3.1

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-1000114

GHSA ID

GHSA-hf7w-f4h4-9xp8

EPSS Score

0.07702%

CWE

CWE-200

Published

5/17/2022

Updated

1/30/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-1000114

CVE-2017-1000114: Exposure of Sensitive Information in Jenkins Datadog plugin

The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser extensions or cross-site scripting vulnerabilities. The Datadog Plugin now encrypts the API key transmitted to administrators viewing the global configuration form.

(GitHub Advisory)

3.1

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-1000114

GHSA ID

GHSA-hf7w-f4h4-9xp8

EPSS Score

0.07702%

CWE

CWE-200

Published

5/17/2022

Updated

1/30/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.datadog.jenkins.plugins:datadog	maven	< 0.6.2	0.6.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerable function is likely related to the handling of the API key in the global configuration form of the Datadog Plugin. The exact function name is inferred based on typical practices and the information provided in the vulnerability description.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** **t**o* Plu*in stor*s *n *PI k*y to ****ss t** **t**o* s*rvi** in t** *lo**l J*nkins *on*i*ur*tion. W*il* t** *PI k*y is stor** *n*rypt** on *isk, it w*s tr*nsmitt** in pl*in t*xt *s p*rt o* t** *on*i*ur*tion *orm. T*is *oul* r*sult in *xposur* o

Reasoning

T** vuln*r**l* `*un*tion` is lik*ly r*l*t** to t** **n*lin* o* t** *PI k*y in t** *lo**l `*on*i*ur*tion` *orm o* t** `**t**o* Plu*in`. T** *x**t `*un*tion` n*m* is in**rr** **s** on typi**l pr**ti**s *n* t** in*orm*tion provi*** in t** vuln*r**ility

3.1

Basic Information

Concerned about an active attack path?

CVE-2017-1000114: Exposure of Sensitive Information in Jenkins Datadog plugin

3.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI