[jenkinsci/git-client-plugin] 107bbe: vuln-fix: Temporary Directory Hijacking or Informa...

Wed, 27 Jul 2022 11:35:12 -0700 

  Branch: refs/heads/master
  Home:   https://github.com/jenkinsci/git-client-plugin
  Commit: 107bbe0b4a574d94de7171078aabfdba1cdd86eb
      
https://github.com/jenkinsci/git-client-plugin/commit/107bbe0b4a574d94de7171078aabfdba1cdd86eb
  Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
  Date:   2022-07-27 (Wed, 27 Jul 2022)

  Changed paths:
    M src/test/java/jmh/benchmark/FolderForBenchmark.java

  Log Message:
  -----------
  vuln-fix: Temporary Directory Hijacking or Information Disclosure

This fixes either Temporary Directory Hijacking, or Temporary Directory Local 
Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure 
Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite 
(https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Signed-off-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>

Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/10

Co-authored-by: Moderne <t...@moderne.io>


  Commit: 6a6566ad25ce993016e0f55404f5417e5b9a5ab9
      
https://github.com/jenkinsci/git-client-plugin/commit/6a6566ad25ce993016e0f55404f5417e5b9a5ab9
  Author: Mark Waite <mark.earl.wa...@gmail.com>
  Date:   2022-07-27 (Wed, 27 Jul 2022)

  Changed paths:
    M src/test/java/jmh/benchmark/FolderForBenchmark.java

  Log Message:
  -----------
  Merge pull request #878 from 
JLLeitschuh/fix/JLL/temporary_directory_hijacking_or_temporary_directory_information_disclosure

[SECURITY] Fix Temporary Directory Information Disclosure Vulnerability in test


Compare: 
https://github.com/jenkinsci/git-client-plugin/compare/1d0c457c8138...6a6566ad25ce

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/git-client-plugin/push/refs/heads/master/1d0c45-6a6566%40github.com.

Reply via email to