Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check logs sprint 8.6 week 1 #3691

Closed
rjayasekera opened this issue Apr 11, 2019 · 2 comments
Closed

Check logs sprint 8.6 week 1 #3691

rjayasekera opened this issue Apr 11, 2019 · 2 comments
Assignees
@fecjjeng
Milestone
Sprint 8.6

Comments

@rjayasekera
Copy link
Contributor

Log review needs to be completed for Sprint 8.5 (week 1) per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)
@rjayasekera rjayasekera added this to the Sprint 8.6 milestone Apr 11, 2019
@fecjjeng
Copy link
Contributor

fecjjeng commented Apr 17, 2019
edited
Loading

Vulnerabilities found this week:

OPENFEC: Total 3

package.json: 0

requirements.txt: 1 MEDIUM

  1. Race Condition : [Med] Snyk: Race Condition (due 5/20/19) #3642

flyway:2 HIGH

  1. Man-in-the-Middle (MitM) : [High] fecgov/openFEC:data/flyway/build.gradle - need a fix by Apr. 28, 2019 #3654
  2. Integer Overflow: [High] Snyk: Integer Overflow (due 5/17/19) #3706

FEC-EREGS: Total 2

package.json: 1 MEDIUM

  1. Prototype Pollution :[Med] Snyk: Prototype Pollution (due 6/10/19) fec-eregs#439

requirements.txt: 1 MEDIUM

  1. Race Condition: [Med] Snyk: Race Condition (due 5/20/19) fec-eregs#435

FEC-PATTERN-LIBRARY: Total 1

package.json: 1 MEDIUM

  1. Prototype Pollution [Med] Snyk: Prototype Pollution (due 6/10/19) fec-pattern-library#135

FEC-CMS: Total 4
package.json: 1 HIGH, 2 MEDIUM

  1. Arbitrary File Overwrite : HIGH [HIGH] Arbitrary File Overwrite -- need a fix by May 10, 2019 fec-cms#2821
  2. Denial of Service (DoS) : MEDIUM [Med] Snyk: Denial of Service (DoS) (due 6/2/19) fec-cms#2792
  3. Prototype Pollution: MEDIUM [Med] Snyk: Prototype Pollution (due 6/10/19) fec-cms#2823

requirements.txt: Total 1

  1. Sandbox Escape: [Med] Snyk: Sandbox Escape (due 6/10/19) fec-cms#2822

Account approvals: NONE this week.

Search logs: No new users added/removed

Cloud.gov Dashboard: 9 deployer accounts, same as last week.

@fecjjeng
Copy link
Contributor

complete and close the ticket.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fecjjeng fecjjeng

Labels
None yet
Projects
None yet
Milestone
Sprint 8.6
Development

No branches or pull requests
3 participants
@pkfec @rjayasekera @fecjjeng