Assets

payments-core-k8s-cluster-17

k8s-cluster · GCP · ap-south-1 · production

Posture

critical
2
high
5
medium
11
low
3

Ownership

Applicationpayments-core
TeamGrowth
OwnerJames Ortiz
LanguageC#
Criticality
tier-3

Findings (25)

info
Unencrypted RDS snapshot
DependabotSCA
triaged
5.4
high
SQL Injection in user-input handler
Contrast RASPRASP
triaged
5.5
info
Path traversal in file download endpoint
tfsecIaC
open
9.4
medium
Excessive Kubernetes RBAC privileges
Contrast RASPRASP
open
8.5
low
Excessive Kubernetes RBAC privileges
CheckovIaC
accepted
6.9
high
Open Redis without auth
SonarQubeSAST
open
7.9
high
Missing rate limiting on /login
SemgrepSAST
accepted
5.6
medium
SSRF in webhook fetcher
TrivyContainer
open
9.5
medium
Container running as root
TruffleHogSecrets
open
7.4
medium
Container running as root
GrypeContainer
false positive
6.9
info
Cross-site Scripting in profile renderer
ProwlerCSPM
open
7
critical
Cross-site Scripting in profile renderer
Cloudflare WAFWAF
open
5.1
high
S3 bucket publicly readable
CodeQLSAST
open
7.6
high
Missing CSP header on auth pages
Contrast RASPRASP
open
7.3