Check logs sprint 9.3 week 2 #3821

jason-upchurch · 2019-06-13T14:02:50Z

Log review needs to be completed for sprint 9.3 week 2 per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

hcaofec · 2019-06-26T15:59:20Z

Vulnerabilities found this week
FEC-CMS: Total 3
package.json: 2 HIGH, 1 MEDIUM

Arbitrary File Overwrite (fstream) due 6/15/2019: HIGH fecgov/fec-cms#2901
Arbitrary File Overwrite:(tar) due 5/10/2019 :HIGH fecgov/fec-cms#2821
Denial of Service (DoS)(mem) due 6/2/2019 : MEDIUM fecgov/fec-cms#2792
requirements.txt: 1 LOW
Cross-site Scripting (XSS)(django) : LOW fecgov/fec-cms#2944

OPENFEC: 0
package.json: 0
requirements.txt: 0
data/flyway/build.gradle: 0

FEC-EREGS: Total 1
package.json: 1 MEDIUM

Prototype Pollution (jquery) due 6/10/2019 : MEDIUM fecgov/fec-eregs#439
requirements.txt: 0

FEC-PATTERN-LIBRARY: Total 0
package.json: 0

Users changed this week or last: (Jaime Amrhein was added to Slack)
Search logs: No new users added/removed
Cloud.gov Dashboard: 9 deployer accounts, same as last week.

jason-upchurch added the Security: general General security concern or issue label Jun 13, 2019

jason-upchurch added this to the Sprint 9.3 milestone Jun 13, 2019

lbeaufort assigned hcaofec Jun 18, 2019

hcaofec closed this as completed Jun 26, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Check logs sprint 9.3 week 2 #3821

Check logs sprint 9.3 week 2 #3821

jason-upchurch commented Jun 13, 2019 •

edited by hcaofec

hcaofec commented Jun 26, 2019 •

edited

Check logs sprint 9.3 week 2 #3821

Check logs sprint 9.3 week 2 #3821

Comments

jason-upchurch commented Jun 13, 2019 • edited by hcaofec

hcaofec commented Jun 26, 2019 • edited

jason-upchurch commented Jun 13, 2019 •

edited by hcaofec

hcaofec commented Jun 26, 2019 •

edited