Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
Jenkins project

jenkins_liquibase_runner

3 Versions 3 CVEs

Versions

1.4.5

SEMANTIC 2 CVEs

unspecified

OTHER 3 CVEs

1.4.7

SEMANTIC 1 CVE

Recent CVEs

CVE-2020-2284

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

UNKNOWN Sep 23, 2020

CVE-2020-2285

A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.

UNKNOWN Sep 23, 2020

CVE-2020-2283

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin.

UNKNOWN Sep 23, 2020