1 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed locally to other users. This vulnerability exists in the API Client for version 1 and 2. • https://github.com/DataDog/datadog-api-client-java/releases/tag/datadog-api-client-1.0.0-beta.9 https://github.com/DataDog/datadog-api-client-java/security/advisories/GHSA-2cxf-6567-7pp6 • CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions •