14 matches found
EUVD-2022-3038
Malicious code in bioql PyPI...
CVE-2018-1000196
A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlabnotifier.rb, views/gitlabnotifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser e.g. malicious...
GHSA-7P4P-V6HR-GP3M Jenkins Gitlab Hook Plugin stores and displays GitLab API token in plain text
A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlabnotifier.rb, views/gitlabnotifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser e.g. malicious...
Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting Exploit Title: Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting Exploit Author: Ai Ho Vendor Homepage : https://jenkins.io/ Effective version : Gitlab Hook Plugin 1.4.2 and earlier References:...
Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
Exploit Title: Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting Exploit Author: Ai Ho Vendor Homepage : https://jenkins.io/ Effective version : Gitlab Hook Plugin 1.4.2 and earlier References: https://jenkins.io/security/advisory/2020-01-15/ CVE: CVE-2020-2096 PoC:...
CVE-2020-2096
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the buildnow endpoint, resulting in a reflected XSS vulnerability...
CVE-2020-2096
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the buildnow endpoint, resulting in a reflected XSS vulnerability...
CVE-2020-2096
CVE-2020-2096 affects Jenkins Gitlab Hook Plugin ≤ 1.4.2. The build_now endpoint fails to escape project names, causing a reflected XSS vulnerability. Impact: attacker can run arbitrary JavaScript in the victim’s browser. PoC exists (e.g., build_now%3Csvg/onload=alert(document.domain)%3E). Remedi...
CloudBees Jenkins Gitlab Hook Plugin Information Disclosure Vulnerability
CloudBees Jenkins is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . Gitlab Hook Plugin is used in one of...
CVE-2018-1000196
A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlabnotifier.rb, views/gitlabnotifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser e.g. malicious...
Information disclosure
A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlabnotifier.rb, views/gitlabnotifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser e.g. malicious...
CVE-2018-1000196
A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlabnotifier.rb, views/gitlabnotifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser e.g. malicious...
CVE-2018-1000196
CVE-2018-1000196 affects CloudBees/Jenkins Gitlab Hook Plugin 1.4.2 and older, where the files gitlab_notifier.rb and views/gitlab_notifier/global.erb expose the configured GitLab token. The vulnerability allows attackers who can access the Jenkins master filesystem or a compromised Jenkins admin...
CVE-2018-1000196
A exposure of sensitive information vulnerability exists in Jenkins Gitlab Hook Plugin 1.4.2 and older in gitlabnotifier.rb, views/gitlabnotifier/global.erb that allows attackers with local Jenkins master file system access or control of a Jenkins administrator's web browser e.g. malicious...