Hello all, I'm in the process of an internal company application certification, one part of it is the TortoiseSVN client. The test team got the latest official stable 1.14.1.29085-x64, they found 2 low and 1 medium "vulnerability". I would like to kindly ask if you can have a look at them one by one (will do 3 separate posts, as suggested in the report FAQ), and if there is a possibility to adjust for this.
--- Severity: Medium Vulnerability: Improper File and Folder Permissions Description: The test team observed that the files and folders of the thick client application have more permissions than required. Attackers can use these excessive files and folders permissions to perform malicious activities. These excessive permissions even lead to DLL hijacking attack. Screenshot attached --- Thank you Alexander [image: TortoiseSVN-improperfileandfolderpermissions.png] -- You received this message because you are subscribed to the Google Groups "TortoiseSVN" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/tortoisesvn/133d5f8f-c56b-4ce5-8a77-36778b836551n%40googlegroups.com.
