Check logs sprint 9.5 week 1 #3854

fec-jli · 2019-07-10T16:41:12Z

Log review needs to be completed for sprint 9.5 week 1 per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

jason-upchurch · 2019-07-17T15:06:32Z

Vulnerabilities found this week
FEC-CMS: Total 4
package.json: 2 HIGH
Prototype Pollution: fecgov/fec-cms#3021
Prototype Pollution: fecgov/fec-cms#3022

requirements.txt: 1 HIGH, 1 LOW
Man-in-the-Middle (MitM) (HIGH): fecgov/fec-cms#3023
Cross-site Scripting (XSS)(django) (LOW)): fecgov/fec-cms#2944

OPENFEC: 0
package.json: 0
requirements.txt: 0
data/flyway/build.gradle: 0

FEC-EREGS: 0
package.json: 0
requirements.txt: 0

FEC-PATTERN-LIBRARY: 0
package.json: 0

Users changed this week or last:
Search logs: No new users added/removed
Cloud.gov Dashboard: 9 deployer accounts, same as last week.

fec-jli added the Security: general General security concern or issue label Jul 10, 2019

fec-jli added this to the Sprint 9.5 milestone Jul 10, 2019

patphongs assigned jason-upchurch Jul 16, 2019

jason-upchurch closed this as completed Jul 17, 2019

patphongs mentioned this issue Feb 29, 2024

Epic: Stability and reliability fecgov/fec-epics#137

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Check logs sprint 9.5 week 1 #3854

Check logs sprint 9.5 week 1 #3854

fec-jli commented Jul 10, 2019

jason-upchurch commented Jul 17, 2019

Check logs sprint 9.5 week 1 #3854

Check logs sprint 9.5 week 1 #3854

Comments

fec-jli commented Jul 10, 2019

jason-upchurch commented Jul 17, 2019