CVE-2020-2096

Summary

Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Gitlab Hook Pluginunspecified <= 1.4.2affected
Jenkins projectJenkins Gitlab Hook Pluginnext of 1.4.2 < unspecifiedunknown

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References