CVE-2023-2633

Summary: Jenkins Code Dx Plugin versions 3.1.0 and earlier store/display Code Dx server API keys in plain text in configuration artifacts and on the job configuration form, enabling observers with access to Jenkins config or file system to view keys. The root cause is unmasked, unencrypted storag...

CVE-2023-2632

CVE-2023-2632 affects the Jenkins Code Dx Plugin (3.1.0 and earlier). The vulnerability arises from unencrypted Code Dx server API keys stored in job config.xml on the Jenkins controller, which can be read by users with Item/Extended Read permission or with controller access. This leads to inform...

CVE-2023-2631

CVE-2023-2631 affects Jenkins Code Dx Plugin 3.1.0 and earlier. The issue is missing permission checks on several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL. Some endpoints do not require POST, enabling CSRF. Exploitation status is not ...

CVE-2023-2196

CVE-2023-2196: Jenkins Code Dx Plugin

CVE-2023-2195

The CVE-2023-2195 entry concerns the Jenkins Code Dx Plugin (versions 3.1.0 and earlier) with a CSRF vulnerability. Affected functionality allows attackers with read permission to connect to an attacker‑specified URL due to missing or insufficient permission checks on several HTTP endpoints, and ...