Vulnerabilities for Liquibase runner (...) - CXSECURITY.COM

Vulnerabilities for 'Liquibase runner'

2020-09-23

CVE-2020-2285

CWE-862

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

CVE-2020-2284

CWE-611

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVE-2020-2283

CWE-79

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin.

2018-04-05

CVE-2018-1000146

CWE-noinfo

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.

>>> Vendor: Jenkins 480 Products

Active directory

Pluggable authentication module

Build failure analyzer

Vrealize orchestrator

Openstack cloud

Image gallery plugin

Extra columns plugin

Script security

Github branch source

Config file provider

Owasp dependency-check

Pipeline-input-step

Deploy to container

Static analysis utilities

Periodic backup

Role-based authorization strategy

Parameterized trigger

Favorite plugin

Translation assistance

Pipeline nodes and processes

Delivery pipeline

Build-publisher

Dependency graph viewer

Global-build-stats

Credentials binding

Pipeline supporting apis

Google-play-android-publisher

Promoted builds

Job and node ownership

Cucumber living documentation

Github pull request builder

Reverse proxy auth

Liquibase runner

See all Products for Vendor Jenkins

Copyright 2024, cxsecurity.com