[FOLIO-2524] Security Audit raised issues Created: 23/Mar/20  Updated: 24/Mar/21

Status: Open
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Umbrella Priority: P2
Reporter: Jakub Skoczen Assignee: Jakub Skoczen
Resolution: Unresolved Votes: 0
Labels: platform-backlog
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Blocks
is blocked by RMB-617 Security audit of JsonSchemasAPI.java... Open
is blocked by FOLIO-2563 SPIKE: propose prevention of DoS via ... Closed
is blocked by FOLIO-2564 investigate HTTP Response Header inje... Closed
is blocked by FOLIO-2565 Misleading Permission Set Configuration Closed
is blocked by FOLIO-2578 Misleading Permission Set Configurati... Closed
is blocked by MODLOGSAML-58 Arbitrary URL Redirection in SAML Res... Closed
is blocked by FOLIO-2556 SPIKE: investigate refresh tokens sup... Closed
is blocked by OKAPI-767 permissionsRequired required (securin... Closed
Relates
relates to RMB-534 Reject CQL queries that match no inde... Open
relates to MODLOGIN-128 It is possible to fetch password hash... Closed
relates to FOLIO-1233 Implement refresh tokens Closed
relates to MODLOGSAML-59 Umbrella: Cross-Site Request Forgery ... Closed
Sprint: CP: Roadmap backlog, CP: sprint 85, CP: sprint 86
Development Team: Core: Platform

 Description   
Title Related JIRA
Lack of Authentication Checks on /_/proxy/* OKAPI-767 Closed
Denial of Service Via CQL Queries FOLIO-2563 Closed
HTTP Response Header Injection FOLIO-2564 Closed
No Expiration on JSON Web Tokens FOLIO-2556 Closed
Arbitrary URL Redirection in SAML Response MODLOGSAML-58 Closed
Misleading Permission Set Configuration FOLIO-2565 Closed
Cross-Site Request Forgery (CSRF) in SSO Flow MODLOGSAML-59 Closed
User Enumeration Low TODO
Denial of Service Through User Lockout Low TODO
Server Headers Reveal Excessive Information Low TODO

Generated at Thu Feb 08 23:21:17 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.