Branch: refs/heads/master Home: https://github.com/jenkinsci/vectorcast-coverage-plugin Commit: b6ceb60e592f1723f3590ef8294d3db1de98fcc5 https://github.com/jenkinsci/vectorcast-coverage-plugin/commit/b6ceb60e592f1723f3590ef8294d3db1de98fcc5 Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com> Date: 2022-07-27 (Wed, 27 Jul 2022)
Changed paths: M src/test/java/com/vectorcast/plugins/vectorcastcoverage/VectorCASTPublisherTest.java Log Message: ----------- vuln-fix: Temporary Directory Hijacking or Information Disclosure This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure. Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions Severity: High CVSSS: 7.3 Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory) Reported-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com> Signed-off-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com> Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/10 Co-authored-by: Moderne <t...@moderne.io> Commit: 4f5b7c42b547ae069c85f2facf05e53ed4ad2cd1 https://github.com/jenkinsci/vectorcast-coverage-plugin/commit/4f5b7c42b547ae069c85f2facf05e53ed4ad2cd1 Author: JayDVector <110632228+jaydvec...@users.noreply.github.com> Date: 2022-08-08 (Mon, 08 Aug 2022) Changed paths: M src/test/java/com/vectorcast/plugins/vectorcastcoverage/VectorCASTPublisherTest.java Log Message: ----------- Merge pull request #8 from JLLeitschuh/fix/JLL/temporary_directory_hijacking_or_temporary_directory_information_disclosure [SECURITY] Fix Temporary Directory Hijacking or Information Disclosure Vulnerability The vulnerable code was only in tests. No users were affected. Merging for correctness. Compare: https://github.com/jenkinsci/vectorcast-coverage-plugin/compare/0b4f1e684e2d...4f5b7c42b547 -- You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/vectorcast-coverage-plugin/push/refs/heads/master/0b4f1e-4f5b7c%40github.com.