CVE-2020-2283
published 2020-09-23CVE-2020-2283: Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | email_extension_plugin | — | — |
| jenkins | implied_labels_plugin | — | — |
| jenkins | liquibase_changesets_evaluated_by_the_plugin | — | — |
| jenkins | liquibase_runner | <= 1.4.5 | — |
| jenkins | liquibase_runner_plugin | — | — |
| jenkins | lockable_resources_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | warnings_next_generation_plugin | — | — |
| jenkins | warnings_plugin | — | — |
| jenkins_project | jenkins_liquibase_runner_plugin | unspecified – 1.4.5 | — |