Google Git
Sign in
apache / sling-org-apache-sling-settings / 1b0149fe42c2b0dda203ac2db38b2e171af3c4d2
commit1b0149fe42c2b0dda203ac2db38b2e171af3c4d2[log] [tgz]
authorJonathan Leitschuh <Jonathan.Leitschuh@gmail.com>Fri Nov 18 22:46:37 2022 +0000
committerJonathan Leitschuh <Jonathan.Leitschuh@gmail.com>Fri Nov 18 22:46:37 2022 +0000
tree54b3370ac44d03de04684df725acc254c1ccd3d2
parent15ed4445758a4a86f5541b2e752ec221f166b2d1 [diff]
vuln-fix: Temporary File Information Disclosure



This fixes temporary file information disclosure vulnerability due to the use
of the vulnerable `File.createTempFile()` method. The vulnerability is fixed by
using the `Files.createTempFile()` method which sets the correct posix permissions.

Weakness: CWE-377: Insecure Temporary File
Severity: Medium
CVSSS: 5.5
Detection: CodeQL & OpenRewrite (https://public.moderne.io/recipes/org.openrewrite.java.security.SecureTempFileCreation)

Reported-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>

Bug-tracker: https://github.com/JLLeitschuh/security-research/issues/18


Co-authored-by: Moderne <team@moderne.io>
1 file changed
tree: 54b3370ac44d03de04684df725acc254c1ccd3d2
  1. src/
  2. .gitignore
  3. bnd.bnd
  4. CODE_OF_CONDUCT.md
  5. CONTRIBUTING.md
  6. Jenkinsfile
  7. LICENSE
  8. pom.xml
  9. README.md
README.md

Apache Sling

Build Status Test Status Coverage Sonarcloud Status JavaDoc Maven Central License

Apache Sling Settings

This module is part of the Apache Sling project.

Settings support including run modes.