Branch: refs/heads/develop
Home: https://github.com/jenkinsci/google-oauth-plugin
Commit: d17970256eed92bf1a7bfcfc959196ae3e66036f
https://github.com/jenkinsci/google-oauth-plugin/commit/d17970256eed92bf1a7bfcfc959196ae3e66036f
Author: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Date: 2023-03-21 (Tue, 21 Mar 2023)
Changed paths:
M
src/test/java/com/google/jenkins/plugins/credentials/oauth/JsonServiceAccountConfigTestUtil.java
M
src/test/java/com/google/jenkins/plugins/credentials/oauth/LegacyJsonServiceAccountConfigUtil.java
M
src/test/java/com/google/jenkins/plugins/credentials/oauth/P12ServiceAccountConfigTestUtil.java
Log Message:
-----------
vuln-fix: Temporary Directory Hijacking or Information Disclosure (#152)
This fixes either Temporary Directory Hijacking, or Temporary Directory Local
Information Disclosure.
Weakness: CWE-379: Creation of Temporary File in Directory with Insecure
Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite
(https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)
Reported-by: Jonathan Leitschuh <jonathan.leitsc...@gmail.com>
Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/10
Co-authored-by: Moderne <t...@moderne.io>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/google-oauth-plugin/push/refs/heads/develop/f5856b-d17970%40github.com.
