CVE-2022-34777

Name of the Vulnerable Software and Affected Versions Jenkins GitLab Plugin versions 1.5.34 and earlier

Description The issue is related to a stored cross-site scripting (XSS) vulnerability. It occurs because the plugin does not escape multiple fields inserted into the description of webhook-triggered builds. This makes it exploitable by attackers with Item/Configure permission.

Recommendations For Jenkins GitLab Plugin versions 1.5.34 and earlier, update to version 1.5.35 or later to resolve the issue. As a temporary workaround, consider restricting the Item/Configure permission to minimize the risk of exploitation.