CVE-2018-1000146 - CERT CVE

  1. CVE-2018-1000146

ID CVE-2018-1000146
Sažetak An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.
Reference
CVSS
Base: 6.5
Impact: 6.4
Exploitability:8.0
Pristup
VektorSloženostAutentikacija
NETWORK LOW SINGLE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL PARTIAL
CVSS vektor AV:N/AC:L/Au:S/C:P/I:P/A:P
Zadnje važnije ažuriranje 03-10-2019 - 00:03
Objavljeno 05-04-2018 - 13:29