CVE-2018-1000145 – org.jvnet.hudson.plugins:perforce

Package

Manager: maven
Name: org.jvnet.hudson.plugins:perforce
Vulnerable Version: >=0 <=1.3.36

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00101 pctl0.28525

Details

Jenkins Perforce Plugin uses ineffective credentials encryption An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them.

Metadata

Created: 2022-05-13T01:48:33Z
Modified: 2024-01-30T22:43:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cwxx-gwwj-pqjq/GHSA-cwxx-gwwj-pqjq.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-cwxx-gwwj-pqjq
Finding: F017
Auto approve: 1