14 matches found
BIT-GITLAB-2025-12697 Improper Encoding or Escaping of Output in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions...
EUVD-2021-0583
Malware in sbrugna...
CVE-2025-59405
The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompil...
CVE-2025-59405
The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompil...
CVE-2025-59405
The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompil...
Gitlab -- Multiple vulnerabilities
Gitlab reports: DAST analyzer sends custom request headers with every request Stored-XSS with CSP-bypass via scoped labels' color Maintainer can leak Datadog API key by changing integration URL Uncontrolled resource consumption when parsing URLs Issue HTTP requests when users view an OpenAPI...
UBUNTU-CVE-2022-3018
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs...
CVE-2022-3018
An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs...
PT-2022-20020 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 9.3 through 15.2.4 GitLab CE/EE versions 15.3 through 15.3.3 GitLab CE/EE versions 15.4 through 15.4.0 Description: An information disclosure issue affects GitLab CE/EE, allowing a project maintainer to access the DataDo...
Information Disclosure
datadog-api-client is vulnerable to information disclosure. The vulnerability exists through the function prepareDownloadFile creating a temporary file with the permissions bits of -rw-r--r-- and the function downloadFileFromResponse method downloading sensitive files into temporary directory...
CVE-2021-21331
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive...
CVE-2021-21331
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive...
Design/Logic Flaw
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive...
CVE-2021-21331
The CVE affects the Java Datadog API client prior to version 1.0.0-beta.9. The issue is a local information disclosure caused by a temporary file created with insecure permissions (-rw-r--r--) in the prepareDownloadFilecreates pathway, with downloaded content via downloadFileFromResponse exposed ...