Skip to main content

Liquibase Runner

4 CVEs product

Monthly

CVE-2020-2285 Maven MEDIUM PATCH This Month

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Liquibase Runner
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2020-2284 Maven HIGH PATCH This Week

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Liquibase Runner
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2020-2283 Maven MEDIUM PATCH This Month

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Liquibase Runner
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2018-1000146 Maven HIGH PATCH This Week

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins RCE Liquibase Runner
NVD
CVSS 3.0
8.8
EPSS
1.6%
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Liquibase Runner
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Liquibase Runner
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Liquibase Runner
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins RCE Liquibase Runner
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy