CVE-2023-2633

CWE-256CWE-522Insufficiently Protected Credentials5 documents5 sources
Severity
4.3MEDIUM
EPSS
0.6%
top 31.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Jenkins Code DX PluginJenkins Code DX
Timeline
PublishedMay 16

Description

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDjenkins/code_dx3.1.0

🔴Vulnerability Details

3
CVEList
API keys stored and displayed in plain text by Code Dx Plugin2023-05-16
OSV
Jenkins Code Dx Plugin displays API keys in plain text2023-05-16
GHSA
Jenkins Code Dx Plugin displays API keys in plain text2023-05-16

📋Vendor Advisories

1
Jenkins
Jenkins Security Advisory 2023-05-162023-05-16