Closed nickumia-reisys closed 1 year ago
False alarm. We do not have a MondoDB instance in our application stack.
Follow-on conversation: https://gsa-tts.slack.com/archives/C2N85536E/p1695315668061409
Same vulnerability shows up again in SecOps Invict September 2023 report, claiming first seen 9/9/23
.
_Please keep any sensitive details in Google Drive._
Date of report: 2023.08.28 Severity: HIGH Due date: 2023.09.28
Due date is based on severity and described in RA-5. 15-days for Critical, 30-days for High, and 90-days for Moderate and lower.
* When a finding is identified, we create two issues. One to address the specific instance identified in the report. The other is to identify and address all other occurrences of this vulnerability within the application.
Brief description
https://docs.google.com/document/d/1rW0VOzfCrjXOI0O1gTAOm225_fTbu5Cjrg7yJTYYBBg/edit#heading=h.df0ffb7howvl