Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-9mc6-vgmq-x6xf

GitHub Security Advisory

Lack of authentication mechanism in Jenkins DotCi Plugin webhook

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

DotCi Plugin provides a webhook endpoint at `/githook/` that can be used to trigger builds of the job for a GitHub repository.

In DotCi Plugin 2.40.00 and earlier, this endpoint can be accessed without authentication.

This allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository for attacker-specified commits.

This plugin has been suspended.

Affected Packages

Maven com.groupon.jenkins-ci.plugins:DotCi
Affected versions: 0 (last affected: 2.40.00)

Related CVEs

CVE-2022-41238

Key Information

GHSA ID
GHSA-9mc6-vgmq-x6xf
Published
September 22, 2022 12:00 AM
Last Modified
May 29, 2025 9:35 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
com.groupon.jenkins-ci.plugins:DotCi
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 24, 2025 6:28 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.