CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2023/05/16 9:30 p.m.•21 views

GHSA-MJMF-7WJW-F5XX Jenkins Code Dx Plugin missing permission checks

Jenkins Code Dx Plugin 3.1.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to connect to an attacker-specified URL. Additionally, these HTTP endpoints do not require POST requests, resulting in a cross-site request...

4.3CVSS5AI score0.00103EPSS

Github Security Blog•added 2023/05/16 9:30 p.m.•21 views

Jenkins Code Dx Plugin cross-site request forgery vulnerability

4.3CVSS6.8AI score0.00035EPSS

Github Security Blog•added 2023/05/16 9:30 p.m.•16 views

Jenkins Code Dx Plugin missing permission checks

4.3CVSS6.8AI score0.00103EPSS

OSV•added 2023/05/16 9:30 p.m.•23 views

GHSA-GX2J-5VC3-3794 Jenkins Code Dx Plugin cross-site request forgery vulnerability

4.3CVSS4.7AI score0.00035EPSS

NVD•added 2023/05/16 7:15 p.m.•10 views

CVE-2023-2631

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

4.3CVSS4.5AI score0.00103EPSS

OSV•added 2023/05/16 7:15 p.m.•0 views

CVE-2023-2631

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

4.3CVSS5.8AI score0.00103EPSS

OSV•added 2023/05/16 7:15 p.m.•1 views

CVE-2023-2195

A cross-site request forgery CSRF vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL...

3.5CVSS5.8AI score0.00035EPSS

NVD•added 2023/05/16 7:15 p.m.•17 views

CVE-2023-2195

A cross-site request forgery CSRF vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL...

4.3CVSS4.6AI score0.00035EPSS

Prion•added 2023/05/16 7:15 p.m.•14 views

Cross site request forgery (csrf)

A cross-site request forgery CSRF vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL...

3.5CVSS4.1AI score0.00035EPSS

Exploits0References1Affected Software1

Prion•added 2023/05/16 7:15 p.m.•13 views

Design/Logic Flaw

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

4CVSS4.5AI score0.00103EPSS

Exploits0References1Affected Software1

Github Security Blog•added 2023/05/16 6:30 p.m.•20 views

Jenkins Code Dx Plugin missing permission checks

Jenkins Code Dx Plugin 3.1.0 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system. Code Dx Plugin 4.0.0 requires Item/Configur...

4.3CVSS6.7AI score0.0051EPSS

OSV•added 2023/05/16 6:30 p.m.•22 views

GHSA-GPC2-F62M-C6H6 Jenkins Code Dx Plugin stores API keys in plain text

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionall...

4.3CVSS4.9AI score0.00246EPSS

OSV•added 2023/05/16 6:30 p.m.•16 views

GHSA-5GJQ-5339-X5CV Jenkins Code Dx Plugin missing permission checks

4.3CVSS4.7AI score0.0051EPSS

Github Security Blog•added 2023/05/16 6:30 p.m.•28 views

Jenkins Code Dx Plugin displays API keys in plain text

4.3CVSS6.8AI score0.00306EPSS