Assets

vault-vm-92

vm · AWS · eu-west-1 · production

Posture

critical
2
high
3
medium
12
low
2

Ownership

Applicationvault
TeamIdentity
OwnerElena Rossi
LanguageTypeScript
Criticality
tier-3

Findings (22)

medium
Log4Shell vulnerable dependency
OWASP ZAPDAST
open
6.9
medium
IAM role with wildcard permissions
CheckmarxSAST
open
5.2
medium
Excessive Kubernetes RBAC privileges
CheckovIaC
open
5.9
medium
Insecure deserialization in message queue consumer
Burp Pro PenTestPenTest
triaged
9.4
info
Terraform module pins old AMI with CVEs
CodeQLSAST
triaged
5.2
medium
S3 bucket publicly readable
TrivyContainer
accepted
8.5
low
Missing rate limiting on /login
OWASP ZAPDAST
open
7
medium
Container running as root
Contrast RASPRASP
triaged
5.3
critical
JWT signed with weak HS256 secret
CheckovIaC
open
8.6
low
Unencrypted RDS snapshot
SemgrepSAST
false positive
7.9
high
Insecure deserialization in message queue consumer
TrivyContainer
open
4.4
critical
Terraform module pins old AMI with CVEs
TruffleHogSecrets
open
4.5
high
Cross-site Scripting in profile renderer
Cloudflare WAFWAF
triaged
5.4
medium
Path traversal in file download endpoint
SonarQubeSAST
triaged
8.8
info
Race condition in payment idempotency
Burp SuiteDAST
false positive
7.2
high
Race condition in payment idempotency
Contrast RASPRASP
open
7.1
medium
Missing rate limiting on /login
GrypeContainer
open
8.9
medium
Missing CSP header on auth pages
ProwlerCSPM
open
9.6
info
S3 bucket publicly readable
CodeQLSAST
accepted
7.8
medium
Race condition in payment idempotency
Burp Pro PenTestPenTest
false positive
5.8