Liquibase Runner Plugin

Source repositories

CVE	Vendor / Product	CVSS	Published	Description
CVE-2020-2284	Jenkins Project Liquibase Runner Plugin	—	Sep 23, 2020	Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2020-2285	Jenkins Project Liquibase Runner Plugin	—	Sep 23, 2020	A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2020-2283	Jenkins Project Liquibase Runner Plugin	—	Sep 23, 2020	Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin.

CVE-2020-2284Sep 23, 2020
Jenkins Project
Liquibase Runner Plugin
risk 0.00cvss —epss 0.00
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2020-2285Sep 23, 2020
Jenkins Project
Liquibase Runner Plugin
risk 0.00cvss —epss 0.00
A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2020-2283Sep 23, 2020
Jenkins Project
Liquibase Runner Plugin
risk 0.00cvss —epss 0.00
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin.