3 matches found
Jenkins GitLab Plugin Cross-Site Scripting (CVE-2022-34777)
A stored cross-site scripting vulnerability exists in Jenkins GitLab Plugin. This vulnerability is due to insufficient validation of user provided fields in the build cause of webhook triggered builds...
CVE-2022-34777
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...
CVE-2022-34777
Summary of CVE-2022-34777: The Jenkins GitLab Plugin (versions 1.5.34 and earlier) does not escape multiple fields in the description of webhook-triggered builds, causing a stored cross-site scripting (XSS) vulnerability. Exploitation requires Item/Configure permission. The issue is documented in...