CVE-2023-37944

Name of the Vulnerable Software and Affected Versions Jenkins Datadog Plugin versions 5.4.1 and earlier

Description A missing permission check in the Jenkins Datadog Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. The issue is related to an HTTP endpoint that does not perform a permission check, enabling attackers to exploit this vulnerability.

Recommendations For Jenkins Datadog Plugin versions 5.4.1 and earlier, update to version 5.4.2 or later, which requires Overall/Administer permission to access the affected HTTP endpoint, thereby mitigating the risk of exploitation.