Information Exposure in Jenkins Perforce Plugin Affects Sensitive Data Management
CVE-2018-1000147

6.5MEDIUM

Key Information:

Vendor: Perforce
Status: Perforce
Vendor: CVE Published:; 5 April 2018

What is CVE-2018-1000147?

Jenkins Perforce Plugin versions prior to 1.3.36 have a vulnerability that exposes sensitive Perforce passwords configured within jobs. Attackers with insufficient permissions can exploit this flaw, gaining unauthorized access to sensitive information kept in the PerforcePasswordEncryptor.java file. This poses a significant risk to the security of credentials within Jenkins jobs, enabling potential data breaches and unauthorized actions.

References

https://jenkins.io/security/advisory/2018-03-26/#SECURITY...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 5, 2018