394 matches found
Malicious Package
Overview alertyplugin-datadog-event is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview datadog-proxy is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using datadog-proxy...
Malicious Package
Overview alerty-plugin-datadog-event is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Malicious Package
Overview datadogcli is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using datadogcli...
Malicious Package
Overview datadognotifications is a malicious package. Affected versions of this package were found to be a Malicious Package, as it utilised typosquatting to run Malicious 3rd party scripts. It replaced genuine packages using an and replaced it with - and vice versa Remediation Avoid using...
Circumvents open_basedir INI directive
More info at https://github.com/DataDog/dd-trace-php/releases/tag/0.30.0...
Shopify: Publicly Accessible Datadog link
During my daily scanning of shopify and shopify's internal domain Shopify.io, I landed on a personal bookmark of an employee: █████████ who works at Guru at Shopify. The link for personal bookmark is here: ███ There is a personal bookmark called ██████████. When going to the link: ████████ it...
CVE-2017-1000114
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...
CVE-2017-1000114
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...
Cross site scripting
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...
CVE-2017-1000114
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...
CVE-2017-1000114
CVE-2017-1000114 concerns the Jenkins/Datadog plugin where the API key used to access Datadog was stored in the global Jenkins configuration and transmitted in plain text via the configuration form, potentially exposing the key through browser extensions or XSS. Documents indicate the plugin was ...
CloudBees Jenkins Datadog Plugin Information Disclosure Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . Datadog Plugin is one ...
Datadog Forces Password Reset Following Breach
Datadog, a software-as-a service-based provider of IT infrastructure monitoring and analytics services, has forced a password reset on all of its user and admin accounts following a breach last Friday. “We have detected unauthorized activity associated with a handful of production infrastructure...