Assets

payments-core-k8s-cluster-78

k8s-cluster · AZURE · us-east-1 · sandbox

Handles PII

Posture

critical
3
high
4
medium
11
low
8

Ownership

Applicationpayments-core
TeamGrowth
OwnerJames Ortiz
LanguageC#
Criticality
tier-3

Findings (31)

low
Insecure deserialization in message queue consumer
SemgrepSAST
triaged
6.1
critical
Missing rate limiting on /login
GrypeContainer
open
8.9
medium
Race condition in payment idempotency
Cloudflare WAFWAF
open
6.5
high
SSRF in webhook fetcher
Cloudflare WAFWAF
triaged
4
info
Insecure deserialization in message queue consumer
CheckmarxSAST
open
6.2
info
SSRF in webhook fetcher
GrypeContainer
accepted
5.4
low
SQL Injection in user-input handler
GitleaksSecrets
triaged
8.5
high
Outdated lodash with prototype pollution
Burp Pro PenTestPenTest
triaged
6.7
critical
Log4Shell vulnerable dependency
SemgrepSAST
open
5.5
info
Missing rate limiting on /login
WizCSPM
open
5.8
high
SSRF in webhook fetcher
Cloudflare WAFWAF
false positive
9.2
medium
Dependency confusion risk on internal package
Burp Pro PenTestPenTest
open
9.8
medium
Unencrypted RDS snapshot
Contrast RASPRASP
triaged
9.7
medium
Container running as root
TruffleHogSecrets
open
7.6
low
Missing rate limiting on /login
SemgrepSAST
open
7.5
low
Open Redis without auth
SnykSCA
triaged
6.4
low
Missing rate limiting on /login
Contrast RASPRASP
open
5.6
info
SSRF in webhook fetcher
Burp Pro PenTestPenTest
open
9.1
medium
Unencrypted RDS snapshot
SemgrepSAST
open
9.5
critical
Terraform module pins old AMI with CVEs
Scout SuiteCSPM
accepted
6.3
medium
IAM role with wildcard permissions
SnykSCA
open
10
info
Path traversal in file download endpoint
CodeQLSAST
false positive
4.1