pkg:maven/org.jenkins-ci.plugins/liquibase-runner
Type
maven
Namespace
org.jenkins-ci.plugins
Name
liquibase-runner
Known advisories, vulnerabilities and fixes for org.jenkins-ci.plugins/liquibase-runner package.
High
5
Moderate
2
Medium
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | <= 1.4.5 |
CVE-2020-2283
|
JENKINS:SECURITY-1885 | Stored XSS vulnerability in `liquibase-runner` | high |
2020-09-23T00:00:00
(4 years ago) |
|
Fixed | = 1.4.7 |
CVE-2020-2283
|
JENKINS:SECURITY-1885 | Stored XSS vulnerability in `liquibase-runner` | high |
2020-09-23T00:00:00
(4 years ago) |
|
Affected | <= 1.4.5 |
CVE-2020-2284
|
JENKINS:SECURITY-1887 | XXE vulnerability in `liquibase-runner` | high |
2020-09-23T00:00:00
(4 years ago) |
|
Fixed | = 1.4.7 |
CVE-2020-2284
|
JENKINS:SECURITY-1887 | XXE vulnerability in `liquibase-runner` | high |
2020-09-23T00:00:00
(4 years ago) |
|
Affected | <= 1.4.7 |
CVE-2020-2285
|
JENKINS:SECURITY-2030 | Missing permission check in `liquibase-runner` allows enumerating credentials IDs | medium |
2020-09-23T00:00:00
(4 years ago) |
|
Fixed | = 1.4.8 |
CVE-2020-2285
|
JENKINS:SECURITY-2030 | Missing permission check in `liquibase-runner` allows enumerating credentials IDs | medium |
2020-09-23T00:00:00
(4 years ago) |
|
Affected | <= 1.3.0 |
CVE-2018-1000146
|
JENKINS:SECURITY-519 | Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM | high |
2018-03-26T00:00:00
(6 years ago) |
|
Affected | < 1.4.3 |
CVE-2018-1000146
|
MAVEN:GHSA-3HVC-XWJP-XR8M | Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM | high |
2022-05-13T01:48:33
(2 years ago) |
|
Fixed | = 1.4.3 |
CVE-2018-1000146
|
MAVEN:GHSA-3HVC-XWJP-XR8M | Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM | high |
2022-05-13T01:48:33
(2 years ago) |
|
Affected | <= 1.4.7 |
CVE-2020-2285
|
MAVEN:GHSA-44CM-P9Q7-RR3P | Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs | moderate |
2022-05-24T17:29:16
(2 years ago) |
|
Fixed | = 1.4.8 |
CVE-2020-2285
|
MAVEN:GHSA-44CM-P9Q7-RR3P | Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs | moderate |
2022-05-24T17:29:16
(2 years ago) |
|
Affected | <= 1.4.5 |
CVE-2020-2283
|
MAVEN:GHSA-9HG7-XMF8-JXF9 | Stored XSS vulnerability in Jenkins Liquibase Runner Plugin | moderate |
2022-05-24T17:29:16
(2 years ago) |
|
Fixed | = 1.4.6 |
CVE-2020-2283
|
MAVEN:GHSA-9HG7-XMF8-JXF9 | Stored XSS vulnerability in Jenkins Liquibase Runner Plugin | moderate |
2022-05-24T17:29:16
(2 years ago) |
|
Affected | <= 1.4.5 |
CVE-2020-2284
|
MAVEN:GHSA-XX7G-F287-F9FQ | XXE vulnerability in Jenkins Liquibase Runner Plugin | high |
2022-05-24T17:29:16
(2 years ago) |
|
Fixed | = 1.4.7 |
CVE-2020-2284
|
MAVEN:GHSA-XX7G-F287-F9FQ | XXE vulnerability in Jenkins Liquibase Runner Plugin | high |
2022-05-24T17:29:16
(2 years ago) |