Jenkins Liquibase Runner
By the Year
In 2023 there have been 0 vulnerabilities in Jenkins Liquibase Runner . Liquibase Runner did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 3 | 5.60 |
2019 | 0 | 0.00 |
2018 | 1 | 8.80 |
It may take a day or so for new Liquibase Runner vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Jenkins Liquibase Runner Security Vulnerabilities
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents
CVE-2020-2283
5.4 - Medium
- September 23, 2020
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin.
XSS
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2020-2284
7.1 - High
- September 23, 2020
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
XXE
A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier
CVE-2020-2285
4.3 - Medium
- September 23, 2020
A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
AuthZ
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older
CVE-2018-1000146
8.8 - High
- April 05, 2018
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Jenkins Liquibase Runner or by Jenkins? Click the Watch button to subscribe.
