Jenkins Gogs

Do you want an email whenever new security vulnerabilities are reported in Jenkins Gogs?

By the Year

In 2024 there have been 0 vulnerabilities in Jenkins Gogs . Last year Gogs had 3 security vulnerabilities published. Right now, Gogs is on track to have less security vulnerabilities in 2024 than it did last year.

Year	Vulnerabilities	Average Score
2024	0	0.00
2023	3	5.30
2022	0	0.00
2021	0	0.00
2020	0	0.00
2019	1	8.80
2018	0	0.00

It may take a day or so for new Gogs vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Gogs Security Vulnerabilities

Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially

CVE-2023-46657 5.3 - Medium - October 25, 2023

Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.

Incorrect Comparison

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint

CVE-2023-40349 5.3 - Medium - August 16, 2023

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.

Improper Initialization

The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.

CVE-2023-40348 5.3 - Medium - August 16, 2023

The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.

Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they

CVE-2019-10348 8.8 - High - July 11, 2019

Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.

Cleartext Storage of Sensitive Information

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Gogs or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

Jenkins Gogs
Product

By the Year

Recent Jenkins Gogs Security Vulnerabilities

Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially CVE-2023-46657 5.3 - Medium - October 25, 2023

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint CVE-2023-40349 5.3 - Medium - August 16, 2023

The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output. CVE-2023-40348 5.3 - Medium - August 16, 2023

Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they CVE-2019-10348 8.8 - High - July 11, 2019