Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check logs sprint 8.6 week 2 #3692

Closed
rjayasekera opened this issue Apr 11, 2019 · 1 comment
Closed

Check logs sprint 8.6 week 2 #3692

rjayasekera opened this issue Apr 11, 2019 · 1 comment
Assignees
@lbeaufort @jason-upchurch
Milestone
Sprint 8.6

Comments

@rjayasekera
Copy link
Contributor

Log review needs to be completed for Sprint 8.5 (week 2) per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)
@rjayasekera rjayasekera added this to the Sprint 8.6 milestone Apr 11, 2019
@jason-upchurch
Copy link
Contributor

Vulnerabilities found this week:

FEC-CMS: Total 5
package.json: 1 HIGH, 2 MEDIUM

  1. Arbitrary File Overwrite : HIGH [HIGH] Arbitrary File Overwrite -- need a fix by May 10, 2019 fec-cms#2821
  2. Denial of Service (DoS) : MEDIUM [Med] Snyk: Denial of Service (DoS) (due 6/2/19) fec-cms#2792
  3. Prototype Pollution: MEDIUM [Med] Snyk: Prototype Pollution (due 6/10/19) fec-cms#2823

requirements.txt: 1 HIGH, 1 MEDIUM

  1. CRLF Injection: HIGH [HIGH] CRLF injection -- need a fix by May 24, 2019 fec-cms#2862
  2. Sandbox Escape: MEDIUM [Med] Snyk: Sandbox Escape (due 6/10/19) fec-cms#2822

OPENFEC: Total 3
package.json: 0

requirements.txt: 1 HIGH, 1 MEDIUM

  1. CRLF Injection: HIGH [HIGH] CRLF injection -- need a fix by May 24, 2019 #3722
  2. Race Condition : MEDIUM [Med] Snyk: Race Condition (due 5/20/19) #3642

flyway:2 HIGH

  1. Man-in-the-Middle (MitM) : 1 HIGH: Snyk is recommending upgrade to org.postgresql:postgresql@42.2.5 driver, which we currently have, therefore Laura has marked it as a false positive.
  2. Integer Overflow: [High] Snyk: Integer Overflow (due 5/17/19) #3706

FEC-EREGS: Total 3

package.json: 1 MEDIUM

  1. Prototype Pollution : MEDIUM [Med] Snyk: Prototype Pollution (due 6/10/19) fec-eregs#439

requirements.txt: 1 HIGH, 1 MEDIUM

  1. CRLF injection: HIGH [HIGH] CRLF injection fix by May 24, 2019 fec-eregs#442
  2. Race Condition: MEDIUM [Med] Snyk: Race Condition (due 5/20/19) fec-eregs#435

FEC-PATTERN-LIBRARY: Total 1

package.json: 1 MEDIUM

  1. Prototype Pollution [Med] Snyk: Prototype Pollution (due 6/10/19) fec-pattern-library#135

Account approvals: One issue added: https://github.com/fecgov/fec-accounts/issues/174

Search logs: No new users added/removed

Cloud.gov Dashboard: 9 deployer accounts, same as last week.

Offboarding: Ticket https://github.com/fecgov/fec-accounts/issues/173 needs to be assigned

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lbeaufort lbeaufort

@jason-upchurch jason-upchurch

Labels
None yet
Projects
None yet
Milestone
Sprint 8.6
Development

No branches or pull requests
4 participants
@pkfec @rjayasekera @lbeaufort @jason-upchurch