Description
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-373
Related Vulnerabilities
CVE-2018-14042 Vulnerability in maven package org.webjars:bootstrap-sass
CVE-2021-22096 Vulnerability in maven package org.springframework:spring-webflux
CVE-2019-20174 Vulnerability in npm package auth0-lock
CVE-2014-1403 Vulnerability in npm package easyxdm
CVE-2023-25158 Vulnerability in maven package org.geotools.jdbc:gt-jdbc-postgis