The logs of the triggered Jenkins job URLs are not properly escaped.
A malicious Git administrators can setup a malicious Jenkins hook to make a victim (also a Git administrator) execute uncontrolled code.
CVSSv3.1 score: 4.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)
- Go to a Git repository and setup a Jenkins hook. The hook must target a malicious endpoint and respond with a 200 HTTP status code and a header
Triggered set to something like
- Push some content to the repository
- Open the logs of the hook and click on the link
OWASP Cross-site Scripting