CVE-2023-2632

MEDIUM

Jenkins Code Dx Plugin <3.1.0 - Info Disclosure

Title source: llm

Description

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

References (1)

Scores

CVSS v3 4.3
EPSS 0.0040
EPSS Percentile 60.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE
CWE-522 CWE-256
Status published

Affected Products (2)

jenkins/code_dx < 3.1.0
org.jenkins-ci.plugins/codedx < 4.0.0Maven

Timeline

Published May 16, 2023
Tracked Since Feb 18, 2026