63 matches found
CVE-2023-2633 API keys stored and displayed in plain text by Code Dx Plugin
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them...
CVE-2023-2633
Summary: Jenkins Code Dx Plugin versions 3.1.0 and earlier store/display Code Dx server API keys in plain text in configuration artifacts and on the job configuration form, enabling observers with access to Jenkins config or file system to view keys. The root cause is unmasked, unencrypted storag...
CVE-2023-2633 API keys stored and displayed in plain text by Code Dx Plugin
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them...
CVE-2023-2633
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them...
CVE-2023-2632 API keys stored and displayed in plain text by Code Dx Plugin
Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-2632
Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-2632
CVE-2023-2632 affects the Jenkins Code Dx Plugin (3.1.0 and earlier). The vulnerability arises from unencrypted Code Dx server API keys stored in job config.xml on the Jenkins controller, which can be read by users with Item/Extended Read permission or with controller access. This leads to inform...
CVE-2023-2632 API keys stored and displayed in plain text by Code Dx Plugin
Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...
CVE-2023-2196 Missing permission checks in Code Dx Plugin
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...
CVE-2023-2196
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system...
CVE-2023-2196
CVE-2023-2196: Jenkins Code Dx Plugin
Jenkins Code Dx Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Code Dx Plugin 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Code Dx Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
PT-2023-20615 · Jenkins · Credentials Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Code Dx Plugin versions 3.1.0 and earlier Description: The issue concerns the storage and display of Code Dx server API keys. In affected versions, these keys are stored unencrypted in job config.xml files on the Jenkins controller an...
PT-2023-18356 · Jenkins · Jenkins Code Dx Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Code Dx Plugin versions 3.1.0 and earlier Description: A missing permission check in the plugin allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system. This iss...
CVE-2023-2158
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...
CVE-2023-2158
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...
CVE-2023-2158
Mode C Narrative: The CVE-2023-2158 entry describes a vulnerability in Synopsys Code Dx where versions prior to 2023.4.2 are susceptible to a user impersonation attack. The underlying issue is the use of a hard-coded cipher when generating the Remember Me token, enabling a malicious actor to impe...
CVE-2023-2158 Impersonation through User-Controlled Token
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A...