Description
An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-519
Related Vulnerabilities
CVE-2021-20327 Vulnerability in npm package mongodb-client-encryption
CVE-2018-1261 Vulnerability in maven package org.springframework.integration:spring-integration-zip
CVE-2015-8315 Vulnerability in maven package org.webjars.npm:ms
CVE-2019-1003031 Vulnerability in maven package org.jenkins-ci.plugins:matrix-project
CVE-2023-36470 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-script