CVE-2023-2631
published 2023-05-16CVE-2023-2631: A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome_chrome | — | — | |
| jenkins | ansible_plugin | — | — |
| jenkins | appspider_plugin | — | — |
| jenkins | azure_vm_agents_plugin | — | — |
| jenkins | cas_plugin | — | — |
| jenkins | code_dx | <= 3.1.0 | — |
| jenkins | code_dx_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | email_extension_plugin | — | — |
| jenkins | file_parameter_plugin | — | — |
| jenkins | hashicorp_vault_plugin | — | — |
| jenkins | ids_in_azure_vm_agents_plugin | — | — |
| jenkins | improper_masking_of_credentials_in_hashicorp_vault_plugin | — | — |
| jenkins | jenkins_code_dx_plugin | <= 3.1.0 | — |
| jenkins | job_plugin | — | — |
| jenkins | ldap_plugin | — | — |
| jenkins | loadcomplete_support_plugin | — | — |
| jenkins | ns-nd_integration_performance_publisher_plugin | — | — |
| jenkins | pipeline_utility_steps_plugin | — | — |
| jenkins | reverse_proxy_auth_plugin | — | — |
| jenkins | sidebar_link_plugin | — | — |
| jenkins | tag_profiler_plugin | — | — |
| jenkins | testcomplete_support_plugin | — | — |
| jenkins | testng_report_files_and_displayed_on_the_plugin | — | — |
| jenkins | testng_results_plugin | — | — |