CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46657
https://notcve.org/view.php?id=CVE-2023-46657
Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. El complemento Jenkins Gogs 1.0.15 y versiones anteriores utiliza una función de comparación de tiempo no constante al verificar si el token de webhook proporcionado y el esperado son iguales, lo que potencialmente permite a los atacantes usar métodos estadísticos para obtener un token de webhook válido. • http://www.openwall.com/lists/oss-security/2023/10/25/2 https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2896 • CWE-697: Incorrect Comparison •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40349
https://notcve.org/view.php?id=CVE-2023-40349
Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-2894 • CWE-665: Improper Initialization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40348
https://notcve.org/view.php?id=CVE-2023-40348
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output. • http://www.openwall.com/lists/oss-security/2023/08/16/3 https://www.jenkins.io/security/advisory/2023-08-16/#SECURITY-2894 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2024 – OS Command Injection in gogs/gogs
https://notcve.org/view.php?id=CVE-2022-2024
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11. • https://github.com/gogs/gogs/commit/15d0d6a94be0098a8227b6b95bdf2daed105ec41 https://huntr.dev/bounties/18cf9256-23ab-4098-a769-85f8da130f97 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1986 – OS Command Injection in gogs/gogs
https://notcve.org/view.php?id=CVE-2022-1986
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. Una Inyección de comandos del Sistema Operativo en el repositorio de GitHub gogs/gogs versiones anteriores a 0.12.9 • https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82 https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •