Loading HuntDB...

GHSA-q2fc-9ww2-ggfj

GitHub Security Advisory

Jenkins Quay.io trigger Plugin webhook endpoint can be accessed without authentication

✓ GitHub Reviewed MODERATE Has CVE

Advisory Details

Jenkins Quay.io trigger Plugin provides a webhook endpoint at `/quayio-webhook/` that can be used to trigger builds of jobs configured to use a specified repository.

In Quay.io trigger Plugin 0.1 and earlier, this endpoint can be accessed without authentication.

This allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.

Affected Packages

Maven org.jenkins-ci.plugins:quayio-trigger
Affected versions: 0 (last affected: 0.1)

Related CVEs

Key Information

GHSA ID
GHSA-q2fc-9ww2-ggfj
Published
April 12, 2023 6:30 PM
Last Modified
April 12, 2023 10:19 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.jenkins-ci.plugins:quayio-trigger
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 25, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.