Jenkins · Jenkins Gitlab Hook Plugin · CVE-2020-2096
**Name of the Vulnerable Software and Affected Versions**
Jenkins Gitlab Hook Plugin versions 1.4.2 and earlier
**Description**
The issue is related to a reflected XSS vulnerability. It occurs because project names in the "build now" endpoint are not properly escaped, allowing for potential exploitation.
**Recommendations**
For Jenkins Gitlab Hook Plugin versions 1.4.2 and earlier, as a temporary workaround, consider disabling the `build now` endpoint until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.