Branch: refs/heads/master Home: https://github.com/jenkinsci/testlink-plugin Commit: f0a8f63e641dfd0efa2436582aecd907c5611860 https://github.com/jenkinsci/testlink-plugin/commit/f0a8f63e641dfd0efa2436582aecd907c5611860 Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com> Date: 2022-07-27 (Wed, 27 Jul 2022)
Changed paths: M src/test/java/hudson/plugins/testlink/result/ResultSeekerTestCase.java Log Message: ----------- vuln-fix: Temporary Directory Hijacking or Information Disclosure This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure. Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions Severity: High CVSSS: 7.3 Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory) Reported-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com> Signed-off-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com> Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/10 Co-authored-by: Moderne <t...@moderne.io> Commit: ee4da7f277f2118fb715f5de8cd66b91077610ec https://github.com/jenkinsci/testlink-plugin/commit/ee4da7f277f2118fb715f5de8cd66b91077610ec Author: Bruno P. Kinoshita <ki...@users.noreply.github.com> Date: 2022-07-28 (Thu, 28 Jul 2022) Changed paths: M src/test/java/hudson/plugins/testlink/result/ResultSeekerTestCase.java Log Message: ----------- Merge pull request #40 from JLLeitschuh/fix/JLL/temporary_directory_hijacking_or_temporary_directory_information_disclosure [SECURITY] Fix Temporary Directory Hijacking or Information Disclosure Vulnerability Compare: https://github.com/jenkinsci/testlink-plugin/compare/f1c891badede...ee4da7f277f2 -- You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/testlink-plugin/push/refs/heads/master/f1c891-ee4da7%40github.com.