GHSA-3hvc-xwjp-xr8m
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3hvc-xwjp-xr8m
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3hvc-xwjp-xr8m/GHSA-3hvc-xwjp-xr8m.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-3hvc-xwjp-xr8m
- Aliases
-
- CVE-2018-1000146
- Published
- 2022-05-13T01:48:33Z
- Modified
- 2024-12-02T05:44:05.229738Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM
- Details
-
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.
- Database specific
{ "nvd_published_at": "2018-04-05T13:29:00Z", "cwe_ids": [], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-12-15T15:25:20Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000146
- https://github.com/jenkinsci/liquibase-runner-plugin/commit/1817af0b5bb17e690d89c0a1623de8bd47f8c1a1
- https://github.com/jenkinsci/liquibase-runner-plugin/commit/382a1ea84910db28a88089306b24d1e80818f0a5
- https://github.com/jenkinsci/liquibase-runner-plugin/commit/7726ce4569a287e32fbda6f01ad2846ada909436
- https://github.com/jenkinsci/liquibase-runner-plugin
- https://jenkins.io/security/advisory/2018-03-26/#SECURITY-519
Affected packages
Maven / org.jenkins-ci.plugins:liquibase-runner
Package
- Name
- org.jenkins-ci.plugins:liquibase-runner
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jenkins-ci.plugins/liquibase-runner