GHSA-5GJQ-5339-X5CV Jenkins Code Dx Plugin missing permission checks

Jenkins Code Dx Plugin 3.1.0 and earlier does not perform a permission check in a method implementing form validation. This allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system. Code Dx Plugin 4.0.0 requires Item/Configur...

Jenkins Code Dx Plugin stores API keys in plain text

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionall...

Jenkins Code Dx Plugin displays API keys in plain text

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionall...

GHSA-352V-HHMH-2W8H Jenkins Code Dx Plugin displays API keys in plain text

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller as part of its configuration. These API keys can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. Additionall...

CVE-2023-2632

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2023-2633

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them...

CVE-2023-2633

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them...

CVE-2023-2632

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2023-2196

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...

CVE-2023-2196

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...

Design/Logic Flaw

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

Design/Logic Flaw

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them...

Design/Logic Flaw

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...

CVE-2023-2631

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2023-2631

CVE-2023-2631 affects Jenkins Code Dx Plugin 3.1.0 and earlier. The issue is missing permission checks on several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL. Some endpoints do not require POST, enabling CSRF. Exploitation status is not ...

CVE-2023-2631 CSRF vulnerability and missing permission checks in Code Dx Plugin

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2023-2631 CSRF vulnerability and missing permission checks in Code Dx Plugin

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL...

CVE-2023-2195

A cross-site request forgery CSRF vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2023-2195 CSRF vulnerability and missing permission checks in Code Dx Plugin

A cross-site request forgery CSRF vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL...

CVE-2023-2195

The CVE-2023-2195 entry concerns the Jenkins Code Dx Plugin (versions 3.1.0 and earlier) with a CSRF vulnerability. Affected functionality allows attackers with read permission to connect to an attacker‑specified URL due to missing or insufficient permission checks on several HTTP endpoints, and ...