Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check logs sprint 14.3 - week 2 (3/31) #4807

Closed
1 task
lbeaufort opened this issue Mar 17, 2021 · 1 comment
Closed
1 task

Check logs sprint 14.3 - week 2 (3/31) #4807

lbeaufort opened this issue Mar 17, 2021 · 1 comment
Assignees
@johnnyporkchops
Milestone
Sprint 14.3

Comments

@lbeaufort
Copy link
Member

Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

  • open tickets for Sprint 14.4
@lbeaufort lbeaufort added this to the Sprint 14.3 milestone Mar 17, 2021
@johnnyporkchops
Copy link
Contributor

FEC-CMS:

package.json: 2
Medium: Regular Expression Denial of Service with ua-parser (fecgov/fec-cms#4392)
High: Underscore Arbitrary Code Execution fecgov/fec-cms#4523
requirements.txt: 3
Medium: lxml Cross-site scripting (XSS): fecgov/fec-cms#4509
Medium: Web Cache Poisoning : fecgov/fec-cms#4426
Low: Directory Traversal : fecgov/fec-cms#4363

OPEN-FEC:

requirements.txt: 1
High: Deserialization of Untrusted Data: #4818

FEC-EREGS:

requirements.txt: 1
Low: Directory Traversal: fecgov/fec-eregs#563

FEC-PATTERN-LIBRARY:
None

Search logs:
No log results for "user change"

Cloud.gov Dashboard:
9 deployer accounts, same as last week.

Offboarding:
None

Onboarding:
Add Slack access for Mark Dcruz of AWS #370

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johnnyporkchops johnnyporkchops

Labels
None yet
Projects
None yet
Milestone
Sprint 14.3
Development

No branches or pull requests
2 participants
@johnnyporkchops @lbeaufort