Moderate severityNVD Advisory· Published May 16, 2023· Updated Jan 22, 2025
CSRF vulnerability and missing permission checks in Code Dx Plugin
CVE-2023-2631
Description
A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jenkins-ci.plugins:codedxMaven | < 4.0.0 | 4.0.0 |
Affected products
2- Range: 0
Patches
Vulnerability mechanics
References
4News mentions
1- Jenkins Security Advisory 2023-05-16Jenkins Security Advisories · May 16, 2023