Description

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them.

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-373

Related Vulnerabilities

CVE-2020-6449 Vulnerability in maven package org.webjars.npm:electron

CVE-2010-1157 Vulnerability in maven package tomcat:catalina

CVE-2022-34193 Vulnerability in maven package org.lilicurroad.jenkins:packageversion

CVE-2021-22134 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2017-4972 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory