Skip to main content

Gitlab Hook

2 CVEs product

Monthly

CVE-2020-2096 Maven MEDIUM POC THREAT This Month

Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab Jenkins Gitlab Hook
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
89.4%
CVE-2018-1000196 Maven MEDIUM This Month

A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Jenkins Information Disclosure Gitlab Hook
NVD
CVSS 3.0
6.5
EPSS
1.2%
EPSS 89% CVSS 6.1
MEDIUM POC THREAT This Month

Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gitlab Jenkins +1
NVD Exploit-DB
EPSS 1% CVSS 6.5
MEDIUM This Month

A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Jenkins Information Disclosure +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy