Closed itsKedar closed 8 months ago
Checkmarx One – Scan Summary & Details – 95eff84b-febf-4874-918b-b656c48da7d2
Severity | Issue | Source File / Package | Checkmarx Insight |
---|---|---|---|
CVE-2023-46589 | Maven-org.apache.tomcat.embed:tomcat-embed-core-9.0.81 | Vulnerable Package | |
CVE-2023-6378 | Maven-ch.qos.logback:logback-core-1.2.10 | Vulnerable Package | |
CVE-2023-6378 | Maven-ch.qos.logback:logback-classic-1.2.10 | Vulnerable Package | |
Passwords And Secrets - Generic Secret | /gitlab-astcloud-sample.yml: 5 | Query to find passwords and secrets in infrastructure code. | |
Passwords And Secrets - Generic Secret | /gitlab-ast-sample.yml: 8 | Query to find passwords and secrets in infrastructure code. | |
CVE-2023-34055 | Maven-org.springframework.boot:spring-boot-2.7.14 | Vulnerable Package | |
Unpinned Actions Full Length Commit SHA | /wiki-publisher.yml: 16 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... | |
Unpinned Actions Full Length Commit SHA | /release-drafter.yml: 13 | Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps... |
Severity | Issue | Source File / Package |
---|---|---|
Reflected_XSS_All_Clients | /src/main/java/com/checkmarx/flow/controller/bitbucket/server/BitbucketServerController.java: 188 | |
Reflected_XSS_All_Clients | /src/main/java/com/checkmarx/flow/controller/bitbucket/server/postwebhook/PostWebhookController.java: 111 | |
Absolute_Path_Traversal | /src/main/java/com/checkmarx/flow/controller/ADOController.java: 199 | |
Absolute_Path_Traversal | /src/main/java/com/checkmarx/flow/controller/ADOController.java: 199 | |
Absolute_Path_Traversal | /src/main/java/com/checkmarx/flow/controller/bitbucket/server/postwebhook/PostWebhookController.java: 218 | |
Absolute_Path_Traversal | /src/main/java/com/checkmarx/flow/controller/bitbucket/server/postwebhook/PostWebhookController.java: 208 | |
Absolute_Path_Traversal | /src/main/java/com/checkmarx/flow/controller/bitbucket/server/postwebhook/PostWebhookController.java: 222 | |
Absolute_Path_Traversal | /src/main/java/com/checkmarx/flow/controller/bitbucket/server/postwebhook/PostWebhookController.java: 222 | |
Absolute_Path_Traversal | /src/main/java/com/checkmarx/flow/controller/bitbucket/server/postwebhook/PostWebhookController.java: 211 | |
Absolute_Path_Traversal | /src/main/java/com/checkmarx/flow/controller/bitbucket/server/postwebhook/PostWebhookController.java: 211 | |
Absolute_Path_Traversal | /src/main/java/com/checkmarx/flow/controller/bitbucket/server/BitbucketServerController.java: 185 | |
Absolute_Path_Traversal | /src/main/java/com/checkmarx/flow/controller/bitbucket/server/BitbucketServerController.java: 185 | |
SSRF | /src/main/java/com/checkmarx/flow/controller/bitbucket/server/BitbucketServerController.java: 188 | |
SSRF | /src/main/java/com/checkmarx/flow/controller/bitbucket/server/postwebhook/PostWebhookController.java: 111 | |
SSRF | /src/main/java/com/checkmarx/flow/controller/bitbucket/server/BitbucketServerController.java: 188 | |
SSRF | /src/main/java/com/checkmarx/flow/controller/bitbucket/server/postwebhook/PostWebhookController.java: 111 | |
SSRF | /src/main/java/com/checkmarx/flow/controller/bitbucket/server/postwebhook/PostWebhookController.java: 107 | |
SSRF | /src/main/java/com/checkmarx/flow/controller/ADOController.java: 199 | |
SSRF | /src/main/java/com/checkmarx/flow/controller/bitbucket/cloud/BitbucketCloudController.java: 213 | |
SSRF | /src/main/java/com/checkmarx/flow/controller/ADOController.java: 199 | |
Unchecked_Input_for_Loop_Condition | /src/main/java/com/checkmarx/flow/controller/GitLabController.java: 211 | |
Unchecked_Input_for_Loop_Condition | /src/main/java/com/checkmarx/flow/controller/GitHubController.java: 251 | |
Log_Forging | /src/main/java/com/checkmarx/flow/controller/GitLabController.java: 214 | |
Log_Forging | /src/main/java/com/checkmarx/flow/controller/bitbucket/server/postwebhook/PostWebhookController.java: 111 |
Description
Added latest committer email for JSON bug tracker
created a new Boolean JSON property latest-committer-email