-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from two key issues: 1) The classloader creation (Util.createClassLoader) accepted user-controlled paths, allowing loading of arbitrary classes. 2) Driver classname configuration (via PropertiesAssembler) permitted execution of arbitrary static initializers. Commit 1817af0 shows classloader refactoring to prevent workspace-relative paths, while 382a1ea removed driver classname customization - both indicating these were the attack vectors. The high severity CVE-2018-1000146 directly maps to these insecure class loading mechanisms.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.jenkins-ci.plugins:liquibase-runner | maven | < 1.4.3 | 1.4.3 |
A Semantic Attack on Google Gemini - Read the Latest Research