CVE-2020-2284
published 2020-09-23CVE-2020-2284: Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
high7.1CVSS 3.1
AVNACLPRLUINSUCHILAN
Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jenkins | email_extension_plugin | — | — |
| jenkins | implied_labels_plugin | — | — |
| jenkins | liquibase_changesets_evaluated_by_the_plugin | — | — |
| jenkins | liquibase_runner | <= 1.4.5 | — |
| jenkins | liquibase_runner_plugin | — | — |
| jenkins | lockable_resources_plugin | — | — |
| jenkins | script_security_plugin | — | — |
| jenkins | warnings_next_generation_plugin | — | — |
| jenkins | warnings_plugin | — | — |
| jenkins_project | jenkins_liquibase_runner_plugin | unspecified – 1.4.5 | — |