CVE-2020-2285

2020-09-2314:15:13

Google

osv.dev

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.2%

JSON

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CPENameOperatorVersion
liquibase-runner-plugineq1.2.1
liquibase-runner-plugineq1.0.1
liquibase-runner-plugineqliquibase-runner-1.4.4
liquibase-runner-plugineq1.1.0
liquibase-runner-plugineqliquibase-runner-1.4.5
liquibase-runner-plugineqliquibase-runner-1.4.0
liquibase-runner-plugineq1.2.0
liquibase-runner-plugineqliquibase-runner-1.4.7
liquibase-runner-plugineqliquibase-runner-1.4.3
liquibase-runner-plugineqliquibase-runner-1.4.6

Name	Operator	Version
liquibase-runner-plugin	eq	1.2.1
liquibase-runner-plugin	eq	1.0.1
liquibase-runner-plugin	eq	liquibase-runner-1.4.4
liquibase-runner-plugin	eq	1.1.0
liquibase-runner-plugin	eq	liquibase-runner-1.4.5
liquibase-runner-plugin	eq	liquibase-runner-1.4.0
liquibase-runner-plugin	eq	1.2.0
liquibase-runner-plugin	eq	liquibase-runner-1.4.7
liquibase-runner-plugin	eq	liquibase-runner-1.4.3
liquibase-runner-plugin	eq	liquibase-runner-1.4.6