CVE-2018-1000147: Exposure of Sensitive Information to an Unauthorized Actor

May 14, 2022 (updated January 9, 2024)

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them

References

github.com/advisories/GHSA-jrhw-r343-pjwj
jenkins.io/security/advisory/2018-03-26/
nvd.nist.gov/vuln/detail/CVE-2018-1000147

Code Behaviors & Features

Detect and mitigate CVE-2018-1000147 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →