An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.
References
Link | Resource |
---|---|
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-519 | Vendor Advisory |
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-519 | Vendor Advisory |
Configurations
History
21 Nov 2024, 03:39
Type | Values Removed | Values Added |
---|---|---|
References | () https://jenkins.io/security/advisory/2018-03-26/#SECURITY-519 - Vendor Advisory |
Information
Published : 2018-04-05 13:29
Updated : 2024-11-21 03:39
NVD link : CVE-2018-1000146
Mitre link : CVE-2018-1000146
CVE.ORG link : CVE-2018-1000146
JSON object : View
Products Affected
jenkins
- liquibase_runner
CWE