Vulnerabilities (CVE)

Filtered by vendor Jenkins Subscribe
Filtered by product Gitlab Hook
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-2096 1 Jenkins 1 Gitlab Hook 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.
CVE-2018-1000196 1 Jenkins 1 Gitlab Hook 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token.