Description

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them.

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-373

Related Vulnerabilities

CVE-2023-27094 Vulnerability in maven package cn.hippo4j:hippo4j-all

CVE-2020-2282 Vulnerability in maven package org.jenkins-ci.plugins:implied-labels

CVE-2016-3082 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2020-2287 Vulnerability in maven package org.jenkins-ci.plugins:audit-trail

CVE-2020-6460 Vulnerability in npm package electron

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory