Description
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-373
Related Vulnerabilities
CVE-2022-45383 Vulnerability in maven package org.jenkins-ci.plugins:support-core
CVE-2023-5720 Vulnerability in maven package io.quarkus:quarkus-project
CVE-2022-4147 Vulnerability in maven package io.quarkus:quarkus-vertx-http
CVE-2020-2317 Vulnerability in maven package org.jvnet.hudson.plugins.findbugs:parent
CVE-2023-30541 Vulnerability in npm package @openzeppelin/contracts-upgradeable