Branch: refs/heads/master
Home: https://github.com/jenkinsci/cocoemma-plugin
Commit: 252cfd691601ebda9919a33a67b4d6919538336a
https://github.com/jenkinsci/cocoemma-plugin/commit/252cfd691601ebda9919a33a67b4d6919538336a
Author: Jonathan Leitschuh <[email protected]>
Date: 2022-07-27 (Wed, 27 Jul 2022)
Changed paths:
M src/test/java/hudson/plugins/cocoemma/CocoEmmaPublisherTest.java
Log Message:
-----------
vuln-fix: Temporary Directory Hijacking or Information Disclosure
This fixes either Temporary Directory Hijacking, or Temporary Directory Local
Information Disclosure.
Weakness: CWE-379: Creation of Temporary File in Directory with Insecure
Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite
(https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)
Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>
Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/10
Co-authored-by: Moderne <[email protected]>
Commit: d1e3d4d1a6449068b7580a94850ce01ee0f4d84d
https://github.com/jenkinsci/cocoemma-plugin/commit/d1e3d4d1a6449068b7580a94850ce01ee0f4d84d
Author: Jakub <[email protected]>
Date: 2023-01-05 (Thu, 05 Jan 2023)
Changed paths:
M src/test/java/hudson/plugins/cocoemma/CocoEmmaPublisherTest.java
Log Message:
-----------
Merge pull request #35 from
JLLeitschuh/fix/JLL/temporary_directory_hijacking_or_temporary_directory_information_disclosure
[SECURITY] Fix Temporary Directory Hijacking or Information Disclosure
Vulnerability
Compare:
https://github.com/jenkinsci/cocoemma-plugin/compare/da5ca802769a...d1e3d4d1a644
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/cocoemma-plugin/push/refs/heads/master/da5ca8-d1e3d4%40github.com.
