GHSA-jrhw-r343-pjwj

Suggest an improvement
Source
https://github.com/advisories/GHSA-jrhw-r343-pjwj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jrhw-r343-pjwj/GHSA-jrhw-r343-pjwj.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jrhw-r343-pjwj
Aliases
  • CVE-2018-1000147
Published
2022-05-14T03:23:45Z
Modified
2024-02-16T07:45:14.075123Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Jenkins Perforce Plugin exposure of sensitive information vulnerability exists
Details

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them

References

Affected packages

Maven / org.jvnet.hudson.plugins:perforce

Package

Name
org.jvnet.hudson.plugins:perforce
View open source insights on deps.dev
Purl
pkg:maven/org.jvnet.hudson.plugins/perforce

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.3.36

Affected versions

1.*

1.0.7
1.0.8
1.0.9
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.0.20
1.0.21
1.0.22
1.0.23
1.0.24
1.0.25
1.0.26
1.0.27
1.0.28
1.0.29
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.1.10
1.1.11
1.1.12
1.1.13
1.1.14
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.3.10
1.3.11
1.3.12
1.3.13
1.3.14
1.3.15
1.3.16
1.3.17
1.3.18
1.3.19
1.3.20
1.3.21
1.3.22
1.3.23
1.3.24
1.3.25
1.3.26
1.3.27
1.3.29
1.3.31
1.3.33
1.3.34
1.3.35
1.3.36