Update main.yml #48

margaritalm · 2024-08-13T10:29:50Z

No description provided.

margaritalm · 2024-08-13T10:32:14Z

Checkmarx One – Scan Summary & Details – 8b15add1-7dea-4718-8ecb-692452c07250

Policy Management Violations

Policy Name	Rule(s)	Break Build
NewPolicyBug	NumverOfHugh	false

New Issues

Issue	Source File / Package	Checkmarx Insight
CVE-2015-6420	Maven-commons-collections:commons-collections-3.2.1	Vulnerable Package
CVE-2016-2170	Maven-commons-collections:commons-collections-3.2.1	Vulnerable Package
CVE-2016-5007	Maven-org.springframework:spring-core-4.3.0.RELEASE	Vulnerable Package
CVE-2017-5645	Maven-org.apache.logging.log4j:log4j-core-2.3	Vulnerable Package
CVE-2017-8028	Maven-org.springframework.ldap:spring-ldap-core-2.1.0.RELEASE	Vulnerable Package
CVE-2018-1272	Maven-org.springframework:spring-core-4.3.0.RELEASE	Vulnerable Package
CVE-2019-17571	Maven-org.apache.logging.log4j:log4j-core-2.3	Vulnerable Package
CVE-2021-44228	Maven-org.apache.logging.log4j:log4j-core-2.3	Vulnerable Package
CVE-2021-45046	Maven-org.apache.logging.log4j:log4j-core-2.3	Vulnerable Package
CVE-2022-22965	Maven-org.springframework:spring-beans-4.2.5.RELEASE	Vulnerable Package
Cx78f40514-81ff	Maven-commons-collections:commons-collections-3.2.1	Vulnerable Package
Missing User Instruction	/Dockerfile: 33	A user should be specified in the dockerfile, otherwise the image will run as root
SQL_Injection	/BookDetail_jsp.java: 173	Attack Vector
SQL_Injection	/BookDetail_jsp.java: 173	Attack Vector
SQL_Injection	/test/Checkmarkscan.java: 19	Attack Vector
CSRF	/BookDetail_jsp.java: 173	Attack Vector
CSRF	/BookDetail_jsp.java: 173	Attack Vector
CVE-2018-1199	Maven-org.springframework:spring-core-4.3.0.RELEASE	Vulnerable Package
CVE-2018-1257	Maven-org.springframework:spring-test-4.3.1.RELEASE	Vulnerable Package
CVE-2020-13956	Maven-org.apache.httpcomponents:httpclient-4.5.8	Vulnerable Package
CVE-2020-15250	Maven-junit:junit-4.11	Vulnerable Package
CVE-2020-15250	Maven-junit:junit-4.12	Vulnerable Package
CVE-2021-22060	Maven-org.springframework:spring-core-4.3.0.RELEASE	Vulnerable Package
CVE-2021-22096	Maven-org.springframework:spring-core-4.3.0.RELEASE	Vulnerable Package
CVE-2021-29425	Maven-commons-io:commons-io-2.4	Vulnerable Package
CVE-2021-29425	Maven-commons-io:commons-io-2.5	Vulnerable Package
CVE-2021-44832	Maven-org.apache.logging.log4j:log4j-core-2.3	Vulnerable Package
CVE-2021-45105	Maven-org.apache.logging.log4j:log4j-core-2.3	Vulnerable Package
CVE-2022-22950	Maven-org.springframework:spring-core-4.3.0.RELEASE	Vulnerable Package
CVE-2022-22950	Maven-org.springframework:spring-expression-4.3.0.RELEASE	Vulnerable Package
CVE-2022-22968	Maven-org.springframework:spring-context-4.3.0.RELEASE	Vulnerable Package
CVE-2022-22970	Maven-org.springframework:spring-core-4.3.0.RELEASE	Vulnerable Package
CVE-2022-22970	Maven-org.springframework:spring-beans-4.2.5.RELEASE	Vulnerable Package
CVE-2022-22971	Maven-org.springframework:spring-core-4.3.0.RELEASE	Vulnerable Package
CVE-2023-20861	Maven-org.springframework:spring-expression-4.3.0.RELEASE	Vulnerable Package
CVE-2023-20863	Maven-org.springframework:spring-expression-4.3.0.RELEASE	Vulnerable Package
Missing_HSTS_Header	/BookDetail_jsp.java: 499	Attack Vector
Reflected_XSS_All_Clients	/BookDetail_jsp.java: 173	Attack Vector
Reflected_XSS_All_Clients	/BookDetail_jsp.java: 173	Attack Vector
Reflected_XSS_All_Clients	/BookDetail_jsp.java: 173	Attack Vector
Reflected_XSS_All_Clients	/BookDetail_jsp.java: 173	Attack Vector
Reflected_XSS_All_Clients	/BookDetail_jsp.java: 173	Attack Vector
Reflected_XSS_All_Clients	/BookDetail_jsp.java: 173	Attack Vector
Reflected_XSS_All_Clients	/BookDetail_jsp.java: 173	Attack Vector
Stored_XSS	/BookDetail_jsp.java: 54	Attack Vector
Stored_XSS	/BookDetail_jsp.java: 61	Attack Vector
Unpinned Actions Full Length Commit SHA	/main.yml: 21	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
CVE-2020-9488	Maven-org.apache.logging.log4j:log4j-core-2.3	Vulnerable Package
Cxeb68d52e-5509	Maven-commons-codec:commons-codec-1.11	Vulnerable Package
Healthcheck Instruction Missing	/Dockerfile: 33	Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working
Open_Redirect	/BookDetail_jsp.java: 173	Attack Vector
Open_Redirect	/BookDetail_jsp.java: 173	Attack Vector
Open_Redirect	/BookDetail_jsp.java: 414	Attack Vector
Use_Of_Hardcoded_Password_In_Config	/.github/workflows/main.yml: 27	Attack Vector

Fixed Issues

Severity	Issue	Source File / Package
	Missing_HSTS_Header	/Backup/CardTypesGrid_jsp.java: 390

margaritalm added 2 commits August 13, 2024 13:29

Update main.yml

7b72b9d

Update main.yml

3fd5ec9

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update main.yml #48

Update main.yml #48

margaritalm commented Aug 13, 2024

margaritalm commented Aug 13, 2024 •

edited by github-actions bot

Loading

Update main.yml #48

Are you sure you want to change the base?

Update main.yml #48

Conversation

margaritalm commented Aug 13, 2024

margaritalm commented Aug 13, 2024 • edited by github-actions bot Loading

Policy Management Violations

New Issues

Fixed Issues

margaritalm commented Aug 13, 2024 •

edited by github-actions bot

Loading