Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check logs innovation sprint week 1 #4438

Closed
1 task
JonellaCulmer opened this issue Jun 30, 2020 · 2 comments
Closed
1 task

Check logs innovation sprint week 1 #4438

JonellaCulmer opened this issue Jun 30, 2020 · 2 comments
Assignees
@lbeaufort
Milestone
PI 12 innovation ...

Comments

@JonellaCulmer
Copy link
Contributor

Check logs Innovation sprint week 1
@lbeaufort
Copy link
Member

lbeaufort commented Jul 9, 2020
edited

Vulnerabilities:

FEC-CMS:
Total 3 issues, 7 vulnerabilites

package.json: 1
Medium: Prototype Pollution: fecgov/fec-cms#3740

requirements.txt: 6
Medium: Timing Attack in wagtail@2.7.2: fecgov/fec-cms#3777
Medium: (5 in one) Pillow vulnerabilities: fecgov/fec-cms#3886

openFEC:
Total 2

package.json: 1
Medium: Prototype Pollution #4337

data/flyway/build.gradle: 1
High: XML External Entity (XXE) Injection: #4408

FEC-EREGS:
None

FEC-PATTERN-LIBRARY:
None

Cloud.gov Dashboard: 9 deployer accounts, same as last week.
Offboarding: Nothing to report

@patphongs
Copy link
Member

@lbeaufort I recreated the link to our kibana logs to check for user changes in our CMS. I have updated the security checklist link with this new short link.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lbeaufort lbeaufort

Labels
None yet
Projects
None yet
Milestone
PI 12 innovation and PI 13 planning
Development

No branches or pull requests
3 participants
@patphongs @lbeaufort @JonellaCulmer