CVE-2023-40348

Summary

The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins Gogs Plugin0 <= 1.0.15affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References