pkg:maven/org.jenkins-ci.plugins/gogs-webhook
Type
maven
Namespace
org.jenkins-ci.plugins
Name
gogs-webhook
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/gogs-webhook package.
Moderate
3
Medium
2
Low
2
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 1.0.14 |
CVE-2019-10348
|
JENKINS:SECURITY-1438 | `gogs-webhook` stored credentials in plain text | medium |
2019-07-11T00:00:00
(5 years ago) |
|
Fixed | = 1.0.15 |
CVE-2019-10348
|
JENKINS:SECURITY-1438 | `gogs-webhook` stored credentials in plain text | medium |
2019-07-11T00:00:00
(5 years ago) |
|
Affected | <= 1.0.15 |
CVE-2023-40348
CVE-2023-40349 |
JENKINS:SECURITY-2894 | Unsafe default behavior and information disclosure in `gogs-webhook` webhook | medium |
2023-08-16T00:00:00
(13 months ago) |
|
Affected | <= 1.0.15 |
CVE-2023-46657
|
JENKINS:SECURITY-2896 | Non-constant time webhook token comparison in `gogs-webhook` | low |
2023-10-25T00:00:00
(10 months ago) |
|
Affected | <= 1.0.15 |
CVE-2023-46657
|
MAVEN:GHSA-885R-HHPR-CC9P | Jenkins Gogs Plugin uses non-constant time webhook token comparison | low |
2023-10-25T18:32:25
(10 months ago) |
|
Affected | <= 1.0.14 |
CVE-2019-10348
|
MAVEN:GHSA-Q736-RGCP-Q443 | Jenkins Gogs Plugin stored credentials in plain text | moderate |
2022-05-24T16:50:04
(2 years ago) |
|
Fixed | = 1.0.15 |
CVE-2019-10348
|
MAVEN:GHSA-Q736-RGCP-Q443 | Jenkins Gogs Plugin stored credentials in plain text | moderate |
2022-05-24T16:50:04
(2 years ago) |
|
Affected | <= 1.0.15 |
CVE-2023-40348
|
MAVEN:GHSA-QXWC-WCHR-5H29 | Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure | moderate |
2023-08-16T15:30:18
(13 months ago) |
|
Affected | <= 1.0.15 |
CVE-2023-40349
|
MAVEN:GHSA-RC33-44QP-VPVQ | Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure | moderate |
2023-08-16T15:30:18
(13 months ago) |