CVE-2023-2195: A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL.

low3.5CVSS 3.1

AVNACLPRLUIRSUCNILAN

A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL.

Affected

24 ranges

Vendor	Product	Version range	Fixed in
jenkins	ansible_plugin	—	—
jenkins	appspider_plugin	—	—
jenkins	azure_vm_agents_plugin	—	—
jenkins	cas_plugin	—	—
jenkins	code_dx	<= 3.1.0	—
jenkins	code_dx_plugin	—	—
jenkins	credentials_plugin	—	—
jenkins	email_extension_plugin	—	—
jenkins	file_parameter_plugin	—	—
jenkins	hashicorp_vault_plugin	—	—
jenkins	ids_in_azure_vm_agents_plugin	—	—
jenkins	improper_masking_of_credentials_in_hashicorp_vault_plugin	—	—
jenkins	jenkins_code_dx_plugin	<= 3.1.0	—
jenkins	job_plugin	—	—
jenkins	ldap_plugin	—	—
jenkins	loadcomplete_support_plugin	—	—
jenkins	ns-nd_integration_performance_publisher_plugin	—	—
jenkins	pipeline_utility_steps_plugin	—	—
jenkins	reverse_proxy_auth_plugin	—	—
jenkins	sidebar_link_plugin	—	—
jenkins	tag_profiler_plugin	—	—
jenkins	testcomplete_support_plugin	—	—
jenkins	testng_report_files_and_displayed_on_the_plugin	—	—
jenkins	testng_results_plugin	—	—