GHSA-q2fc-9ww2-ggfj
GitHub Security Advisory
Jenkins Quay.io trigger Plugin webhook endpoint can be accessed without authentication
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
Jenkins Quay.io trigger Plugin provides a webhook endpoint at `/quayio-webhook/` that can be used to trigger builds of jobs configured to use a specified repository.
In Quay.io trigger Plugin 0.1 and earlier, this endpoint can be accessed without authentication.
This allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.
Affected Packages
Maven
org.jenkins-ci.plugins:quayio-trigger
Affected versions:
0
(last affected: 0.1)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: August 25, 2025 6:33 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.