Miggo Logo
Miggo Vulnerability Database
CVE-2017-1000114

CVE-2017-1000114:
Exposure of Sensitive Information in Jenkins Datadog plugin

3.1

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-1000114
GHSA ID
GHSA-hf7w-f4h4-9xp8
EPSS Score
0.07702%
CWE
CWE-200
Published
5/17/2022
Updated
1/30/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.datadog.jenkins.plugins:datadogmaven< 0.6.20.6.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerable function is likely related to the handling of the API key in the global configuration form of the Datadog Plugin. The exact function name is inferred based on typical practices and the information provided in the vulnerability description.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** **t**o* Plu*in stor*s *n *PI k*y to ****ss t** **t**o* s*rvi** in t** *lo**l J*nkins *on*i*ur*tion. W*il* t** *PI k*y is stor** *n*rypt** on *isk, it w*s tr*nsmitt** in pl*in t*xt *s p*rt o* t** *on*i*ur*tion *orm. T*is *oul* r*sult in *xposur* o

Reasoning

T** vuln*r**l* `*un*tion` is lik*ly r*l*t** to t** **n*lin* o* t** *PI k*y in t** *lo**l `*on*i*ur*tion` *orm o* t** `**t**o* Plu*in`. T** *x**t `*un*tion` n*m* is in**rr** **s** on typi**l pr**ti**s *n* t** in*orm*tion provi*** in t** vuln*r**ility