Lucene search
Jenkins Liquibase Runner Plugin Security Vulnerabilities
cve
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the...
5.4CVSS
5.2AI Score
0.001EPSS
2020-09-23 02:15 PM
44
cve
A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in...
4.3CVSS
4.4AI Score
0.001EPSS
2020-09-23 02:15 PM
37
cve
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE)...
7.1CVSS
6.8AI Score
0.001EPSS
2020-09-23 02:15 PM
37