CVE-2023-2633: API keys stored and displayed in plain text by Code Dx Plugin
First published: Tue May 16 2023(Updated: )
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.
Credit: disclosure@synopsys.com disclosure@synopsys.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <=3.1.0 | ||
| Jenkins Code Dx | <=3.1.0 | |
| maven/org.jenkins-ci.plugins:codedx | <4.0.0 | 4.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- collector/github-advisory-latest
- alias/GHSA-352v-hhmh-2w8h
- alias/CVE-2023-2633
- agent/weakness
- agent/type
- agent/references
- agent/author
- agent/softwarecombine
- agent/severity
- collector/github-advisory
- source/GitHub
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/tags
- agent/trending
- vendor/jenkins
- canonical/jenkins code dx
- version/jenkins code dx/3.1.0
- package-manager/maven