Miggo Logo

CVE-2017-1000114: Exposure of Sensitive Information in Jenkins Datadog plugin

3.1

CVSS Score
3.0

Basic Information

EPSS Score
0.07702%
Published
5/17/2022
Updated
1/30/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.datadog.jenkins.plugins:datadogmaven< 0.6.20.6.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerable function is likely related to the handling of the API key in the global configuration form of the Datadog Plugin. The exact function name is inferred based on typical practices and the information provided in the vulnerability description.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** **t**o* Plu*in stor*s *n *PI k*y to ****ss t** **t**o* s*rvi** in t** *lo**l J*nkins *on*i*ur*tion. W*il* t** *PI k*y is stor** *n*rypt** on *isk, it w*s tr*nsmitt** in pl*in t*xt *s p*rt o* t** *on*i*ur*tion *orm. T*is *oul* r*sult in *xposur* o

Reasoning

T** vuln*r**l* `*un*tion` is lik*ly r*l*t** to t** **n*lin* o* t** *PI k*y in t** *lo**l `*on*i*ur*tion` *orm o* t** `**t**o* Plu*in`. T** *x**t `*un*tion` n*m* is in**rr** **s** on typi**l pr**ti**s *n* t** in*orm*tion provi*** in t** vuln*r**ility