Closed tmpayton closed 1 month ago
Note: The following issues were logged based off snyk cli
in addition to snyk dashboard
.
FEC-CMS: 4 package.json: 0 requirements.txt: 4 [Snyk Medium - urllib3@1.26.18 Improper Removal of Sensitive Information Before Storage or Transfer] -(https://github.com/fecgov/fec-cms/issues/6343) [Snyk Medium - fix 8 issues: django Denial of Service (DoS,Directory Traversal ,Timing Attack)] -(https://github.com/fecgov/fec-cms/issues/6376)
OpenFEC: 3 package.json: 0 data/flyway/build.gradle: 1 Snyk: High - flyway
requirements.txt: 2 [Snyk: Medium - Certifi Insufficient Verification of Data Authenticity] -(https://github.com/fecgov/openFEC/issues/5914) [Snyk: Low - flask core] -(https://github.com/fecgov/openFEC/issues/5935)
Pattern-Library: 0
Search logs: "User changes" not found in the past week. Deployer accounts from cloud.gov dashboard: 10
Log review needs to be completed per the Security Event Review Checklist (https://github.com/fecgov/FEC/wiki/Security-Event-Review-Checklist)
Ref: https://github.com/fecgov/openFEC/issues/5921