Description

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them

Remediation

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY-536

Related Vulnerabilities

CVE-2020-2194 Vulnerability in maven package io.jenkins.plugins:echarts-api

CVE-2014-3661 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2021-21162 Vulnerability in npm package electron

CVE-2014-0119 Vulnerability in maven package org.apache.tomcat:jasper

CVE-2017-2604 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

High

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Vendor Advisory