CVE-2023-40349

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 16, 2023

Updated: Aug 18, 2023

CWE ID 665

Summary

CVE-2023-40349 refers to a vulnerability in the Jenkins Gogs Plugin version 1.0.15 and older. This issue arises due to improper initialization of an option designed to secure the plugin's webhook endpoint. As a result, unauthenticated attackers are able to manipulate the plugin and trigger builds of jobs, potentially leading to data compromise or unauthorized code execution within the affected Jenkins environment. Organizations running affected versions of the Jenkins Gogs Plugin are advised to upgrade to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Jenkins Gogs

Affected Vendors

Jenkins

Advisories, Assessments, and Mitigations

Back to Vulnerability Database