Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check logs Innovation sprint 17 week 2 #5100

Closed
rfultz opened this issue Apr 12, 2022 · 1 comment
Closed

Check logs Innovation sprint 17 week 2 #5100

rfultz opened this issue Apr 12, 2022 · 1 comment
Assignees
@cnlucas
Labels
Security: general General security concern or issue
Milestone
PI 17 innovation

Comments

@rfultz
Copy link
Contributor

rfultz commented Apr 12, 2022
edited by cnlucas
Loading

Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

Ref: Check logs Sprint 17.6 week 1
@rfultz rfultz added this to the PI 17 innovation milestone Apr 12, 2022
@rfultz rfultz changed the title Check Logs Week 2 Innovation Sprint Check logs Innovation sprint 17 week 3 Apr 12, 2022
@rfultz rfultz changed the title Check logs Innovation sprint 17 week 3 Check logs Innovation sprint 17 week 2 Apr 12, 2022
@cnlucas cnlucas added the Security: general General security concern or issue label Apr 12, 2022
@cnlucas cnlucas self-assigned this Apr 12, 2022
@cnlucas
Copy link
Member

cnlucas commented Apr 20, 2022

FEC-CMS:
package.json: None

requirements.txt: 2 High, 2 Medium, 2 Low
[Snyk:High]: django SQL Injection will solve in fecgov/fec-cms#5161
[Snyk:High]: django SQL Injection will solve in fecgov/fec-cms#5161

[Snyk:Medium]: django Denial of Service (DoS) will solve in fecgov/fec-cms#5161
[Snyk:Medium]: [gitpython Regular Expression Denial of Service (ReDoS)] will solve in fecgov/fec-cms#5081

[Snyk:Low]: [django Directory Traversal]will solve in fecgov/fec-cms#5161
[Snyk:Low]: [django Information Exposure]will solve in fecgov/fec-cms#5161

OPEN-FEC:
package.json: 1 High, 1 Low
[SNYK: High]: [async- Prototype Pollution] -no remediation path yet
[SNYK: Low]: [minimist- Prototype Pollution] #5098

requirements.txt: 2 Medium
[Snyk: Medium]: [Celery Stored Command Injection] (#5017)

flyway: 0

FEC-EREGS:
package.json: 0
requirements.txt: 2 High
[Snyk:High]: django SQL Injection will solve in fecgov/fec-eregs#681
[Snyk:High]: django SQL Injection will solve in fecgov/fec-eregs#681

FEC-PATTERN-LIBRARY:
package.json: 1 High
[Snyk: High]: [moment Directory Traversal] (fecgov/fec-pattern-library#188)

Search logs:
No new users

Cloud.gov Dashboard:
9 deployer accounts--no change

Off-boarding:
None for this week

@cnlucas cnlucas closed this as completed Apr 20, 2022
@cnlucas cnlucas mentioned this issue Apr 26, 2022
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cnlucas cnlucas

Labels
Security: general General security concern or issue
Projects
None yet
Milestone
PI 17 innovation
Development

No branches or pull requests
2 participants
@rfultz @cnlucas