386 matches found
MAL-2022-2351 Malicious code in datadog-datadog_agent (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6bab8731934c04ee67305ba08b6f14d770597c44c819b3c369f96e2af3a04d08 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2345 Malicious code in datadog-app-example-random-dog-dog-image-widget (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b50dcc4d3984665cd138c5e4d7a07df4b4516229793751b28f80309508902d51 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2350 Malicious code in datadog-app-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d5c23ab02e94b66cf9d5a3d565de9ba699bdbdb31faf3eeed5b78fca3bf1ab2b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2349 Malicious code in datadog-app-stream-admin (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e2bb8c835585dd549dff499a67f8ac42c774755fe17d7c7f54561aa816afca2c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2343 Malicious code in datadog-agent-github-action (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9002ec7ae8e71f521014b440d4e81aea944c0c36aca8f9cd4c01bd5e609626cb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Exposure of Sensitive Information in Jenkins Datadog plugin
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...
GHSA-HF7W-F4H4-9XP8 Exposure of Sensitive Information in Jenkins Datadog plugin
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser...
com.piketec.jenkins.plugins:piketec-tpt (=6.3), io.jenkins.plugins:aws-lambda-cloud (>=0.3 <=0.4) +14 more potentially affected by CVE-2015-8103 via org.jenkins-ci.main:cli (>=1.626 <=1.637)
org.jenkins-ci.main:cli MAVEN version =1.626, =0.3, =1.2, =1.1.2, =1.626, =1.626, =1.626, =1.1.0, =0.1, =0.2, =0.1, =2.4, =1.626, =1.21, =1.0.3, =1.0.18 and more Source cves: CVE-2015-8103 Source advisory: OSV:GHSA-WFW7-6632-XCV2...
com.piketec.jenkins.plugins:piketec-tpt (=6.3), io.jenkins.plugins:aws-lambda-cloud (>=0.3 <=0.4) +13 more potentially affected by CVE-2015-5318 via org.jenkins-ci.main:jenkins-core (>=1.626 <=1.637)
org.jenkins-ci.main:jenkins-core MAVEN version =1.626, =0.3, =1.2, =1.1.2, =1.626, =1.626, =1.1.0, =0.1, =0.2, =0.1, =2.4, =1.626, =1.21, =1.0.3, =1.0, =2.0.27 Source cves: CVE-2015-5318 Source advisory: OSV:GHSA-3WMV-7PHP-RHG5...
com.piketec.jenkins.plugins:piketec-tpt (=6.3), io.jenkins.plugins:aws-lambda-cloud (>=0.3 <=0.4) +13 more potentially affected by CVE-2015-5326 via org.jenkins-ci.main:jenkins-core (>=1.626 <=1.637)
org.jenkins-ci.main:jenkins-core MAVEN version =1.626, =0.3, =1.2, =1.1.2, =1.626, =1.626, =1.1.0, =0.1, =0.2, =0.1, =2.4, =1.626, =1.21, =1.0.3, =1.0, =2.0.27 Source cves: CVE-2015-5326 Source advisory: OSV:GHSA-5MWR-JG3R-JV66...
com.piketec.jenkins.plugins:piketec-tpt (=6.3), io.jenkins.plugins:aws-lambda-cloud (>=0.3 <=0.4) +13 more potentially affected by CVE-2015-5322 via org.jenkins-ci.main:jenkins-core (>=1.626 <=1.637)
org.jenkins-ci.main:jenkins-core MAVEN version =1.626, =0.3, =1.2, =1.1.2, =1.626, =1.626, =1.1.0, =0.1, =0.2, =0.1, =2.4, =1.626, =1.21, =1.0.3, =1.0, =2.0.27 Source cves: CVE-2015-5322 Source advisory: OSV:GHSA-89VC-7FRQ-2RFJ...
com.piketec.jenkins.plugins:piketec-tpt (=6.3), io.jenkins.plugins:aws-lambda-cloud (>=0.3 <=0.4) +13 more potentially affected by CVE-2015-5323 via org.jenkins-ci.main:jenkins-core (>=1.626 <=1.637)
org.jenkins-ci.main:jenkins-core MAVEN version =1.626, =0.3, =1.2, =1.1.2, =1.626, =1.626, =1.1.0, =0.1, =0.2, =0.1, =2.4, =1.626, =1.21, =1.0.3, =1.0, =2.0.27 Source cves: CVE-2015-5323 Source advisory: OSV:GHSA-X4M5-J4X4-4WJG...
7Rapid Questions: Stephen Donnelly
At Rapid7, there's no shortage of passionate leaders looking to challenge convention and make an impact. Our "7Rapid Questions" series is a way to highlight some of the amazing work taking place behind the scenes, and the exciting growth opportunities available in our global offices. For this...
Exploit for Expression Language Injection in Apache Log4J
CVE-2021-45046-Info Oh no another one POC $ctx:apive...
The vulnerability in the implementation of the Datadog integration configuration for software platforms based on Git, which allows attackers to perform cross-site scripting attacks.
The vulnerability in the implementation of the Datadog integration configuration for software platforms based on Git, which facilitates collaborative code development on GitLab, is related to insufficient protection of the apikeysurl web page structure. Exploiting this vulnerability could allow a...
CVE-2021-22260
A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the...
CVE-2021-22260
A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the...
CVE-2021-22260
A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the...
Cross site scripting
A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the...
CVE-2021-22260
A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the...