Home

CVE-2023-40349

Description

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.

Risk Information

Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.157

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2023-46657,CVE-2023-40349,CVE-2023-40348 are affected in Jenkins - gogs-webhook 1.0.15Windows
Vulnerabilities CVE-2023-46657,CVE-2023-40349,CVE-2023-40348 are affected in Jenkins - gogs-webhook for Linux 1.0.15Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234