Unauthenticated Remote Build Triggering in Jenkins Gogs Plugin

Unauthenticated Remote Build Triggering in Jenkins Gogs Plugin

CVE-2023-40349 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.

Learn more about our Web App Pen Testing.