Hello all,
I'm in the process of an internal company application certification, one part of it is the TortoiseSVN client.
The test team got the latest official stable 1.14.1.29085-x64, they found 2 low and 1 medium "vulnerability".
I would like to kindly ask if you can have a look at them one by one (will do 3 separate posts, as suggested in the report FAQ), and if there is a possibility to adjust for this.
---
Severity: Medium
Vulnerability: Improper File and Folder Permissions
Description: The test team observed that the files and folders of the thick client application have more permissions than required. Attackers can use these excessive files and folders permissions to perform malicious activities. These excessive permissions even lead to DLL hijacking attack.
Screenshot attached
---
Thank you
Alexander