Internet-exposed
Posture
critical
3
high
2
medium
8
low
1
Ownership
Findings (18)
medium
IAM role with wildcard permissions
SnykSCA
open
5.3
info
Unencrypted RDS snapshot
ProwlerCSPM
open
5.4
medium
Terraform module pins old AMI with CVEs
DependabotSCA
open
7.4
low
Path traversal in file download endpoint
Cloudflare WAFWAF
open
5.4
info
JWT signed with weak HS256 secret
ProwlerCSPM
triaged
4.5
critical
IAM role with wildcard permissions
ProwlerCSPM
triaged
4
medium
JWT signed with weak HS256 secret
Cloudflare WAFWAF
open
9.8
medium
Terraform module pins old AMI with CVEs
WizCSPM
open
6
medium
Missing CSP header on auth pages
GitleaksSecrets
open
4.9
medium
JWT signed with weak HS256 secret
SonarQubeSAST
triaged
5.3
info
Log4Shell vulnerable dependency
CheckovIaC
accepted
6.5
medium
SSRF in webhook fetcher
Burp Pro PenTestPenTest
accepted
9.1
critical
IAM role with wildcard permissions
SemgrepSAST
accepted
8.6
critical
S3 bucket publicly readable
SonarQubeSAST
triaged
7.6
info
Missing rate limiting on /login
WizCSPM
triaged
4.2