CVE-2023-40348
Description
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.191
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2023-46657,CVE-2023-40349,CVE-2023-40348 are affected in Jenkins - gogs-webhook 1.0.15 | Windows |
| Vulnerabilities CVE-2023-46657,CVE-2023-40349,CVE-2023-40348 are affected in Jenkins - gogs-webhook for Linux 1.0.15 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234