CVE-2023-2633

Published: May 16, 2023Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.

Affected (1)

Products: Jenkins: Code Dx

Jenkins

1 product

Code Dx

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Jenkins Code Dx	Up to 3.1.0

Related CWEs

CWE-256

Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3146

Source: disclosure@synopsys.com

Vendor Advisory

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3146

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.