CVE-2020-2283

Name of the Vulnerable Software and Affected Versions Jenkins Liquibase Runner Plugin versions 1.4.5 and earlier

Description The issue results in a stored cross-site scripting (XSS) vulnerability. This occurs because the plugin does not escape changeset contents when showing them on the build page. Attackers who can provide Liquibase changesets evaluated by the plugin can exploit this vulnerability.

Recommendations For versions 1.4.5 and earlier, consider disabling the evaluation of changesets by the plugin until a fix is available. Restrict access to the build page to minimize the risk of exploitation.