CVE-2023-2631

Cross-Site Request Forgery (CSRF) in maven/org.jenkins-ci.plugins/codedx

Identifiers

GHSA-mjmf-7wjw-f5xx, CVE-2023-2631

Package Slug

maven/org.jenkins-ci.plugins/codedx

Vulnerability

Cross-Site Request Forgery (CSRF)

Description

A missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.

Affected Versions

All versions before 4.0.0

Solution

Upgrade to version 4.0.0 or above.

Last Modified

2023-05-18

source