21 matches found
EUVD-2022-1463
Malicious code in bioql PyPI...
CVE-2025-49146 vulnerabilities
Vulnerabilities for packages: liquibase, apicurio-registry, sonarqube-10, keycloak...
Security Bulletin: Enterprise Content Manager System Monitor For March 2024 - Multiple CVE adressed
Summary Enterprise Content Manager System Monitor is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details...
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Liquibase
Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of Liquibase. Vulnerability Details CVEID:CVE-2022-0839 DESCRIPTION: Liquibase is vulnerable to XML external entity processing, caused by improper validation of user-supplied input by the...
Security Bulletin: Improper Restriction of XML External Entity Reference in liquibase prior to 4.8.0 Affects IBM Partner Engagement Manager (CVE-2022-0839)
Summary IBM Sterling Partner Engagement Manager uses Liquibase that is vulnerable to XML external entity processing, caused by improper validation of user-supplied input by the XMLChangeLogSAXParser function. A remote attacker could exploit this vulnerability to input a malicious XML reference to...
liquibase: Improper Restriction of XML External Entity
A flaw was found in Liquiibase's XMLChangeLogSAXParser function. It uses SAXParser with no FEATURESECUREPROCESSING set, which could possibly allow XML External Entity XXE attacks...
This Week in Spring - May 31st, 2022
Hi, Spring fans! And welcome to another installment of This Week in Spring! Ive just returned from three wonderful weeks overseas and now, Im pleased as punch to convey, that Im home! And hopefully, COVID-19 free! Who knows what sort of nonsense I caught on the flight home, anyway. Some things, I...
GHSA-9HG7-XMF8-JXF9 Stored XSS vulnerability in Jenkins Liquibase Runner Plugin
Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents when showing them on the build page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide Liquibase changesets evaluated by the plugin. Liquibase Runner Plugin 1.4.7 no...
GHSA-44CM-P9Q7-RR3P Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs
Liquibase Runner Plugin 1.4.7 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...
Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...
GHSA-JVFV-HRRC-6Q72 Improper Restriction of XML External Entity Reference in Liquibase
The XMLChangeLogSAXParser function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference...
Improper Restriction of XML External Entity Reference in Liquibase
The XMLChangeLogSAXParser function in Liquibase prior to version 4.8.0 contains an issue that may lead to to Improper Restriction of XML External Entity Reference...
CVE-2022-0839
Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0...
CVE-2022-0839
CVE-2022-0839 affects Liquibase in liquibase/liquibase prior to 4.8.0, due to improper validation in XMLChangeLogSAXParser() that enables XML External Entity processing. This could allow a remote attacker to disclose sensitive information or perform SSRF. The documented remediation is to upgrade ...
CVE-2022-0839 Improper Restriction of XML External Entity Reference in liquibase/liquibase
Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0...
CVE-2022-0839 Improper Restriction of XML External Entity Reference in liquibase/liquibase
Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0...
in liquibase/liquibase
Description The XMLChangeLogSAXParser function makes use of SAXParser generated from a SAXParserFactory with no FEATURESECUREPROCESSING set, allowing for XXE attacks. In...
CVE-2020-2283
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control changeset files evaluated by the plugin...
CVE-2020-2284
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2020-2285
A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...