Arbitrary Code Execution Vulnerability in Liquibase Runner Plugin 1.3.0 and Older

Arbitrary Code Execution Vulnerability in Liquibase Runner Plugin 1.3.0 and Older

CVE-2018-1000146 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.

Learn more about our Web Application Penetration Testing UK.