Jenkins Gogs Plugin <1.0.15: Unauth Webhook Trigger for Builds
CVE-2023-40349 Published on August 16, 2023

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.

Vendor Advisory NVD

Products Associated with CVE-2023-40349

Want to know whenever a new CVE is published for Jenkins Gogs? stack.watch will email you.

Jenkins Gogs

Affected Versions

Jenkins Project Jenkins Gogs Plugin:

Before and including 1.0.15 is affected.

Exploit Probability

EPSS

0.16%

Percentile

36.30%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Jenkins Gogs Plugin <1.0.15: Unauth Webhook Trigger for BuildsCVE-2023-40349 Published on August 16, 2023

Products Associated with CVE-2023-40349

Affected Versions

Exploit Probability

Jenkins Gogs Plugin <1.0.15: Unauth Webhook Trigger for Builds
CVE-2023-40349 Published on August 16, 2023