CVE-2018-1000146 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-1000146 Interim 1 6 2025-02-17T02:27:34Z current 2021-05-30T14:20:28Z 2025-02-17T02:27:34Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-1000146 An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings An arbitrary code execution vulnerability exists in Liquibase Runner Plugin version 1.3.0 and older that allows an attacker with permission to configure jobs to load and execute arbitrary code on the Jenkins master JVM. CVE-2018-1000146 moderate 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H