CVE-2023-2196

CWE-22 — Path Traversal CWE-400 — Uncontrolled Resource Consumption9 documents6 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 44.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jenkins Jenkins Code DX Plugin Jenkins Code DX

Timeline

PublishedMay 16

Description

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶Mavenorg.jenkins-ci.plugins:codedx< 4.0.0

▶CVEListV5jenkins/jenkins_code_dx_plugin3.1.0

▶NVDjenkins/code_dx3.1.0

🔴Vulnerability Details

GHSA

Jenkins Code Dx Plugin missing permission checks↗2023-05-16

▶

OSV

Jenkins Code Dx Plugin missing permission checks↗2023-05-16

▶

CVEList

Missing permission checks in Code Dx Plugin↗2023-05-16

▶

OSV

linux-oem-5.14, linux-oem-5.17 vulnerabilities↗2023-03-27

▶

OSV

linux-oem-6.1 vulnerabilities↗2023-03-27

▶

📋Vendor Advisories

Jenkins

Jenkins Security Advisory 2023-05-16↗2023-05-16

▶