Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Jenkins Subscribe
Filtered by product Gitlab Hook
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-2096 1 Jenkins 1 Gitlab Hook 2020-01-21 4.3 MEDIUM 6.1 MEDIUM
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.
CVE-2018-1000196 1 Jenkins 1 Gitlab Hook 2018-07-18 4.0 MEDIUM 6.5 MEDIUM
A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlab_notifier.rb, views/gitlab_notifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser (e.g. malicious extension) to retrieve the configured Gitlab token.