Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jd3h4LWd3d2otcHFqcc4AASkY
Jenkins Perforce Plugin uses ineffective credentials encryption
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with local file system access to obtain encrypted Perforce passwords and decrypt them.
Permalink: https://github.com/advisories/GHSA-cwxx-gwwj-pqjqJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jd3h4LWd3d2otcHFqcc4AASkY
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 3 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-cwxx-gwwj-pqjq, CVE-2018-1000145
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000145
- https://jenkins.io/security/advisory/2018-03-26/#SECURITY-373
- https://github.com/advisories/GHSA-cwxx-gwwj-pqjq
Affected Packages
maven:org.jvnet.hudson.plugins:perforce
Dependent packages: 3Dependent repositories: 65
Downloads:
Affected Version Ranges: <= 1.3.36
No known fixed version
All affected versions: 1.0.7, 1.0.8, 1.0.9, 1.0.13, 1.0.14, 1.0.15, 1.0.16, 1.0.17, 1.0.18, 1.0.19, 1.0.20, 1.0.21, 1.0.22, 1.0.23, 1.0.24, 1.0.25, 1.0.26, 1.0.27, 1.0.28, 1.0.29, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9, 1.1.10, 1.1.11, 1.1.12, 1.1.13