CVE-2021-21331 – DataDog API Client contains a Local Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2021-21331

03 Mar 2021 — The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive information. This sensitive information is exposed locally to other users. This vulnerability exists in the API Client for version 1 and 2. • https://github.com/DataDog/datadog-api-client-java/releases/tag/datadog-api-client-1.0.0-beta.9 • CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions •