Liquibase · Liquibase Runner Plugin · CVE-2018-1000146
**Name of the Vulnerable Software and Affected Versions**
Liquibase Runner Plugin versions 1.3.0 and older
**Description**
An arbitrary code execution issue exists that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM.
**Recommendations**
For Liquibase Runner Plugin versions 1.3.0 and older, update to a version newer than 1.3.0 to resolve the issue.