Jenkins perforce plugin is vulnerable to sensitive information leakage. It does not properly secure the credentials because PerforcePasswordEncryptor.java
. uses DES and an encryption key stored in its public source code, allowing unauthorized users to get the Perforce passwords configured in jobs.
CPE | Name | Operator | Version |
---|---|---|---|
perforce plugin | le | 1.3.23-h-1 | |
perforce plugin | le | 1.1.14 |