Description

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them.

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-373

Related Vulnerabilities

CVE-2008-0128 Vulnerability in maven package tomcat:catalina

CVE-2018-1306 Vulnerability in maven package org.apache.portals.pluto:portletv3annotateddemo

CVE-2022-23710 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2011-0534 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2019-10365 Vulnerability in maven package org.jenkins-ci.plugins:google-kubernetes-engine

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory