3 matches found
CVE-2020-2284
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2284
Jenkins Liquibase Runner Plugin versions ≤ 1.4.5 are affected by an XXE vulnerability caused by an XML parser not configured to prevent external entities. This could allow an attacker to supply crafted Liquibase changesets that are parsed by Jenkins to exfiltrate secrets or enable SSRF. The issue...
CVE-2020-2284
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...