cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-46657,https://securityvulnerability.io/vulnerability/CVE-2023-46657,Non-Constant Time Comparison Vulnerability in Jenkins Gogs Plugin,"The Jenkins Gogs Plugin versions 1.0.15 and earlier are susceptible to a vulnerability in which a non-constant time comparison function is used during the evaluation of webhook tokens. This flaw allows malicious actors to exploit statistical methods to derive a valid webhook token by analyzing the response time variations. If successfully exploited, it could compromise the integrity of the webhook mechanism, exposing Jenkins instances to unauthorized access and potential attacks.",Jenkins,Jenkins Gogs Plugin,5.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2023-10-25T18:17:00.000Z,0
CVE-2023-40348,https://securityvulnerability.io/vulnerability/CVE-2023-40348,,The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.,Jenkins,Jenkins Gogs Plugin,5.3,MEDIUM,0.000590000010561198,false,false,false,false,,false,false,2023-08-16T15:15:00.000Z,0
CVE-2023-40349,https://securityvulnerability.io/vulnerability/CVE-2023-40349,,"Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.",Jenkins,Jenkins Gogs Plugin,5.3,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2023-08-16T15:15:00.000Z,0
CVE-2019-10348,https://securityvulnerability.io/vulnerability/CVE-2019-10348,,"Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.",Jenkins,Jenkins Gogs Plugin,8.8,HIGH,0.04845999926328659,false,false,false,false,,false,false,2019-07-11T13:55:17.000Z,0