Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BULK PR] Tracking: Temporary Directory Hijacking #10

Open
JLLeitschuh opened this issue Jul 27, 2022 · 3 comments
Open

[BULK PR] Tracking: Temporary Directory Hijacking #10

JLLeitschuh opened this issue Jul 27, 2022 · 3 comments

Comments

@JLLeitschuh
Copy link
Owner

No description provided.

JLLeitschuh added a commit to JLLeitschuh/jenkinsci__backend-jpi-create that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
a65bf67 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/nativelibs4java__BridJ that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
c539f97 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/andyglick__jenesis4java that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
b6f5633 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/aesanch2__salesforce-migration-assistant that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
0972980 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/sanity__tahrir that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
68c851e 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/jenkinsci__google-oauth-plugin that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
1e76b2b 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/broadinstitute__picard that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
a4bf364 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/zeroturnaround__zt-zip that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
9f36ac0 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/jenkinsci__scm-sync-configuration-plugin that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
cc0c5b4 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/salesforce__ImageOptimization that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
f8fe4b1 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
@JLLeitschuh JLLeitschuh mentioned this issue Jul 27, 2022
Merged
JLLeitschuh added a commit to JLLeitschuh/ohoeltke__hockeyapp-plugin that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
ab7ea60 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/jenkinsci__acceptance-test-harness that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
17680b7 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/jenkinsci__jacoco-plugin that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
769bbb3 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/jboss__jboss-common-core that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
d3a300a 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/Appverse__appverse-builder-api that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
ed37067 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
@JLLeitschuh JLLeitschuh mentioned this issue Jul 27, 2022
Closed
JLLeitschuh added a commit to JLLeitschuh/jboss__jboss-common-core that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
bae751c 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
@JLLeitschuh JLLeitschuh mentioned this issue Jul 27, 2022
Closed
JLLeitschuh added a commit to JLLeitschuh/smacke__jaydio that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
c5d09fc 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/FirePub__jenkinsci-mber-plugin that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
f346a74 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
@JLLeitschuh JLLeitschuh mentioned this issue Jul 27, 2022
Closed
JLLeitschuh added a commit to JLLeitschuh/jboss__jboss-common-core that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
42d5c5b 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/jaltekruse__OpenNotebook that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
0d3b204 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/tamingtext__book that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
90a6714 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/FirePub__jenkinsci-mber-plugin that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
58d6f84 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/Appverse__appverse-builder-api that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
4279e6d 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to JLLeitschuh/ohoeltke__hockeyapp-plugin that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
1dfecdd 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
@JLLeitschuh JLLeitschuh mentioned this issue Jul 27, 2022
Closed
JLLeitschuh added a commit to JLLeitschuh/koraktor__mavanagaiata that referenced this issue Jul 27, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
bf9fb4d 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/sonatype__plexus-archiver that referenced this issue Oct 4, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
42f1910 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
@JLLeitschuh JLLeitschuh mentioned this issue Oct 4, 2022
Open
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/tamingtext__book that referenced this issue Oct 4, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
c535f20 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/sonatype__plexus-archiver that referenced this issue Oct 4, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
0250033 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/tamingtext__book that referenced this issue Oct 4, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
965a2d8 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/RelonZhu__Spring-Relon that referenced this issue Oct 4, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
edbb878 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/vaadin__wscdn-client that referenced this issue Oct 4, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
ab9340f 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/tomp2p__TomP2P that referenced this issue Oct 4, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
c5347d4 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
@JLLeitschuh JLLeitschuh mentioned this issue Oct 4, 2022
Open
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/wildfly__wildfly-core that referenced this issue Oct 4, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
47d889c 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/wmaintw__DependencyCheck that referenced this issue Oct 4, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
3aa672a 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/wmaintw__DependencyCheck that referenced this issue Oct 4, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
5b9563c 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/wso2__carbon-platform-integration that referenced this issue Oct 4, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
ef15e33 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
This was referenced Oct 4, 2022
Open
Closed
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/vaadin__wscdn-client that referenced this issue Oct 4, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
3985db6 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
@JLLeitschuh JLLeitschuh mentioned this issue Oct 4, 2022
Open
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/webanno__webanno that referenced this issue Oct 4, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
6911b1b 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/winder__Universal-G-Code-Sender that referenced this issue Oct 4, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
ec9ba26 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
@JLLeitschuh JLLeitschuh mentioned this issue Oct 4, 2022
Merged
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/wso2__wso2-axiom that referenced this issue Oct 4, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
bbaa5b6 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/winder__Universal-G-Code-Sender that referenced this issue Oct 4, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
56af5f8 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
@JLLeitschuh JLLeitschuh mentioned this issue Oct 4, 2022
Merged
JLLeitschuh added a commit to BulkSecurityGeneratorProjectV2/yegor256__qulice that referenced this issue Oct 4, 2022
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
d4e8ce3 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
This was referenced Oct 4, 2022
Open
Open
gserdyuk pushed a commit to gserdyuk/database-astr that referenced this issue Feb 8, 2023
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure
c7b3250 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10


Co-authored-by: Moderne <[email protected]>
slachiewicz pushed a commit to apache/maven-scm-publish-plugin that referenced this issue Mar 4, 2023
@JLLeitschuh @slachiewicz
[MSCMPUB-56] vuln-fix: Temporary Directory Hijacking or Information D…
973eb14 
…isclosure

This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Signed-off-by: Jonathan Leitschuh <[email protected]>

Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>

Closes #7
olamy pushed a commit to jenkinsci/google-oauth-plugin that referenced this issue Mar 21, 2023
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure (#152)
d179702 
This fixes either Temporary Directory Hijacking, or Temporary Directory Local Information Disclosure.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>


Bug-tracker: JLLeitschuh/security-research#10

Co-authored-by: Moderne <[email protected]>
tumbarumba pushed a commit to hamcrest/JavaHamcrest that referenced this issue Jul 20, 2024
@JLLeitschuh @TeamModerne
vuln-fix: Temporary Directory Hijacking or Information Disclosure (#389)
7e9fc30 
Simplify the creation of temp dir in FileMatchersTest

This was originally identified as a security vulnerability (see details below), but inspection of the code showed that the vulnerability was not actually present in the code, as the original code does check the return code of `directory.delete()` and `directory.mkdirs()`. The PR was accepted because the change actually is an improvement to the code anyway.

Weakness: CWE-379: Creation of Temporary File in Directory with Insecure Permissions
Severity: High
CVSSS: 7.3
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.UseFilesCreateTempDirectory)

Reported-by: Jonathan Leitschuh <[email protected]>
Bug-tracker: JLLeitschuh/security-research#10
Co-authored-by: Moderne <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JLLeitschuh @aytey