed by users with Extended Read permission, or access to the Jenkins controller file system. Gogs Plugin now stores credentials encrypted...

4.3CVSS8.6AI score0.01668EPSS
Exploits0References4
CNVD
CNVD
added 2019/07/15 12:0 a.m.3 views

Unspecified Vulnerability in CloudBees Jenkins Gogs Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software release/testing projects and some timed tasks . Gogs Plugin is used in one of the Gogs self-hosted Gi...

8.8CVSS6.9AI score0.01668EPSS
Exploits0References1
OSV
OSV
added 2019/07/11 2:15 p.m.12 views

CVE-2019-10348

Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS6.5AI score
Exploits0References4
NVD
NVD
added 2019/07/11 2:15 p.m.26 views

CVE-2019-10348

Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

8.8CVSS8.6AI score0.01668EPSS
Exploits0References4
Prion
Prion
added 2019/07/11 2:15 p.m.17 views

Design/Logic Flaw

Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system...

4CVSS8.6AI score0.01668EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder