server
server copied to clipboard
bitwarden
Sample kernel / extensions concept
Checkmarx One – Scan Summary & Details – ef6fa51c-25a9-4152-bfc2-eaa4997a5e70
New Issues
| Severity | Issue | Source File / Package | Checkmarx Insight |
|---|---|---|---|
 |
Missing User Instruction | /Dockerfile: 1 | A user should be specified in the dockerfile, otherwise the image will run as root |
 |
Apt Get Install Pin Version Not Defined | /Dockerfile: 5 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 5 | When installing a package, its pin version should be defined |
|
Image Version Using 'latest' | /Dockerfile: 1 | When building images, always tag them with useful tags which codify version information, intended destination (prod or test, for instance), stabili... |
|
Privacy_Violation | /src/Core/Auth/Services/Implementations/AuthRequestService.cs: 94 | Attack Vector |
|
Privacy_Violation | /src/Core/Auth/Services/Implementations/AuthRequestService.cs: 139 | Attack Vector |
|
Privacy_Violation | /src/Core/Auth/Services/Implementations/AuthRequestService.cs: 135 | Attack Vector |
Fixed Issues
| Severity | Issue | Source File / Package | Checkmarx Insight |
|---|---|---|---|
|
Missing User Instruction | /Dockerfile: 1 | A user should be specified in the dockerfile, otherwise the image will run as root |
|
Reflected_XSS_All_Clients | /src/Admin/Views/Shared/_OrganizationFormScripts.cshtml: 133 | Attack Vector |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 5 | When installing a package, its pin version should be defined |
|
Apt Get Install Pin Version Not Defined | /Dockerfile: 5 | When installing a package, its pin version should be defined |
|
Image Version Using 'latest' | /Dockerfile: 1 | When building images, always tag them with useful tags which codify version information, intended destination (prod or test, for instance), stabili... |
|
Privacy_Violation | /src/Core/Auth/Services/Implementations/AuthRequestService.cs: 142 | Attack Vector |
|
Privacy_Violation | /src/Core/Auth/Services/Implementations/AuthRequestService.cs: 210 | Attack Vector |
|
Privacy_Violation | /src/Core/Auth/Services/Implementations/AuthRequestService.cs: 206 | Attack Vector |
 |
Use_Of_Hardcoded_Password | /test/Core.Test/Services/UserServiceTests.cs: 276 | Attack Vector |
