CVE-2020-2283

Summary

Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin.

Affected Software

VendorProductVersion RangeStatus
Jenkins projectJenkins Liquibase Runner Pluginunspecified <= 1.4.5affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

References