Every CVE whose affected-product data names Jenkins Gogs, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2019-10348 — CVSS 8.8 (high): Jenkins Gogs Plugin stored credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with…
CVE-2023-40348 — CVSS 5.3 (medium): The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs…
CVE-2023-40349 — CVSS 5.3 (medium): Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers…
CVE-2023-46657 — CVSS 5.3 (medium): Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook…