Check logs Sprint 12.4 week 2 #4354

fecjjeng · 2020-05-13T20:58:04Z

Check logs Sprint 12.4 week 2

Log review needs to be completed for sprint 12.4 week 2 per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)
Create check logs tickets for the next sprint

hcaofec · 2020-05-27T13:14:20Z

Vulnerabilities:

FEC-CMS: Total 4
package.json: 3
2 Medium: Cross-site Scripting: fecgov/fec-cms#3698
1 Medium: Prototype Pollution: fecgov/fec-cms#3740

requirements.txt: 1
1 Medium: Timing Attack in wagtail@2.7.2: fecgov/fec-cms#3777

openFEC: Total 1
package.json: 1
Medium: Prototype Pollution #4337
requirements.txt: 0

FEC-EREGS: Total 2
package.json: 2
2 Medium: Cross-site Scripting: fecgov/fec-eregs#487
requirements.txt: 0

FEC-PATTERN-LIBRARY: Total 2
package.json: 2
2 Medium: Cross-site Scripting : fecgov/fec-pattern-library#155

Cloud.gov Dashboard: 9 deployer accounts, same as last week.
Offboarding: Nothing to report

fecjjeng added this to the Sprint 12.4 milestone May 13, 2020

fecjjeng added the Security: general General security concern or issue label May 13, 2020

fecjjeng mentioned this issue May 13, 2020

Check logs Sprint 12.3 week 2 #4325

Closed

2 tasks

JonellaCulmer assigned hcaofec May 19, 2020

hcaofec closed this as completed May 27, 2020

Provide feedback