Description

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-536

Related Vulnerabilities

CVE-2022-36890 Vulnerability in maven package org.jenkins-ci.plugins:deployer-framework

CVE-2020-36732 Vulnerability in npm package crypto-js

CVE-2018-3258 Vulnerability in maven package mysql:mysql-connector-java

CVE-2022-22984 Vulnerability in npm package snyk-python-plugin

CVE-2022-39250 Vulnerability in npm package matrix-js-sdk

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory