Description

Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.

Remediation

References

https://www.jenkins.io/security/advisory/2023-05-16/#SECURITY-3146

Related Vulnerabilities

CVE-2017-5662 Vulnerability in maven package org.apache.xmlgraphics:batik-rasterizer

CVE-2011-1077 Vulnerability in maven package org.apache.archiva:archiva

CVE-2013-4390 Vulnerability in maven package org.apache.sling:org.apache.sling.auth.core

CVE-2023-45827 Vulnerability in npm package @clickbar/dot-diver

CVE-2022-36902 Vulnerability in maven package com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter

Severity

Medium

Classification

CWE-522 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Vendor Advisory