[JAVA] CWE-706: Use of Incorrectly-Resolved Name or Reference & CWE-201: Exposure of Sensitive Information Through Sent Data

github / securitylab

Resources related to GitHub Security Lab

https://securitylab.github.com

MIT License

1.42k stars 246 forks source link

[JAVA] CWE-706: Use of Incorrectly-Resolved Name or Reference & CWE-201: Exposure of Sensitive Information Through Sent Data #136

Open intrigus-lgtm opened 4 years ago

intrigus-lgtm commented 4 years ago

CVE ID(s)

List the CVE ID(s) associated with this vulnerability. GitHub will automatically link CVE IDs to the GitHub Advisory Database.

Pending

Report

Paths that can be influenced by users (= Directory traversal) where the content of the path is returned to the user or where user data is written to. "Arbitrary read and write" Query: https://github.com/github/codeql/pull/3794

[x] Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). We would love to have you spread the word about the good work you are doing

Result(s)

Provide at least one useful result found by your query, on some revision of a real project.

pending (CVE not yet disclosed)

kevinbackhouse commented 3 years ago

Hi @intrigus-lgtm. It looks like this one hasn't made any progress since last year. Is it ok if I drop it from our bounty pipeline for now? You can resubmit it when it's ready.

ghsecuritylab commented 3 years ago

Your submission is now in status Closed.

For information, the evaluation workflow is the following: CodeQL initial assessment > SecLab review > CodeQL review > SecLab finalize > Pay > Closed

intrigus-lgtm commented 5 months ago

@kevinbackhouse can you please reopen this? I've found two CVEs with this query: CVE-2020-15097 CVE-2020-4039 I've improved the query and just have to push the new version later today.

kevinbackhouse commented 5 months ago

Hi @intrigus-lgtm. I'm very sorry, but the bounty program has been sunset: https://github.com/github/securitylab/discussions/828. So, unfortunately, it is now too late for us to reopen this submission. I know you've been one of our top contributors, so I want to thank you for everything that you've done to help improve the CodeQL query suite.

intrigus-lgtm commented 5 months ago

@kevinbackhouse I don't want to be too pedantic, but when I wrote the comment it was still the 24th of June somewhere on earth.

I actually don't have too much of a problem with my "All-for-one" submission being closed iff you still consider my "Bug-slayer" submission valid. This is an updated version of the query from the PR that finds those two CVEs perfectly. As far as I remember "you" (sec lab) would still consider rejected (i.e. unmerged) "All-for-one" submission on a case-by-case basis for "Bug-Slayer" submissions:

kevinbackhouse commented 5 months ago

Hi @intrigus-lgtm. I'm sorry, but your submissions were still incomplete when our deadline expired on 2024-06-24. Unfortunately, you had not yet pushed the new version of the query and most of the details were still missing from #839. We want to be fair to all of our bounty participants, which means that we have to follow the rules that we wrote.