Jenkins Gogs
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Jenkins Gogs.
By the Year
In 2024 there have been 0 vulnerabilities in Jenkins Gogs . Last year Gogs had 3 security vulnerabilities published. Right now, Gogs is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 3 | 5.30 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 1 | 8.80 |
2018 | 0 | 0.00 |
It may take a day or so for new Gogs vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Gogs Security Vulnerabilities
Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially
CVE-2023-46657
5.3 - Medium
- October 25, 2023
Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
Incorrect Comparison
Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint
CVE-2023-40349
5.3 - Medium
- August 16, 2023
Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.
Improper Initialization
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.
CVE-2023-40348
5.3 - Medium
- August 16, 2023
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.
Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they
CVE-2019-10348
8.8 - High
- July 11, 2019
Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Cleartext Storage of Sensitive Information
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Gogs or by Jenkins? Click the Watch button to subscribe.