com.manydesigns:portofino-microservice-launcher is vulnerable to directory hijacking. A local authenticated attacker is able to create temporary files inside unauthorized directories through createTempDir
function of the file WarFileLauncher.java
, resulting in disclosure of sensitive information and directory hijacking.