Skip to content
This repository has been archived by the owner on Jul 10, 2024. It is now read-only.

[SECURITY] Fix Temporary File Information Disclosure Vulnerability #88

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Commits on Nov 19, 2022

  1. vuln-fix: Temporary File Information Disclosure

    This fixes temporary file information disclosure vulnerability due to the use
    of the vulnerable `File.createTempFile()` method. The vulnerability is fixed by
    using the `Files.createTempFile()` method which sets the correct posix permissions.
    
    Weakness: CWE-377: Insecure Temporary File
    Severity: Medium
    CVSSS: 5.5
    Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.SecureTempFileCreation)
    
    Reported-by: Jonathan Leitschuh <[email protected]>
    Signed-off-by: Jonathan Leitschuh <[email protected]>
    
    Bug-tracker: JLLeitschuh/security-research#18
    
    
    Co-authored-by: Moderne <[email protected]>
    JLLeitschuh and TeamModerne committed Nov 19, 2022
    Configuration menu
    Copy the full SHA
    d867ec2 View commit details
    Browse the repository at this point in the history