Check logs Sprint 12.3 week 2 #4325

fecjjeng · 2020-04-29T16:13:45Z

Check logs Sprint 12.3 week 2

Log review needs to be completed for sprint 12.3 week 2 per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)
Create check logs tickets for the next sprint

fecjjeng · 2020-05-13T20:24:20Z

Vulnerabilities:

FEC-CMS: Total 3
package.json: 3
2 Medium: Cross-site Scripting: fecgov/fec-cms#3698
1 Medium: Prototype Pollution: fecgov/fec-cms#3740

requirements.txt: 0

openFEC: Total 1
package.json: 1
Medium: Prototype Pollution #4337
requirements.txt: 0

FEC-EREGS: Total 2
package.json: 2
2 Medium: Cross-site Scripting: fecgov/fec-eregs#487
requirements.txt: 0

FEC-PATTERN-LIBRARY: Total 2
package.json: 2
2 Medium: Cross-site Scripting : fecgov/fec-pattern-library#155

Wagtail user account update checks in Kibana logs:
None

check cloud.gov users: Cloud.gov Dashboard: 9 deployer accounts, same as last week.

Offboarding: Nothing to report

fecjjeng · 2020-05-13T21:01:22Z

New check logs tickets for the next sprint had been created.
#4353
#4354

fecjjeng mentioned this issue Apr 29, 2020

Check logs Sprint 12.2 week 2 #4311

Closed

2 tasks

fecjjeng added this to the Sprint 12.3 milestone Apr 29, 2020

JonellaCulmer assigned fecjjeng May 5, 2020

fecjjeng added the Security: general General security concern or issue label May 13, 2020

fecjjeng closed this as completed May 13, 2020

Provide feedback