Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check logs Sprint 7.1 week 1 #3346

Closed
hcaofec opened this issue Aug 29, 2018 · 1 comment
Closed

Check logs Sprint 7.1 week 1 #3346

hcaofec opened this issue Aug 29, 2018 · 1 comment
Assignees
@hcaofec

Comments

@hcaofec
Copy link
Contributor

hcaofec commented Aug 29, 2018

Log review needs to be completed for Sprint 7.1 ( week 1 ) per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)
@patphongs patphongs assigned pkfec and hcaofec and unassigned pkfec Sep 5, 2018
@hcaofec
Copy link
Contributor Author

hcaofec commented Sep 7, 2018

FEC-CMS: 2
package.json - 1 Medium
[Med] Snyk: Cross-site Scripting (XSS) (due 10/8) fecgov/fec-cms#2262

requirements.txt - 1 Medium
[Med] Open Redirect (due 10/8) fecgov/fec-cms#2263

OPENFEC: 2
requirements.txt - 1 High, 1 Medium
[High] Snyk: Improper Input Validation - #3344
[Med per Jay] Arbitrary Code Execution (due 9/10) - #3280

FEC-EREGS: 0

FEC-PATTERN-LIB: 4
package.json - 2 medium, 2 Low
[MED] ua-parser-js module - Regular Expression Denial of Service (ReDoS) - fecgov/fec-pattern-library#116
[MED] chownr - Time of Check Time of Use (TOCTOU) - fecgov/fec-pattern-library#127
[LOW] Two low risk modues : lodash and braces - fecgov/fec-pattern-library#117

Add/Update User Accounts: 0

Deployer Accounts/Service Keys :
9 service keys found on cloud.gov under fec-beta-fec org

@hcaofec hcaofec closed this as completed Sep 7, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hcaofec hcaofec

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pkfec @hcaofec