Jenkins Gogs Plugin 1.0.15: Unauth Webhook Reveals Job Existence
CVE-2023-40348 Published on August 16, 2023
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2023-40348 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2023-40348
Want to know whenever a new CVE is published for Jenkins Gogs? stack.watch will email you.
Affected Versions
Jenkins Project Jenkins Gogs Plugin:- Before and including 1.0.15 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.