Jenkins Liquibase Runner

Do you want an email whenever new security vulnerabilities are reported in Jenkins Liquibase Runner?

By the Year

In 2023 there have been 0 vulnerabilities in Jenkins Liquibase Runner . Liquibase Runner did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2023	0	0.00
2022	0	0.00
2021	0	0.00
2020	3	5.60
2019	0	0.00
2018	1	8.80

It may take a day or so for new Liquibase Runner vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Jenkins Liquibase Runner Security Vulnerabilities

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents

CVE-2020-2283 5.4 - Medium - September 23, 2020

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin.

XSS

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2020-2284 7.1 - High - September 23, 2020

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

XXE

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier

CVE-2020-2285 4.3 - Medium - September 23, 2020

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

AuthZ

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older

CVE-2018-1000146 8.8 - High - April 05, 2018

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Jenkins Liquibase Runner or by Jenkins? Click the Watch button to subscribe.

Jenkins
Vendor

Jenkins Liquibase Runner
Product

By the Year

Recent Jenkins Liquibase Runner Security Vulnerabilities

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents CVE-2020-2283 5.4 - Medium - September 23, 2020

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. CVE-2020-2284 7.1 - High - September 23, 2020

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier CVE-2020-2285 4.3 - Medium - September 23, 2020

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older CVE-2018-1000146 8.8 - High - April 05, 2018