WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-1000147 Vulnerability in maven package org.jvnet.hudson.plugins:perforce

Description

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-536

Related Vulnerabilities

CVE-2014-3625 Vulnerability in maven package org.springframework:spring-webmvc

CVE-2019-12421 Vulnerability in maven package org.apache.nifi:nifi-administration

CVE-2020-14444 Vulnerability in maven package org.wso2.carbon.identity.framework:org.wso2.carbon.policyeditor.ui

CVE-2018-1999029 Vulnerability in maven package org.jenkins-ci.plugins:shelve-project-plugin

CVE-2014-7810 Vulnerability in maven package org.mortbay.jasper:apache-jsp

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory