What the vulnerability does
01Description
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system.
CVE-2023-2196
MEDIUM
CVE-2023-2196: Missing permission checks in Code Dx Plugin
CVSS base score
4.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Key dates
02Disclosure timeline
May 16, 2023
CVE published
January 22, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2020-16245
CVE-2014-10066
CVE-2021-32803 Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
CVE-2024-1165 Brizy – Page Builder <= 2.4.39 - Authenticated (Contributor+) Directory Traversal
CVE-2024-5154 Cri-o: malicious container can create symlink on host
