Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistJenkinsCVELIST:CVE-2023-37944
HistoryJul 12, 2023 - 3:52 p.m.

CVE-2023-37944

2023-07-1215:52:47
jenkins
www.cve.org
5
cve-2023-37944
jenkins
datadog plugin
permission check
unauthorized access
credentials capture

EPSS

0.001

Percentile

28.0%

JSON

A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Jenkins Datadog Plugin",
    "vendor": "Jenkins Project",
    "versions": [
      {
        "lessThanOrEqual": "5.4.1",
        "status": "affected",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]

Related

prion 1
github 1
osv 2
veracode 1
nvd 1
cve 1
alpinelinux 1
prion
prion
Design/Logic Flaw
2023-07-12 16:15:00
github
github
Jenkins Datadog Plugin does not perform a permission check in an HTTP endpoint.
2023-07-12 18:30:38
osv
osv
CVE-2023-37944
2023-07-12 16:15:13
Jenkins Datadog Plugin does not perform a permission check in an HTTP endpoint.
2023-07-12 18:30:38
veracode
veracode
Improper Access Control
2023-07-17 10:01:50
nvd
nvd
CVE-2023-37944
2023-07-12 16:15:13
cve
cve
CVE-2023-37944
2023-07-12 16:15:13
alpinelinux
alpinelinux
CVE-2023-37944
2023-07-12 16:15:13

EPSS

0.001

Percentile

28.0%

JSON
Related for CVELIST:CVE-2023-37944
prion1github1osv2veracode1nvd1cve1alpinelinux1