Branch: refs/heads/master
Home: https://github.com/jenkinsci/repository-connector-plugin
Commit: 2dd9fb6bfc10b011d327f3b5254f3bda2f7be7d0
https://github.com/jenkinsci/repository-connector-plugin/commit/2dd9fb6bfc10b011d327f3b5254f3bda2f7be7d0
Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Date: 2023-03-15 (Wed, 15 Mar 2023)
Changed paths:
M
src/main/java/org/jvnet/hudson/plugins/repositoryconnector/util/FilePathUtils.java
Log Message:
-----------
vuln-fix: Temporary File Information Disclosure (#60)
This fixes temporary file information disclosure vulnerability due to the use
of the vulnerable `File.createTempFile()` method. The vulnerability is fixed by
using the `Files.createTempFile()` method which sets the correct posix
permissions.
Weakness: CWE-377: Insecure Temporary File
Severity: Medium
CVSSS: 5.5
Detection: CodeQL & OpenRewrite
(https://public.moderne.io/recipes/org.openrewrite.java.security.SecureTempFileCreation)
Reported-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/18
Co-authored-by: Moderne <t...@moderne.io>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/repository-connector-plugin/push/refs/heads/master/34fef4-2dd9fb%40github.com.
