CVE-2018-1000146

EUVD-2022-2192
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
jenkinsliquibase_runner
𝑥
≤ 1.3.0
𝑥
= Vulnerable software versions
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-519
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-519