Update README.md by cx-sean-carroll · Pull Request #2 · CxSeanOrg/JavaVulnerableLab

cx-sean-carroll · 2024-03-13T20:20:55Z

No description provided.

cx-sean-carroll · 2024-03-13T20:24:10Z

Checkmarx One – Scan Summary & Details – 352e4627-c15d-4a92-9e9d-df85da05d3a8

New Issues

Issue	Source File / Package	Checkmarx Insight
CVE-2015-6420	Maven-commons-collections:commons-collections-3.2.1	Vulnerable Package
CVE-2016-2170	Maven-commons-collections:commons-collections-3.2.1	Vulnerable Package
CVE-2023-24998	Maven-org.apache.tomcat:tomcat-coyote-9.0.22	Vulnerable Package
CVE-2023-44487	Maven-org.apache.tomcat:tomcat-coyote-9.0.22	Vulnerable Package
CVE-2023-5072	Maven-org.json:json-20131018	Vulnerable Package
CVE-2023-5379	Maven-io.undertow:undertow-core-2.0.9.Final	Vulnerable Package
Unsafe_Reflection	/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java: 55	Attack Vector
CVE-2023-42795	Maven-org.apache.tomcat:tomcat-util-9.0.22	Vulnerable Package
CVE-2023-42795	Maven-org.apache.tomcat:tomcat-coyote-9.0.22	Vulnerable Package
CVE-2023-45648	Maven-org.apache.tomcat:tomcat-coyote-9.0.22	Vulnerable Package
CVE-2024-1459	Maven-io.undertow:undertow-core-2.0.9.Final	Vulnerable Package
CVE-2024-21733	Maven-org.apache.tomcat:tomcat-coyote-9.0.22	Vulnerable Package
Relative_Path_Traversal	/src/main/java/org/cysecurity/cspf/jvl/controller/ForwardMe.java: 39	Attack Vector
Relative_Path_Traversal	/src/main/java/org/cysecurity/cspf/jvl/controller/AddPage.java: 39	Attack Vector
Relative_Path_Traversal	/src/main/webapp/vulnerability/sqli/download_id_union.jsp: 18	Attack Vector
Relative_Path_Traversal	/src/main/webapp/vulnerability/sqli/download_id.jsp: 18	Attack Vector
Relative_Path_Traversal	/src/main/webapp/vulnerability/sqli/download_id.jsp: 18	Attack Vector
Relative_Path_Traversal	/src/main/webapp/vulnerability/sqli/download_id_union.jsp: 18	Attack Vector
Relative_Path_Traversal	/src/main/webapp/vulnerability/idor/download.jsp: 11	Attack Vector
Unpinned Actions Full Length Commit SHA	/cx.yml: 13	Pinning an action to a full length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps...
IAM Access Analyzer Not Enabled	/Unsecure_Sensitive_data.tf: 1	IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions

Fixed Issues

Severity	Issue	Source File / Package
	Cx6a5f7948-7054	Maven-commons-collections:commons-collections-3.2.1
	HTTP Port Open To Internet	/AJP_Open_Port.tf: 1
	Passwords And Secrets - Generic Password	/docker-compose.yml: 11
	Remote Desktop Port Open To Internet	/AJP_Open_Port.tf: 1
	Security Group With Unrestricted Access To SSH	/AJP_Open_Port.tf: 11
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Sensitive Port Is Exposed To Entire Network	/AJP_Open_Port.tf: 6
	Unknown Port Exposed To Internet	/AJP_Open_Port.tf: 11
	Unrestricted Security Group Ingress	/AJP_Open_Port.tf: 11
	CSRF	/src/main/webapp/admin/adminlogin.jsp: 12
	CSRF	/src/main/webapp/admin/adminlogin.jsp: 12
	CSRF	/src/main/webapp/admin/adminlogin.jsp: 11
	CSRF	/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java: 43
	SQL Analysis Services Port 2383 (TCP) Is Publicly Accessible	/AJP_Open_Port.tf: 6
	IAM Access Analyzer Not Enabled	/AJP_Open_Port.tf: 1

Update README.md

0d7765f

cx-sean-carroll force-pushed the master branch from 511bfc5 to b5658e0 Compare March 13, 2024 22:47

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update README.md#2

Update README.md#2
cx-sean-carroll wants to merge 1 commit intomasterfrom
matysiman-patch-13

cx-sean-carroll commented Mar 13, 2024

Uh oh!

cx-sean-carroll commented Mar 13, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

cx-sean-carroll commented Mar 13, 2024

Uh oh!

cx-sean-carroll commented Mar 13, 2024

New Issues

Fixed Issues

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants