Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check logs Sprint 25.4 Week 1 #5875

Closed
1 of 2 tasks
pkfec opened this issue Jun 20, 2024 · 1 comment
Closed
1 of 2 tasks

Check logs Sprint 25.4 Week 1 #5875

pkfec opened this issue Jun 20, 2024 · 1 comment
Assignees
Labels
Security: general General security concern or issue
Milestone

Comments

@pkfec
Copy link
Contributor

pkfec commented Jun 20, 2024

Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)

Ref: #5863

@pkfec pkfec added the Security: general General security concern or issue label Jun 20, 2024
@pkfec pkfec added this to the 25.4 milestone Jun 20, 2024
@cnlucas
Copy link
Member

cnlucas commented Jun 26, 2024

Note: The following issues were logged based off snyk cli in addition to snyk dashboard.

FEC-CMS: 7
package.json: 2 (do not show up in snyk browser)
[Snyk: Med - Information Exposure] (fecgov/fec-cms#6307)
[Snyk: High - Watchify] (fecgov/fec-cms#6321)

requirements.txt: 5
[Snyk Medium - [email protected] Regular Expression Denial of Service (ReDoS)] (fecgov/fec-cms#6268)
[Snyk Medium - requests@[email protected] Always-Incorrect Control Flow Implementation] (fecgov/fec-cms#6285)
[Snyk Medium - [email protected] Cross-site Scripting (XSS)] (fecgov/fec-cms#6250)
[Snyk Medium - [email protected] Regular Expression Denial of Service (ReDoS)] (fecgov/fec-cms#6269)
[Snyk Medium - [email protected] Improper Removal of Sensitive Information Before Storage or Transfer] -(fecgov/fec-cms#6343)

OpenFEC: 4
flyway: 1
[Snyk Medium - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')] -#5878
package.json: 0
requirements.txt: 2
[Snyk Low - Flask-cors Log Injection LOCUST ] - #5807
[Snyk Medium - requests Always-Incorrect Control Flow Implementation] - (#5845)
[Snyk Medium - [email protected] Improper Removal of Sensitive Information Before Storage or Transfer] -(#5877)

Pattern-Library: 1
[Snyk - [email protected] Medium Template Injection] (fecgov/fec-pattern-library#223)

Search logs:
No "User changes" found in the past week.
Deployer accounts from cloud.gov dashboard: 10

@cnlucas cnlucas closed this as completed Jun 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Security: general General security concern or issue
Projects
Status: ✅ Done
Development

No branches or pull requests

2 participants