Check logs sprint 6.4 (Maj. Don West) week 1 #3266

rjayasekera · 2018-07-06T18:22:58Z

Log review needs to be completed for Maj. Don West (Sprint 6.4) week 1 per the Security Event Review Checklist

lbeaufort · 2018-07-12T20:39:33Z

FEC-CMS: 5 total
package.json - 1 High, 1 Medium
Regular Expression Denial of Service (ReDoS) [HIGH] fecgov/fec-cms#2163
Regular Expression Denial of Service (DoS) [MED] fecgov/fec-cms#1953

requirements.txt - 1 High, 2 Medium
Arbitrary Code Execution [HIGH] fecgov/fec-cms#2182
Information Exposure #1 [MED] fecgov/fec-cms#1954
Information Exposure #2 [MED] fecgov/fec-cms#1955

OPENFEC: 1 total
flyway: ~~1 High,~~ not applicable. I hit "ignore" but documented this for our records. #3279
package.json: 0
requirements.txt: 1 High
Arbitrary Code Execution [HIGH] #3280

FEC-EREGS: 1 total
Arbitrary Code Execution [HIGH] fecgov/fec-eregs#414

None
FEC-PATTERN-LIB: 3 total
Regular Expression Denial of Service (ReDoS) [MED] fecgov/fec-pattern-library#116
Two low risk issues(reported on Snyc) [LOW] fecgov/fec-pattern-library#117

Add/Update User Account

None
Deployer Accounts/Service Keys
10 service keys found on cloud.gov under fec-beta-fec org

rjayasekera added this to the Sprint 6.4 milestone Jul 6, 2018

PaulClark2 assigned lbeaufort Jul 10, 2018

PaulClark2 changed the title ~~Log monitoring sprint 6.4 (Maj. Don West) week 1~~ Check logs sprint 6.4 (Maj. Don West) week 1 Jul 12, 2018

lbeaufort closed this as completed Jul 12, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Check logs sprint 6.4 (Maj. Don West) week 1 #3266

Check logs sprint 6.4 (Maj. Don West) week 1 #3266

rjayasekera commented Jul 6, 2018

lbeaufort commented Jul 12, 2018

Check logs sprint 6.4 (Maj. Don West) week 1 #3266

Check logs sprint 6.4 (Maj. Don West) week 1 #3266

Comments

rjayasekera commented Jul 6, 2018

lbeaufort commented Jul 12, 2018