CVE-2020-2096

Published: Jan 15, 2020

Modified: Aug 4, 2024

PUBLISHED

Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.

Vendor	Product	Versions
Jenkins project	Jenkins Gitlab Hook Plugin	affected `unspecified - <= 1.4.2` unknown `next of 1.4.2 - < unspecified`

x_refsource_CONFIRM

mailing-list

x_refsource_MLIST

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.