3 matches found
CVE-2020-2283
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control changeset files evaluated by the plugin...
CVE-2020-2283
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control changeset files evaluated by the plugin...
CVE-2020-2283
The CVE-2020-2283 entry concerns Jenkins Liquibase Runner Plugin versions 1.4.5 and earlier, where changeset contents are not escaped when shown on the build page, enabling stored XSS. Exploitation requires an attacker able to provide Liquibase changesets evaluated by the plugin. Public advisorie...