CVE-2023-40349

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs...

PT-2023-27227 · Unknown · Woodpecker

Name of the Vulnerable Software and Affected Versions: Woodpecker versions prior to 1.0.2 Description: An attacker can post malformed webhook data which leads to an update of the repository data, potentially allowing the takeover of a repository. This issue is critical if the CI is configured for...

Jenkins Plugin Gogs 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Woodpecker 输入验证错误漏洞

Woodpecker is a community branch of the Drone CI system. An input validation error vulnerability exists in Woodpecker versions 1.0.0 through 1.0.2, which can be exploited by an attacker to publish incorrectly formatted Webhook data, resulting in repository data updates...

PT-2023-27405 · Jenkins · Jenkins Gogs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gogs Plugin versions 1.0.15 and earlier Description: The webhook endpoint in Jenkins Gogs Plugin provides unauthenticated attackers with information about the existence of jobs in its output. This endpoint, located at "/gogs-webhook",...

Jenkins Plugin Gogs 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

PT-2023-27406 · Jenkins · Jenkins Gogs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gogs Plugin versions 1.0.15 and earlier Description: The Jenkins Gogs Plugin improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs. The plugin provides a webhook...

Leak Of Webhook Secret Token

gitlab is vulnerable to Leak Of Webhook Secret Token. The vulnerability exists because the project maintainer could leak a webhook secret token by changing the webhook URL to an endpoint, allowing them to capture request headers...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability may allow an authenticated user to unmask the Discord Webhook URL through viewing the raw API response...

Leakage Of Webhook Secret

gitlab is vulnerable to Leakage of Webhook Secret. An attacker can leak masked webhook secrets by changing target URL of the webhook...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerable allows an attacker to modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

Improper Access Control

gitlab is vulnerable to Improper Access Control. The vulnerability allows a project export leak the external webhook token value which allows a attacker to access to the projects...

Directory Traversal

gitLab is vulnerable to a directory traversal. The vulnerability occurs because GitLab does not properly validate the URL of a webhook. An attacker can exploit this vulnerability by creating a malicious webhook with a URL that contains a crafted directory traversal sequence. This will cause GitLa...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. The vulnerability exists in the Webhook feature in the library, which allows an attacker to cause an application crash...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability allows a project maintainer to access the DataDog integration API key from webhook logs resulting in disclosure of sensitive information...

Server Side Request Forgery (SSRF)

Description It is possible to access the local environment in the Webhook function. Therefore, Blind SSRF makes it possible to perform a port scan against the local environment. Proof of Concept After logging in, access the webhook setting page, specify the URL with the following pattern, and che...

WordPress Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook Plugin < 6.2 is vulnerable to Cross Site Scripting (XSS)

Software Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook Type Plugin Vulnerable versions 6.2 Fixed in 6.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer...

CVE-2023-3363

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default...

CVE-2023-2620

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions...

Information disclosure

An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to default...