Check logs Sprint 12.4 week 1 #4353

fecjjeng · 2020-05-13T20:54:47Z

Check logs Sprint 12.4 week 1

Log review needs to be completed for sprint 12.4 week 1 per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

jason-upchurch · 2020-05-20T15:56:13Z

Vulnerabilities:

FEC-CMS: Total 4
package.json: 3
2 Medium: Cross-site Scripting: fecgov/fec-cms#3698
1 Medium: Prototype Pollution: fecgov/fec-cms#3740

requirements.txt: 1
1 Medium: Timing Attack in wagtail@2.7.2: fecgov/fec-cms#3777

openFEC: Total 1
package.json: 1
Medium: Prototype Pollution #4337
requirements.txt: 0

FEC-EREGS: Total 2
package.json: 2
2 Medium: Cross-site Scripting: fecgov/fec-eregs#487
requirements.txt: 0

FEC-PATTERN-LIBRARY: Total 2
package.json: 2
2 Medium: Cross-site Scripting : fecgov/fec-pattern-library#155

Account approvals:

check cloud.gov users: Cloud.gov Dashboard: 9 deployer accounts, same as last week.
Offboarding: Nothing to report

fecjjeng added this to the Sprint 12.4 milestone May 13, 2020

fecjjeng added the Security: general General security concern or issue label May 13, 2020

fecjjeng mentioned this issue May 13, 2020

Check logs Sprint 12.3 week 2 #4325

Closed

2 tasks

JonellaCulmer assigned jason-upchurch May 19, 2020

jason-upchurch closed this as completed May 20, 2020

Provide feedback