Description

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-536

Related Vulnerabilities

CVE-2018-1199 Vulnerability in maven package org.springframework.security:spring-security-config

CVE-2019-16538 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2019-10428 Vulnerability in maven package org.jenkins-ci.plugins:aqua-security-scanner

CVE-2011-0533 Vulnerability in maven package org.apache.archiva:archiva-common

CVE-2023-37913 Vulnerability in maven package org.xwiki.platform:xwiki-platform-office-importer

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory