Lucene search
K

22 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2192

Malicious code in bioql PyPI...

8.8CVSS8.8AI score0.01577EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/22 3:56 p.m.7 views

CVE-2020-2285

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS6.4AI score0.00691EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:30 a.m.6 views

CVE-2018-1000146

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...

8.8CVSS8.1AI score0.01577EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.7 views

SUSE CVE-2018-1000146

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...

8.8CVSS9.2AI score0.01577EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/24 5:29 p.m.23 views

Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs

Liquibase Runner Plugin 1.4.7 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using another...

4.3CVSS4.9AI score0.00691EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/24 5:29 p.m.23 views

GHSA-XX7G-F287-F9FQ XXE vulnerability in Jenkins Liquibase Runner Plugin

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to provide Liquibase changesets evaluated by the plugin to have Jenkins parse a crafted XML file that uses external entities for extraction of...

7.1CVSS6.8AI score0.00877EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 5:29 p.m.21 views

Stored XSS vulnerability in Jenkins Liquibase Runner Plugin

Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents when showing them on the build page. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers able to provide Liquibase changesets evaluated by the plugin. Liquibase Runner Plugin 1.4.7 no...

5.4CVSS4.9AI score0.00735EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:29 p.m.26 views

XXE vulnerability in Jenkins Liquibase Runner Plugin

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to provide Liquibase changesets evaluated by the plugin to have Jenkins parse a crafted XML file that uses external entities for extraction of...

7.1CVSS6.6AI score0.00877EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/13 1:48 a.m.19 views

GHSA-3HVC-XWJP-XR8M Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...

8.8CVSS8.9AI score0.01577EPSS
Exploits0References6
NVD
NVD
added 2020/09/23 2:15 p.m.25 views

CVE-2020-2285

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4.3CVSS0.00691EPSS
Exploits0References2
OSV
OSV
added 2020/09/23 2:15 p.m.15 views

CVE-2020-2283

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control changeset files evaluated by the plugin...

5.4CVSS5.5AI score
Exploits0References2
Prion
Prion
added 2020/09/23 2:15 p.m.15 views

Information disclosure

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins...

4CVSS4.4AI score0.00691EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/09/23 1:10 p.m.72 views

CVE-2020-2284

Jenkins Liquibase Runner Plugin versions ≤ 1.4.5 are affected by an XXE vulnerability caused by an XML parser not configured to prevent external entities. This could allow an attacker to supply crafted Liquibase changesets that are parsed by Jenkins to exfiltrate secrets or enable SSRF. The issue...

7.1CVSS6.8AI score0.00877EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/09/23 1:10 p.m.75 views

CVE-2020-2285

The CVE concerns Jenkins Liquibase Runner Plugin (versions ≤ 1.4.7). A missing permission check in the plugin’s HTTP endpoint allows attackers with Overall/Read permission to enumerate credentials IDs stored in Jenkins. This credential enumeration is the primary impact described, and attackers co...

4.3CVSS4.4AI score0.00691EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/09/23 1:10 p.m.23 views

CVE-2020-2283

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting XSS vulnerability exploitable by users able to control changeset files evaluated by the plugin...

5.3AI score0.00735EPSS
Exploits0References2
CVE
CVE
added 2020/09/23 1:10 p.m.82 views

CVE-2020-2283

The CVE-2020-2283 entry concerns Jenkins Liquibase Runner Plugin versions 1.4.5 and earlier, where changeset contents are not escaped when shown on the build page, enabling stored XSS. Exploitation requires an attacker able to provide Liquibase changesets evaluated by the plugin. Public advisorie...

5.4CVSS5.2AI score0.00735EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2020/09/23 12:0 a.m.7 views

PT-2020-15515 · Jenkins · Jenkins Liquibase Runner Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Liquibase Runner Plugin versions 1.4.7 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. This can be done...

4.3CVSS4.3AI score0.00691EPSS
Exploits0References7
Prion
Prion
added 2018/04/05 1:29 p.m.12 views

Remote code execution

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...

6.5CVSS8.8AI score0.01577EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/04/05 1:29 p.m.18 views

CVE-2018-1000146

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...

8.8CVSS8.9AI score0.01577EPSS
Exploits0References1
OSV
OSV
added 2018/04/05 1:29 p.m.4 views

CVE-2018-1000146

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM...

8.8CVSS6.4AI score0.01577EPSS
Exploits0References1
Rows per page
Query Builder