Unauthenticated Remote Build Triggering in Jenkins Gogs Plugin
CVE-2023-40349 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.
Learn more about our Web App Pen Testing.