CVE-2018-1000146

5 documents5 sources
Severity
8.8HIGH
EPSS
0.2%
top 54.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Jenkins Liquibase Runner
Timeline
PublishedApr 5
Latest updateMay 13

Description

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

🔴Vulnerability Details

3
GHSA
Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM2022-05-13
OSV
Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM2022-05-13
CVEList
CVE-2018-1000146: An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 12018-04-05

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2018-03-262018-03-26
CVE-2018-1000146 (HIGH CVSS 8.8) | An arbitrary code execution vulnera | cvebase.io