Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure download using wget command #3342

Closed
steelhead31 opened this issue Jan 15, 2024 · 1 comment · Fixed by adoptium/jenkins-helper#58 or #3363
Closed

Insecure download using wget command #3342

steelhead31 opened this issue Jan 15, 2024 · 1 comment · Fixed by adoptium/jenkins-helper#58 or #3363
Assignees
@steelhead31
Labels
ansible security
Milestone
2024-02 (February)

Comments

@steelhead31
Copy link
Contributor

Found as part of TrailOfBits Audit:

Ref: TOB-TEMURIN-9

The wget command is used to download data over a network. The target codebases use
wget in an insecure manner in a number of locations. This includes using unencrypted
channels such as HTTP and disabling certificate validation when performing the download.

See ToB report for further details.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@steelhead31 steelhead31

Labels
ansible security
Projects
2024 1Q Adoptium Plan
Status: Done
Milestone
2024-02 (February)
2 participants
@sxa @steelhead31