[jenkinsci/vectorcast-coverage-plugin] b6ceb6: vuln-fix: Temporary Directory Hijacking or Informa...

Mon, 08 Aug 2022 14:10:11 -0700 

  Branch: refs/heads/master
  Home:   https://github.com/jenkinsci/vectorcast-coverage-plugin
  Commit: b6ceb60e592f1723f3590ef8294d3db1de98fcc5
      
https://github.com/jenkinsci/vectorcast-coverage-plugin/commit/b6ceb60e592f1723f3590ef8294d3db1de98fcc5
  Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
  Date:   2022-07-27 (Wed, 27 Jul 2022)

  Changed paths:
    M 
src/test/java/com/vectorcast/plugins/vectorcastcoverage/VectorCASTPublisherTest.java

  Log Message:
  -----------
  vuln-fix: Temporary Directory Hijacking or Information Disclosure

This fixes either Temporary Directory Hijacking, or Temporary Directory Local 
Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure 
Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite 
(https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Signed-off-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>

Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/10

Co-authored-by: Moderne <t...@moderne.io>


  Commit: 4f5b7c42b547ae069c85f2facf05e53ed4ad2cd1
      
https://github.com/jenkinsci/vectorcast-coverage-plugin/commit/4f5b7c42b547ae069c85f2facf05e53ed4ad2cd1
  Author: JayDVector <110632228+jaydvec...@users.noreply.github.com>
  Date:   2022-08-08 (Mon, 08 Aug 2022)

  Changed paths:
    M 
src/test/java/com/vectorcast/plugins/vectorcastcoverage/VectorCASTPublisherTest.java

  Log Message:
  -----------
  Merge pull request #8 from 
JLLeitschuh/fix/JLL/temporary_directory_hijacking_or_temporary_directory_information_disclosure

[SECURITY] Fix Temporary Directory Hijacking or Information Disclosure 
Vulnerability

The vulnerable code was only in tests. No users were affected. Merging for 
correctness.


Compare: 
https://github.com/jenkinsci/vectorcast-coverage-plugin/compare/0b4f1e684e2d...4f5b7c42b547

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/vectorcast-coverage-plugin/push/refs/heads/master/0b4f1e-4f5b7c%40github.com.

Reply via email to