Description

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-536

Related Vulnerabilities

CVE-2023-32996 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp

CVE-2020-1912 Vulnerability in npm package hermes-engine

CVE-2023-30537 Vulnerability in maven package org.xwiki.platform:xwiki-platform-flamingo-theme-ui

CVE-2014-0113 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2022-26594 Vulnerability in maven package com.liferay:com.liferay.dynamic.data.mapping.form.field.type

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory