Описание
Reflected XSS vulnerability in Jenkins gitlab-hook Plugin
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.
Пакеты
Наименование
org.jenkins-ci.ruby-plugins:gitlab-hook
maven
Затронутые версииВерсия исправления
<= 1.4.2
Отсутствует
Связанные уязвимости
CVSS3: 6.1
nvd
около 6 лет назад
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.