CVE-2023-40349

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 16, 2023
Updated: Aug 18, 2023
CWE ID 665

Summary

CVE-2023-40349 refers to a vulnerability in the Jenkins Gogs Plugin version 1.0.15 and older. This issue arises due to improper initialization of an option designed to secure the plugin's webhook endpoint. As a result, unauthenticated attackers are able to manipulate the plugin and trigger builds of jobs, potentially leading to data compromise or unauthorized code execution within the affected Jenkins environment. Organizations running affected versions of the Jenkins Gogs Plugin are advised to upgrade to the latest version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share