Description
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them.
Remediation
References
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-373
Related Vulnerabilities
CVE-2018-1000402 Vulnerability in maven package org.jenkins-ci.plugins:codedeploy
CVE-2023-25158 Vulnerability in maven package org.geotools.jdbc:gt-jdbc-oracle
CVE-2015-3192 Vulnerability in maven package org.springframework:spring-oxm
CVE-2016-6659 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa
CVE-2021-21626 Vulnerability in maven package io.jenkins.plugins:warnings-ng