Jenkins Gitlab Hook Plugin 1.4.2 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) Vulnerability
Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint. This results in a reflected cross-site scripting vulnerability.
The information has been provided by Ai Ho
The original article can be found at:http://packetstormsecurity.com/files/155967/Jenkins-Gitlab-Hook-1.4.2-Cross-Site-Scripting.html
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.
Jenkins Gitlab Hook Plugin 1.4.2