Check logs sprint 9.2 week 1

[jason-upchurch]

Log review needs to be completed for sprint 9.2 week 1 per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

[fec-jli]

Vulnerabilities found this week

FEC-CMS: Total 3

package.json: 2 HIGH, 1 MEDIUM

• Arbitrary File Overwrite (fstream) due 6/15/2019: HIGH [High] Snyk: Arbitrary File Overwrite (due 6/15/19) fec-cms#2901
• Arbitrary File Overwrite:(tar) due 5/10/2019 :HIGH [HIGH] Arbitrary File Overwrite -- need a fix by May 10, 2019 fec-cms#2821
• Denial of Service (DoS)(mem) due 6/2/2019 : MEDIUM [Med] Snyk: Denial of Service (DoS) (due 6/2/19) fec-cms#2792

requirements.txt: 1 LOW

• Cross-site Scripting (XSS)(django) : LOW (Snyk)(LOW) Cross-site Scripting (XSS) due 9/3/19 fec-cms#2944

OPENFEC: 0

package.json: 0
requirements.txt: 0
data/flyway/build.gradle: 0

FEC-EREGS: Total 1

package.json: 1 MEDIUM

• Prototype Pollution (jquery) due 6/10/2019 : MEDIUM [Med] Snyk: Prototype Pollution (due 6/10/19) fec-eregs#439

requirements.txt: 0

FEC-PATTERN-LIBRARY: Total 0

package.json: 0

Search logs:#

No new users added/removed

Cloud.gov Dashboard:#

9 deployer accounts, same as last week.

[fec-jli]

openFEC repo is really good now, no any vulnerability so far.
This is done, closed.