Liquibase Runner Security Vulnerabilities and Issues — Liquibase Runner CVE List

Lucene search

JenkinsLiquibase Runner

4 matches found

CVE•added 2020/09/23 2:15 p.m.•64 views

CVE-2020-2283

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin.

5.4CVSS5.2AI score0.00233EPSS

CVE•added 2020/09/23 2:15 p.m.•58 views

CVE-2020-2285

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

4.3CVSS4.4AI score0.00031EPSS

CVE•added 2020/09/23 2:15 p.m.•56 views

CVE-2020-2284

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

7.1CVSS6.8AI score0.00066EPSS

CVE•added 2018/04/05 1:29 p.m.•39 views

CVE-2018-1000146

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.

8.8CVSS8.9AI score0.0024EPSS