CVE-2023-40349

Summary

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.

Affected Software

VendorProductVersion RangeStatus
Jenkins ProjectJenkins Gogs Plugin0 <= 1.0.15affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References