Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check logs sprint 8.7 week 1 #3720

Closed
jason-upchurch opened this issue Apr 24, 2019 · 1 comment
Closed

Check logs sprint 8.7 week 1 #3720

jason-upchurch opened this issue Apr 24, 2019 · 1 comment
Assignees
Milestone

Comments

@jason-upchurch
Copy link
Contributor

Log review needs to be completed for Sprint 8.7 (week 1) per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

@jason-upchurch jason-upchurch added this to the Sprint 8.7 milestone Apr 24, 2019
@hcaofec
Copy link
Contributor

hcaofec commented May 1, 2019

Vulnerabilities found this week:

FEC-CMS: Total 5
package.json: 1 HIGH, 2 MEDIUM
Arbitrary File Overwrite : HIGH fecgov/fec-cms#2821
Denial of Service (DoS) : MEDIUM fecgov/fec-cms#2792
Prototype Pollution: MEDIUM fecgov/fec-cms#2823

requirements.txt: 1 HIGH, 1 MEDIUM
CRLF Injection: HIGH fecgov/fec-cms#2862
Sandbox Escape: MEDIUM fecgov/fec-cms#2822

OPENFEC: Total 3
package.json: 0
requirements.txt: 1 HIGH, 1 MEDIUM
CRLF Injection: HIGH #3722
Race Condition : MEDIUM #3642
data/flyway/build.gradle: 1 HIGH
Integer Overflow: HIGH #3706

FEC-EREGS: Total 2
package.json: 1 MEDIUM
Prototype Pollution : MEDIUM fecgov/fec-eregs#439
requirements.txt: 1 MEDIUM
Race Condition: MEDIUM fecgov/fec-eregs#435

FEC-PATTERN-LIBRARY: Total 1
package.json: 1 MEDIUM
Prototype Pollution: MEDIUM fecgov/fec-pattern-library#135

Account approvals: One issue added: fecgov/fec-accounts#174

Search logs: No new users added/removed

Cloud.gov Dashboard: 9 deployer accounts, same as last week.

@hcaofec hcaofec closed this as completed May 1, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants