Description

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them.

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-373

Related Vulnerabilities

CVE-2022-45383 Vulnerability in maven package org.jenkins-ci.plugins:support-core

CVE-2023-5720 Vulnerability in maven package io.quarkus:quarkus-project

CVE-2022-4147 Vulnerability in maven package io.quarkus:quarkus-vertx-http

CVE-2020-2317 Vulnerability in maven package org.jvnet.hudson.plugins.findbugs:parent

CVE-2023-30541 Vulnerability in npm package @openzeppelin/contracts-upgradeable

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory