Vulnerabilities > Jenkins > Gogs > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-25 | CVE-2023-46657 | Incorrect Comparison vulnerability in Jenkins Gogs Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 |
2023-08-16 | CVE-2023-40348 | Unspecified vulnerability in Jenkins Gogs The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output. | 5.3 |
2023-08-16 | CVE-2023-40349 | Improper Initialization vulnerability in Jenkins Gogs Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs. | 5.3 |