[jenkinsci/testlink-plugin] f0a8f6: vuln-fix: Temporary Directory Hijacking or Informa...

Wed, 27 Jul 2022 14:01:43 -0700 

  Branch: refs/heads/master
  Home:   https://github.com/jenkinsci/testlink-plugin
  Commit: f0a8f63e641dfd0efa2436582aecd907c5611860
      
https://github.com/jenkinsci/testlink-plugin/commit/f0a8f63e641dfd0efa2436582aecd907c5611860
  Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
  Date:   2022-07-27 (Wed, 27 Jul 2022)

  Changed paths:
    M src/test/java/hudson/plugins/testlink/result/ResultSeekerTestCase.java

  Log Message:
  -----------
  vuln-fix: Temporary Directory Hijacking or Information Disclosure

This fixes either Temporary Directory Hijacking, or Temporary Directory Local 
Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure 
Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite 
(https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Signed-off-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>

Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/10

Co-authored-by: Moderne <t...@moderne.io>


  Commit: ee4da7f277f2118fb715f5de8cd66b91077610ec
      
https://github.com/jenkinsci/testlink-plugin/commit/ee4da7f277f2118fb715f5de8cd66b91077610ec
  Author: Bruno P. Kinoshita <ki...@users.noreply.github.com>
  Date:   2022-07-28 (Thu, 28 Jul 2022)

  Changed paths:
    M src/test/java/hudson/plugins/testlink/result/ResultSeekerTestCase.java

  Log Message:
  -----------
  Merge pull request #40 from 
JLLeitschuh/fix/JLL/temporary_directory_hijacking_or_temporary_directory_information_disclosure

[SECURITY] Fix Temporary Directory Hijacking or Information Disclosure 
Vulnerability


Compare: 
https://github.com/jenkinsci/testlink-plugin/compare/f1c891badede...ee4da7f277f2

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/testlink-plugin/push/refs/heads/master/f1c891-ee4da7%40github.com.

Reply via email to