Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check logs Sprint 17.6 week 2(04/06/2022) #5087

Closed
1 task done
cnlucas opened this issue Mar 23, 2022 · 1 comment
Closed
1 task done

Check logs Sprint 17.6 week 2(04/06/2022) #5087

cnlucas opened this issue Mar 23, 2022 · 1 comment
Assignees
@cnlucas
Labels
Security: general General security concern or issue
Milestone
Sprint 17.6

Comments

@cnlucas
Copy link
Member

cnlucas commented Mar 23, 2022
edited
Loading

Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

Ref: Check logs Sprint 17.6 week 1

  • Make new tickets for sprint 17 Innovation weeks 1 & 2
@johnnyporkchops johnnyporkchops added the Security: general General security concern or issue label Mar 23, 2022
@johnnyporkchops johnnyporkchops transferred this issue from fecgov/fec-cms Mar 23, 2022
@johnnyporkchops johnnyporkchops added this to the Sprint 17.6 milestone Mar 29, 2022
This was referenced Apr 6, 2022
Closed
Closed
@cnlucas
Copy link
Member Author

cnlucas commented Apr 6, 2022

FEC-CMS:
package.json: 1 High
[Snyk:High]: moment Directory Traversal will solve in fecgov/fec-cms#5150

requirements.txt: 2 Medium, 3 Low
[Snyk:Medium]: django Denial of Service (DoS) will solve in fecgov/fec-cms#5126
[Snyk:Medium]: [gitpython Regular Expression Denial of Service (ReDoS)] will solve in fecgov/fec-cms#5081

[Snyk:Low]: [django Directory Traversal]will solve in fecgov/fec-cms#5030
now-fecgov/fec-cms#5126
[Snyk:Low]: [django Information Exposure]will solve in fecgov/fec-cms#5030
now-fecgov/fec-cms#5126

OPEN-FEC:
package.json: 1 Low
[SNYK: Low]: [minimist- Prototype Pollution] #5098

requirements.txt: 2 Medium
[Snyk: Medium]: [Celery Stored Command Injection] (#5017)
[Snyk: Medium]: [gitpython Regular Expression Denial of Service (ReDoS)] (#5065)

flyway: 0

FEC-EREGS:
package.json: 0
requirements.txt: 0

FEC-PATTERN-LIBRARY:
package.json: [Snyk: High]: [moment Directory Traversal] (fecgov/fec-pattern-library#188)

Search logs:
No new users

Cloud.gov Dashboard:
9 deployer accounts--no change

Off-boarding:
None for this week

@cnlucas cnlucas closed this as completed Apr 6, 2022
@rfultz rfultz mentioned this issue Apr 12, 2022
Closed
@cnlucas cnlucas changed the title Check logs Sprint 17.6 week 2 (04/06/2022) Check logs Sprint 17.6 week 2(04/06/2022) Apr 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cnlucas cnlucas

Labels
Security: general General security concern or issue
Projects
None yet
Milestone
Sprint 17.6
Development

No branches or pull requests
2 participants
@johnnyporkchops @cnlucas