Information Exposure in Jenkins Perforce Plugin Affects Sensitive Data Management
CVE-2018-1000147

6.5MEDIUM

Key Information:

Vendor: Perforce
Status: Perforce
Vendor: CVE Published:; 5 April 2018

What is CVE-2018-1000147?

Jenkins Perforce Plugin versions prior to 1.3.36 have a vulnerability that exposes sensitive Perforce passwords configured within jobs. Attackers with insufficient permissions can exploit this flaw, gaining unauthorized access to sensitive information kept in the PerforcePasswordEncryptor.java file. This poses a significant risk to the security of credentials within Jenkins jobs, enabling potential data breaches and unauthorized actions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 5, 2018

JSON

Perforce

What is CVE-2018-1000147?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.