CVE-2023-2632— API keys stored and displayed in plain text by Code Dx Plugin
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-2632
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
API keys stored and displayed in plain text by Code Dx Plugin
Source: NVD (National Vulnerability Database)
Vulnerability Description
Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
明文存储口令
Source: NVD (National Vulnerability Database)
Vulnerability Title
Jenkins Code Dx Plugin 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Jenkins和Jenkins Plugin都是Jenkins开源的产品。Jenkins是一个应用软件。一个开源自动化服务器Jenkins提供了数百个插件来支持构建,部署和自动化任何项目。Jenkins Plugin是一个应用软件。 Jenkins Code Dx Plugin 3.1.0及之前版本存在安全漏洞,该漏洞源于将未加密的服务器API密钥存储在config.xml文件中,具有扩展读取权限或访问Jenkins控制器文件系统的用户可以在其中查看。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Jenkins | Jenkins Code Dx Plugin | 0 ~ 3.1.0 | - |
II. Public POCs for CVE-2023-2632
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-2632
请登录查看更多情报信息。
Same Patch Batch · Jenkins · 2023-05-16 · 5 CVEs total
| CVE-2023-2631 | 4.3 MEDIUM | CSRF vulnerability and missing permission checks in Code Dx Plugin |
| CVE-2023-2195 | 4.3 MEDIUM | CSRF vulnerability and missing permission checks in Code Dx Plugin |
| CVE-2023-2633 | 4.3 MEDIUM | API keys stored and displayed in plain text by Code Dx Plugin |
| CVE-2023-2196 | 4.3 MEDIUM | Missing permission checks in Code Dx Plugin |
IV. Related Vulnerabilities
Same product: Jenkins Code Dx Plugin
Same vendor: Jenkins
- CVE-2024-9453
Jenkins-image: sensitive data disclosure when using openshif - CVE-2023-2631
CSRF vulnerability and missing permission checks in Code Dx - CVE-2023-2195
CSRF vulnerability and missing permission checks in Code Dx - CVE-2023-2633
API keys stored and displayed in plain text by Code Dx Plugi - CVE-2023-2196
Missing permission checks in Code Dx Plugin
V. Comments for CVE-2023-2632
No comments yet