Description

Static source code assessment has picked up a potential vulnerability regarding incorrect permission assignment. The probable remediation is to create the folders with minimum possible permissions.

The report from which the above information was summarized

Risk Rating: Low
Category: Security Misconfiguration

Description

A file or directory is created with dangerous permissions, either by setting these permissions explicitly or relying on unsafe default permissions.

Impact

Files with implicit or dangerous permissions may allow attackers to retrieve sensitive data from the contents of these files, tamper their contents or potentially execute them.

Remediation Recommendation

Always create files with permissions being set explicitly. Never set dangerous permissions on files. Always consider the principle of least privilege when determining who may read, write or execute a file, if these permissions are to be granted at all.

Affected files (path - line number)

weaver/sdks/corda/src/main/kotlin/org/hyperledger/cacti/weaver/sdk/corda/CredentialsExtractor.java - 151, 201

Snapshot of the sourcecode at the time of scan

Source: APP PE Hyperledger Cacti v2.0.0 - Static Application Assessment Report.odt

cc: @takeutak @izuru0 @outSH @petermetz