CVE-2020-2284

CWE-611XML External Entity (XXE)CWE-200Information Exposure6 documents5 sources
Severity
7.1HIGH
EPSS
0.1%
top 79.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Liquibase Runner PluginJenkins Liquibase Runner
Timeline
PublishedSep 23
Latest updateMay 24

Description

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.2

Affected Packages3 packages

CVEListV5jenkins_project/jenkins_liquibase_runner_pluginunspecified1.4.5

🔴Vulnerability Details

4
OSV
XXE vulnerability in Jenkins Liquibase Runner Plugin2022-05-24
GHSA
XXE vulnerability in Jenkins Liquibase Runner Plugin2022-05-24
GHSA
Incorrect Access Control in Nacos2021-08-02
CVEList
CVE-2020-2284: Jenkins Liquibase Runner Plugin 12020-09-23

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2020-09-232020-09-23
CVE-2020-2284 (HIGH CVSS 7.1) | Jenkins Liquibase Runner Plugin 1.4 | cvebase.io