Lucene search
Veracode Vulnerability DatabaseVERACODE:40723HistoryMay 30, 2023 - 7:35 a.m.
Information Disclosure
2023-05-3007:35:43
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
codedx
information disclosure
server api keys
job configuration
unencrypted
attacker access
0.0005 Low
EPSS
Percentile
17.5%
Codedx is vulnerable to Information Disclosure. The vulnerability exists because the server API keys are stored in job config.xml without encrypting which allows an attacker to gain read access on the controller file system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| code dx plugin | le | 3.1.0 | |
| code dx plugin | le | 3.1.0 |
Related
alpinelinux
alpinelinux
CVE-2023-2632
2023-05-16 18:15:17
cve
cve
CVE-2023-2632
2023-05-16 18:15:17
nvd
nvd
CVE-2023-2632
2023-05-16 18:15:17
cvelist
cvelist
CVE-2023-2632 API keys stored and displayed in plain text by Code Dx Plugin
2023-05-16 17:54:11
github
github
Jenkins Code Dx Plugin stores API keys in plain text
2023-05-16 18:30:16
prion
prion
Design/Logic Flaw
2023-05-16 18:15:00
osv
osv
Jenkins Code Dx Plugin stores API keys in plain text
2023-05-16 18:30:16
