Description
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.
Published: 2023-05-16
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2023-1455 Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.
Github GHSA Github GHSA GHSA-352v-hhmh-2w8h Jenkins Code Dx Plugin displays API keys in plain text
History

Wed, 22 Jan 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Subscriptions

Jenkins Code Dx
cve-icon MITRE

Status: PUBLISHED

Assigner: SNPS

Published:

Updated: 2025-01-22T20:34:19.745Z

Reserved: 2023-05-10T15:00:46.137Z

Link: CVE-2023-2633

cve-icon Vulnrichment

Updated: 2024-08-02T06:26:09.730Z

cve-icon NVD

Status : Modified

Published: 2023-05-16T18:15:17.453

Modified: 2024-11-21T07:58:58.287

Link: CVE-2023-2633

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses