Description

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them.

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-373

Related Vulnerabilities

CVE-2022-41931 Vulnerability in maven package org.xwiki.platform:xwiki-platform-icon-ui

CVE-2020-16037 Vulnerability in npm package electron

CVE-2007-0185 Vulnerability in maven package dwr:dwr

CVE-2015-7536 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-22602 Vulnerability in maven package org.apache.shiro:shiro-spring-boot-starter

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory