CVE-2018-1000147
MEDIUMJenkins Perforce Plugin <1.3.36 - Info Disclosure
Title source: llmDescription
An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://jenkins.io/security/advisory/2018-03-26/#SECURITY-536
Scores
CVSS v3
6.5
EPSS
0.0086
EPSS Percentile
54.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
org.jvnet.hudson.plugins/perforce
0Maven
perforce/perforce
< 1.3.36
Published
Apr 05, 2018
Tracked Since
Feb 18, 2026