Information Disclosure

Codedx is vulnerable to Information Disclosure. The vulnerability exists because the job configuration form does not mask API keys which allows an attacker to gain access to observe and capture the key information...

Information Disclosure

Codedx is vulnerable to Information Disclosure. The vulnerability exists because the server API keys are stored in job config.xml without encrypting which allows an attacker to gain read access on the controller file system...

Cross-Site Request Forgery (CSRF)

Codedx is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists due to not performing several permission checks at http endpoints which allows an attacker with read permission to connect to a specific URL...

Information Disclosure

org.jenkins-ci.plugins:codedx is vulnerable to Information Disclosure. A remote authenticated attacker with item/read permissions is able to gain access user sensitive information such as the existence of an attacker-specified file path on an agent file system...