Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Code Security Finding: Trust Boundary Violation (CWE-501, Medium Severity) in DefaultLoginServlet.java:97 #95

Open
2 tasks
joshn-whitesource-app bot opened this issue Feb 15, 2024 · 0 comments
Labels
Mend: code security findings Code security findings detected by Mend

Comments

@joshn-whitesource-app
Copy link
Contributor

joshn-whitesource-app bot commented Feb 15, 2024

Code Security Finding

This finding was first detected on 2023-12-06 01:34pm GMT and is still present in the last scan performed on 2024-02-15 10:26pm GMT:

SeverityVulnerability TypeCWEFileData Flows
MediumTrust Boundary Violation

CWE-501

DefaultLoginServlet.java:97

1
Vulnerable Code

} else if (authUser(userid, password)) {
/* Reset account lock count */
resetAccountLock(userid);
session.setAttribute("authNMsg", "authenticated");
session.setAttribute("userid", userid);

1 Data Flow/s detected
🏴 Suppress Finding
  • ... as False Alarm
  • ... as Acceptable Risk
@joshn-whitesource-app joshn-whitesource-app bot added the Mend: code security findings Code security findings detected by Mend label Feb 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Mend: code security findings Code security findings detected by Mend
Projects
None yet
Development

No branches or pull requests

0 participants