Assets

notifications-vm-79

vm · GCP · ap-southeast-2 · staging

Internet-exposed

Posture

critical
3
high
2
medium
9
low
3

Ownership

Applicationnotifications
TeamInfra
OwnerJames Ortiz
LanguageGo
Criticality
tier-1

Findings (18)

critical
SSRF in webhook fetcher
tfsecIaC
false positive
6.5
medium
Missing rate limiting on /login
Burp Pro PenTestPenTest
open
4.9
critical
Hardcoded AWS access key in source
SnykSCA
triaged
8
info
Open Redis without auth
GitleaksSecrets
triaged
6.4
medium
Missing CSP header on auth pages
Scout SuiteCSPM
accepted
9.2
medium
Cross-site Scripting in profile renderer
Cloudflare WAFWAF
false positive
6.1
medium
Container running as root
Burp Pro PenTestPenTest
open
7.1
medium
SSRF in webhook fetcher
Cloudflare WAFWAF
triaged
9.8
medium
Unencrypted RDS snapshot
SnykSCA
open
4.9
low
Insecure deserialization in message queue consumer
SemgrepSAST
open
9.2
low
Missing CSP header on auth pages
tfsecIaC
triaged
4.3
low
Missing rate limiting on /login
TruffleHogSecrets
open
5.2
medium
Container running as root
TrivyContainer
false positive
4.9
high
Excessive Kubernetes RBAC privileges
Burp Pro PenTestPenTest
triaged
8.7
critical
JWT signed with weak HS256 secret
TrivyContainer
false positive
7.6