CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Jenkins: >> Gitlab Hook Security Vulnerabilities

CVE-2020-2096

Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.

CVSS Score

6.1

EPSS Score

0.937

Published

2020-01-15

CVE-2018-1000196

A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token.

CVSS Score

6.5

EPSS Score

0.001

Published

2018-06-05

Page 1

Vulnerabilities

Vulnerable Software

Jenkins: >> Gitlab Hook Security Vulnerabilities

Products

Pricing

Contact Us