Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.jenkins-ci.plugins/codedx@4.0.0
purl pkg:maven/org.jenkins-ci.plugins/codedx@4.0.0
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-4nwv-p4wr-rka3 Jenkins Code Dx Plugin displays API keys in plain text Jenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them. CVE-2023-2633
GHSA-352v-hhmh-2w8h
VCID-5crw-ks9y-73bp Jenkins Code Dx Plugin missing permission checks A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system. CVE-2023-2196
GHSA-5gjq-5339-x5cv
VCID-6vqs-m51x-eqhp Jenkins Code Dx Plugin stores API keys in plain text Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. CVE-2023-2632
GHSA-gpc2-f62m-c6h6
VCID-e1nt-4a7s-n7gz Cross-Site Request Forgery (CSRF) A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. CVE-2023-2631
GHSA-mjmf-7wjw-f5xx
VCID-q75x-sem6-e3dn Cross-Site Request Forgery (CSRF) A cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL. CVE-2023-2195
GHSA-gx2j-5vc3-3794

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:44:49.984141+00:00 GitLab Importer Fixing VCID-4nwv-p4wr-rka3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/codedx/CVE-2023-2633.yml 38.6.0
2026-06-02T04:44:48.839022+00:00 GitLab Importer Fixing VCID-5crw-ks9y-73bp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/codedx/CVE-2023-2196.yml 38.6.0
2026-06-02T04:44:48.767048+00:00 GitLab Importer Fixing VCID-6vqs-m51x-eqhp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/codedx/CVE-2023-2632.yml 38.6.0
2026-06-02T04:44:48.605824+00:00 GitLab Importer Fixing VCID-q75x-sem6-e3dn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/codedx/CVE-2023-2195.yml 38.6.0
2026-06-02T04:44:48.401591+00:00 GitLab Importer Fixing VCID-e1nt-4a7s-n7gz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jenkins-ci.plugins/codedx/CVE-2023-2631.yml 38.6.0