CVE-2023-2633

Summary

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.

Affected Software

VendorProductVersion RangeStatus
JenkinsJenkins Code Dx Plugin0 <= 3.1.0affected

Weaknesses

  • CWE-256: CWE-256: Plaintext Storage of a Password

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References