Check logs sprint 6.6 (Dr. Smith) week 2 #3319

rjayasekera · 2018-08-01T15:30:09Z

Log review needs to be completed for Dr. Smith (Sprint 6.6) week 2 per the Security Event Review Checklist

fecjjeng · 2018-08-15T15:37:06Z

FEC-CMS: 2

package.json - 1 Medium
[Med] Snyk: Cross-site Scripting (XSS) (due 10/8) fecgov/fec-cms#2262

requirements.txt - 1 Medium
[Med] Open Redirect (due 10/8) fecgov/fec-cms#2263

OPENFEC: 1

requirements.txt: 1
[Med per Jay] Arbitrary Code Execution (due 9/10) - #3280

FEC-EREGS: #0

FEC-PATTERN-LIB: 4

package.json
[MED] ua-parser-js module - Regular Expression Denial of Service (ReDoS) - fecgov/fec-pattern-
library#116
[MED] chownr - Time of Check Time of Use (TOCTOU) - fecgov/fec-pattern-library#127
[LOW] Two low risk modues : lodash and braces - fecgov/fec-pattern-library#117

Add/Update User Account : 0
@fec-jli updated her own username on 8/7, confirmed.

Deployer Accounts/Service Keys :
10 service keys found on cloud.gov under fec-beta-fec org, same as last week

rjayasekera added this to the Sprint 6.6 milestone Aug 1, 2018

lbeaufort assigned fecjjeng Aug 8, 2018

fecjjeng closed this as completed Aug 15, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Check logs sprint 6.6 (Dr. Smith) week 2 #3319

Check logs sprint 6.6 (Dr. Smith) week 2 #3319

rjayasekera commented Aug 1, 2018

fecjjeng commented Aug 15, 2018 •

edited by hcaofec

Check logs sprint 6.6 (Dr. Smith) week 2 #3319

Check logs sprint 6.6 (Dr. Smith) week 2 #3319

Comments

rjayasekera commented Aug 1, 2018

fecjjeng commented Aug 15, 2018 • edited by hcaofec

fecjjeng commented Aug 15, 2018 •

edited by hcaofec