This repository has been archived by the owner on Jan 25, 2022. It is now read-only.
CVE-2020-2096/SECURITY-1683 issue #62
Comments
|
The main issue appears to be gitlab-hook-plugin/models/api.rb Line 102 in d52d8b4 where "Don't know how to process '/#{CGI::escapeHTML(params[:splat].first)}'",or similar would fix the issue. Can't test/build at the moment, as setting up a test environment which can run the version of ruby required takes more time then I currently have available. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Jenkins states that the plugin has a CVE where not escaping project names in 'build_now' results in a reflected cross-site scripting vulnerability.
https://www.jenkins.io/security/advisory/2020-01-15/#SECURITY-1683
The text was updated successfully, but these errors were encountered: