What the vulnerability does
01Description
Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.
CVE-2023-2633
MEDIUM
CVE-2023-2633: API keys stored and displayed in plain text by Code Dx Plugin
CVSS base score
4.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Key dates
02Disclosure timeline
May 16, 2023
CVE published
January 22, 2025
Record updated
External resources
03References
Related vulnerabilities
