CVE-2018-1000147

MEDIUM

Jenkins Perforce Plugin <1.3.36 - Info Disclosure

Title source: llm
STIX 2.1

Description

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them

References (1)

Core 1
Core References

Scores

CVSS v3 6.5
EPSS 0.0086
EPSS Percentile 54.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
org.jvnet.hudson.plugins/perforce 0Maven
perforce/perforce < 1.3.36
Published Apr 05, 2018
Tracked Since Feb 18, 2026