Vulnerability
Description
Jenkins Gitlab Hook Plugin 1.4.2 and earlier are vulnerable to Reflected cross-site scripting(XSS) so it does not escape project names in the build_now endpoint It allows remote attackers to inject arbitrary web script or HTML to the webpage.
Recommendations
- Update Jenkins Gitlab Hook plugin to the latest version
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
