commit | e88381f96d2daf5d038290275ca7e67b5380574a | [log] [tgz] |
---|---|---|
author | Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> | Fri Nov 18 22:46:00 2022 +0000 |
committer | Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> | Fri Nov 18 22:46:00 2022 +0000 |
tree | 897e56490c73865cb632ea2d81830020406e6ff0 | |
parent | 0040aac8a3a89a0cfc4727f2802bd560803c4c8a [diff] |
vuln-fix: Temporary File Information Disclosure This fixes temporary file information disclosure vulnerability due to the use of the vulnerable `File.createTempFile()` method. The vulnerability is fixed by using the `Files.createTempFile()` method which sets the correct posix permissions. Weakness: CWE-377: Insecure Temporary File Severity: Medium CVSSS: 5.5 Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.SecureTempFileCreation) Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com> Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/18 Co-authored-by: Moderne <team@moderne.io>
Bundle implementing form based authentication with login and logout support. Authentication state is maintained in a Cookie or in an HTTP Session. The password is only submitted when first authenticating.
This module is part of the Apache Sling project. You can read more about this module on our documentation site.