CVE-2018-1000147 – org.jvnet.hudson.plugins:perforce

Package

Manager: maven
Name: org.jvnet.hudson.plugins:perforce
Vulnerable Version: >=0 <=1.3.36

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0031 pctl0.53615

Details

Jenkins Perforce Plugin exposure of sensitive information vulnerability exists An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them

Metadata

Created: 2022-05-14T03:23:45Z
Modified: 2024-01-09T21:03:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jrhw-r343-pjwj/GHSA-jrhw-r343-pjwj.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-jrhw-r343-pjwj
Finding: F038
Auto approve: 1