Jenkins - Liquibase Runner CVE

Filtered by vendor Jenkins Subscribe

Filtered by product Liquibase Runner

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-2284	1 Jenkins	1 Liquibase Runner	2020-09-28	5.5 MEDIUM	7.1 HIGH
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2018-1000146	1 Jenkins	1 Liquibase Runner	2019-10-03	6.5 MEDIUM	8.8 HIGH
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.

Vulnerabilities (CVE)