diff --git a/docs/content/en/open_source/upgrading/2.47.md b/docs/content/en/open_source/upgrading/2.47.md index 02d00a70d13..9472ed1c6ea 100644 --- a/docs/content/en/open_source/upgrading/2.47.md +++ b/docs/content/en/open_source/upgrading/2.47.md @@ -8,8 +8,9 @@ description: Drop support for PostgreSQL-HA in HELM This release removes support for the PostgreSQL-HA (High Availability) Helm chart as a dependency in the DefectDojo Helm chart. Users relying on the PostgreSQL-HA Helm chart will need to transition to using the standard PostgreSQL configuration or an external PostgreSQL database. -There are no special instructions for upgrading to 2.47.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.47.0) for the contents of the release. - ## Removal of Asynchronous Import -Please note that asynchronous import has been removed as it was announced in 2.46. If you haven't migrated from this feature yet, we recommend doing before upgrading to 2.47.0 \ No newline at end of file +Please note that asynchronous import has been removed as it was announced in 2.46. If you haven't migrated from this feature yet, we recommend doing before upgrading to 2.47.0 + + +There are no special instructions for upgrading to 2.47.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.47.0) for the contents of the release. \ No newline at end of file diff --git a/docs/content/en/open_source/upgrading/2.48.md b/docs/content/en/open_source/upgrading/2.48.md index 586e24dbf76..8d992f9d90a 100644 --- a/docs/content/en/open_source/upgrading/2.48.md +++ b/docs/content/en/open_source/upgrading/2.48.md @@ -2,6 +2,10 @@ title: 'Upgrading to DefectDojo Version 2.48.x' toc_hide: true weight: -20250602 -description: No special instructions. +description: Better pushing to JIRA for Finding Groups --- -There are no special instructions for upgrading to 2.48.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.48.0) for the contents of the release. + +## Finding Group JIRA Issue template changes +As part of [PR 12475](https://github.com/DefectDojo/django-DefectDojo/pull/12475) the [jira-finding-group-description.tpl](https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/templates/issue-trackers/jira_full/jira-finding-group-description.tpl) was updated. If you're using a custom set of JIRA template files, please review the PR for any changes you need to take into account. + +There are no special instructions for upgrading to 2.48.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.48.0) for the contents of the release. \ No newline at end of file diff --git a/dojo/fixtures/dojo_testdata.json b/dojo/fixtures/dojo_testdata.json index b35d570eaab..778b461e78c 100644 --- a/dojo/fixtures/dojo_testdata.json +++ b/dojo/fixtures/dojo_testdata.json @@ -2164,7 +2164,7 @@ "epic_name_id": 10011, "open_status_key": 11, "close_status_key": 41, - "info_mapping_severity": "Trivial", + "info_mapping_severity": "Lowest", "low_mapping_severity": "Low", "medium_mapping_severity": "Medium", "high_mapping_severity": "High", diff --git a/dojo/jira_link/helper.py b/dojo/jira_link/helper.py index e7fd62c4845..7b62cce7538 100644 --- a/dojo/jira_link/helper.py +++ b/dojo/jira_link/helper.py @@ -109,12 +109,36 @@ def is_push_all_issues(instance): return None -def _safely_get_finding_group_status(finding_group: Finding_Group) -> str: - # Accommodating a strange behavior where a finding group sometimes prefers `obj.status` rather than `obj.status()` - try: - return finding_group.status() - except TypeError: # TypeError: 'str' object is not callable - return finding_group.status +def _safely_get_obj_status_for_jira(obj: Finding | Finding_Group, *, isenforced: bool = False) -> str: + # Accommodating a strange behavior where a obj sometimes prefers `obj.status` rather than `obj.status()` + status = [] + if isinstance(obj, Finding): + try: + return obj.status() + except TypeError: # TypeError: 'str' object is not callable + return obj.status + + if isinstance(obj, Finding_Group): + # only consider findings that are above the minimum threshold, but includ inactive and non-verified findings + findings = get_finding_group_findings_above_threshold(obj) + if not findings: + return ["Empty", "Inactive"] + + for find in findings: + logger.debug(f"Finding {find.id} status {find.active} {find.verified} {find.is_mitigated}") + + # This iterates 3 times over the list of findings, but any code doing 1 iteration would looke it's from 1990 + if any(find.active for find in findings): + status += ["Active"] + + if any((find.active and find.verified) for find in findings): + status += ["Verified"] + + if all(find.is_mitigated for find in findings): + status += ["Mitigated", "Inactive"] + + # if no active findings are found, we must assume the status is inactive + return status or ["Inactive"] # checks if a finding can be pushed to JIRA @@ -141,6 +165,12 @@ def can_be_pushed_to_jira(obj, form=None): # findings or groups already having an existing jira issue can always be pushed return True, None, None + jira_minimum_threshold = None + if System_Settings.objects.get().jira_minimum_severity: + jira_minimum_threshold = Finding.get_number_severity(System_Settings.objects.get().jira_minimum_severity) + + isenforced = get_system_setting("enforce_verified_status", True) or get_system_setting("enforce_verified_status_jira", True) + if isinstance(obj, Finding): if form: active = form["active"].value() @@ -153,25 +183,24 @@ def can_be_pushed_to_jira(obj, form=None): logger.debug("can_be_pushed_to_jira: %s, %s, %s", active, verified, severity) - isenforced = get_system_setting("enforce_verified_status", True) or get_system_setting("enforce_verified_status_jira", True) - if not active or (not verified and isenforced): logger.debug("Findings must be active and verified, if enforced by system settings, to be pushed to JIRA") - return False, "Findings must be active and verified, if enforced by system settings, to be pushed to JIRA", "not_active_or_verified" + return False, "Findings must be active and verified, if enforced by system settings, to be pushed to JIRA", "error_not_active_or_verified" - jira_minimum_threshold = None - if System_Settings.objects.get().jira_minimum_severity: - jira_minimum_threshold = Finding.get_number_severity(System_Settings.objects.get().jira_minimum_severity) - - if jira_minimum_threshold and jira_minimum_threshold > Finding.get_number_severity(severity): - logger.debug(f"Finding below the minimum JIRA severity threshold ({System_Settings.objects.get().jira_minimum_severity}).") - return False, f"Finding below the minimum JIRA severity threshold ({System_Settings.objects.get().jira_minimum_severity}).", "below_minimum_threshold" + if jira_minimum_threshold and jira_minimum_threshold > Finding.get_number_severity(severity): + logger.debug(f"Finding below the minimum JIRA severity threshold ({System_Settings.objects.get().jira_minimum_severity}).") + return False, f"Finding below the minimum JIRA severity threshold ({System_Settings.objects.get().jira_minimum_severity}).", "error_below_minimum_threshold" elif isinstance(obj, Finding_Group): - if not obj.findings.all(): - return False, f"{to_str_typed(obj)} cannot be pushed to jira as it is empty.", "error_empty" - # Determine if the finding group is not active - if "Active" not in _safely_get_finding_group_status(obj): - return False, f"{to_str_typed(obj)} cannot be pushed to jira as it is not active.", "error_inactive" + finding_group_status = _safely_get_obj_status_for_jira(obj) + logger.error(f"Finding group status: {finding_group_status}") + if "Empty" in finding_group_status: + return False, f"{to_str_typed(obj)} cannot be pushed to jira as it contains no findings above minimum treshold.", "error_empty" + + if isenforced and "Verified" not in finding_group_status: + return False, f"{to_str_typed(obj)} cannot be pushed to jira as it contains no active and verified findings above minimum treshold.", "error_not_active_or_verified" + + if "Active" not in _safely_get_obj_status_for_jira(obj): + return False, f"{to_str_typed(obj)} cannot be pushed to jira as it contains no active findings above minimum treshold.", "error_inactive" else: return False, f"{to_str_typed(obj)} cannot be pushed to jira as it is of unsupported type.", "error_unsupported" @@ -503,6 +532,20 @@ def get_jira_status(finding): return None +# Used for unit testing so geting all the connections is manadatory +def get_jira_priortiy(finding): + if finding.has_jira_issue: + j_issue = finding.jira_issue.jira_id + elif finding.finding_group and finding.finding_group.has_jira_issue: + j_issue = finding.finding_group.jira_issue.jira_id + + if j_issue: + project = get_jira_project(finding) + issue = jira_get_issue(project, j_issue) + return issue.fields.priority + return None + + # Used for unit testing so geting all the connections is manadatory def get_jira_comments(finding): if finding.has_jira_issue: @@ -644,7 +687,22 @@ def jira_description(obj): def jira_priority(obj): - return get_jira_instance(obj).get_priority(obj.severity) + if isinstance(obj, Finding): + return get_jira_instance(obj).get_priority(obj.severity) + + if isinstance(obj, Finding_Group): + # priority based on qualified findings, so if alls criticals get closed, the priority will gets lowered etc + active_findings = get_qualified_findings(obj) + + if not active_findings: + # using a string literal "Info" as we don't really have a "enum" for this anywhere + max_number_severity = Finding.get_number_severity("Info") + else: + max_number_severity = max(Finding.get_number_severity(find.severity) for find in active_findings) + return get_jira_instance(obj).get_priority(Finding.get_severity(max_number_severity)) + + msg = f"Unsupported object type for jira_priority: {obj.__class__.__name__}" + raise ValueError(msg) def jira_environment(obj): @@ -791,7 +849,7 @@ def prepare_jira_issue_fields( def add_jira_issue(obj, *args, **kwargs): def failure_to_add_message(message: str, exception: Exception, _: Any) -> bool: if exception: - logger.error(exception) + logger.error("Exception occurred", exc_info=exception) logger.error(message) log_jira_alert(message, obj) return False @@ -835,7 +893,7 @@ def failure_to_add_message(message: str, exception: Exception, _: Any) -> bool: duedate = None if System_Settings.objects.get().enable_finding_sla: - duedate = obj.sla_deadline() + duedate = get_sla_deadline(obj) # Set the fields that will compose the jira issue try: issuetype_fields = get_issuetype_fields(jira, jira_project.project_key, jira_instance.default_issue_type) @@ -861,7 +919,7 @@ def failure_to_add_message(message: str, exception: Exception, _: Any) -> bool: return failure_to_add_message(message, e, obj) # Create a new issue in Jira with the fields set in the last step try: - logger.debug("sending fields to JIRA: %s", fields) + logger.debug("Creating new JIRA issue with fields: %s", json.dumps(fields, indent=4)) new_issue = jira.create_issue(fields) logger.debug("saving JIRA_Issue for %s finding %s", new_issue.key, obj.id) j_issue = JIRA_Issue(jira_id=new_issue.id, jira_key=new_issue.key, jira_project=jira_project) @@ -964,6 +1022,19 @@ def failure_to_update_message(message: str, exception: Exception, obj: Any) -> b labels = get_labels(obj) + get_tags(obj) if labels: labels = list(dict.fromkeys(labels)) # de-dup + + # Only Finding Groups will have their priority synced on updates. + # For Findings we resepect any priority change made in JIRA + # https://github.com/DefectDojo/django-DefectDojo/pull/9571 and https://github.com/DefectDojo/django-DefectDojo/pull/12475 + jira_priority_name = None + if isinstance(obj, Finding_Group): + jira_priority_name = jira_priority(obj) + + # Determine what due date to set on the jira issue + duedate = None + if System_Settings.objects.get().enable_finding_sla: + duedate = get_sla_deadline(obj) + # Set the fields that will compose the jira issue try: issuetype_fields = get_issuetype_fields(jira, jira_project.project_key, jira_instance.default_issue_type) @@ -975,20 +1046,19 @@ def failure_to_update_message(message: str, exception: Exception, obj: Any) -> b component_name=jira_project.component if not issue.fields.components else None, labels=labels + issue.fields.labels, environment=jira_environment(obj), - # Do not update the priority in jira after creation as this could have changed in jira, but should not change in dojo - # priority_name=jira_priority(obj), + priority_name=jira_priority_name, + duedate=duedate, issuetype_fields=issuetype_fields) except Exception as e: message = f"Failed to fetch fields for {jira_instance.default_issue_type} under project {jira_project.project_key} - {e}" return failure_to_update_message(message, e, obj) + # Update the issue in jira try: - logger.debug("sending fields to JIRA: %s", fields) + logger.debug("Updating JIRA issue with fields: %s", json.dumps(fields, indent=4)) issue.update( summary=fields["summary"], description=fields["description"], - # Do not update the priority in jira after creation as this could have changed in jira, but should not change in dojo - # priority=fields['priority'], fields=fields) j_issue.jira_change = timezone.now() j_issue.save() @@ -1093,10 +1163,12 @@ def issue_from_jira_is_active(issue_from_jira): def push_status_to_jira(obj, jira_instance, jira, issue, *, save=False): - status_list = _safely_get_finding_group_status(obj) + status_list = _safely_get_obj_status_for_jira(obj) issue_closed = False + updated = False + logger.debug("pushing status to JIRA for %d:%s status:%s", obj.id, to_str_typed(obj), status_list) # check RESOLVED_STATUS first to avoid corner cases with findings that are Inactive, but verified - if any(item in status_list for item in RESOLVED_STATUS): + if not updated and any(item in status_list for item in RESOLVED_STATUS): if issue_from_jira_is_active(issue): logger.debug("Transitioning Jira issue to Resolved") updated = jira_transition(jira, issue, jira_instance.close_status_key) @@ -1141,12 +1213,14 @@ def get_issuetype_fields( try: project = meta["projects"][0] except Exception: + logger.debug("JIRA meta: %s", json.dumps(meta, indent=4)) # this is None safe msg = "Project misconfigured or no permissions in Jira ?" raise JIRAError(msg) try: issuetype_fields = project["issuetypes"][0]["fields"].keys() except Exception: + logger.debug("JIRA meta: %s", json.dumps(meta, indent=4)) # this is None safe msg = "Misconfigured default issue type ?" raise JIRAError(msg) @@ -1753,3 +1827,59 @@ def save_and_push_to_jira(finding): # the updated data of the finding is pushed as part of the group if push_to_jira_decision and finding_in_group: push_to_jira(finding.finding_group) + + +def get_finding_group_findings_above_threshold(finding_group): + """Get the findings that are above the minimum threshold""" + jira_minimum_threshold = 0 + if System_Settings.objects.get().jira_minimum_severity: + jira_minimum_threshold = Finding.get_numerical_severity(System_Settings.objects.get().jira_minimum_severity) + + return [finding for finding in finding_group.findings.all() if finding.numerical_severity <= jira_minimum_threshold] + + +def is_qualified(finding): + """Check if the finding is qualified to be pushed to JIRA, i.e. active, verified (unless not enforced) and severity is above the threshold""" + jira_minimum_threshold = None + if System_Settings.objects.get().jira_minimum_severity: + jira_minimum_threshold = Finding.get_numerical_severity(System_Settings.objects.get().jira_minimum_severity) + + isenforced = get_system_setting("enforce_verified_status", True) or get_system_setting("enforce_verified_status_jira", True) + + return finding.active and (finding.verified or not isenforced) and (finding.numerical_severity <= jira_minimum_threshold) + + +def get_qualified_findings(finding_group): + """Filters findings to return only findings qualified to be pushed to JIRA, i.e. active, verified (unless not enforced) and severity is above the threshold""" + if not finding_group.findings.all(): + return None + + return [find for find in finding_group.findings.all() if is_qualified(find)] + + +def get_non_qualified_findings(finding_group): + """Filters findings to return only findings not qualified to be pushed to JIRA, i.e. inactive, not-verified (unless not enforced) and severity is below the threshold""" + if not finding_group.findings.all(): + return None + + return [find for find in finding_group.findings.all() if not is_qualified(find)] + + +def get_sla_deadline(obj): + """Get the earliest SLA deadline from a finding or a list of findings, this typically includes all qualified findings in the group""" + if not obj: + return None + + if isinstance(obj, Finding): + return obj.sla_deadline() + + if isinstance(obj, Finding_Group): + return min([find.sla_deadline() for find in get_qualified_findings(obj) if find.sla_deadline()], default=None) + + msg = f"get_sla_deadline: obj passed that is not a Finding or Finding_Group: {type(obj)}" + raise ValueError(msg) + + +def get_severity(findings): + max_number_severity = max(Finding.get_number_severity(find.severity) for find in findings) + return Finding.get_severity(max_number_severity) diff --git a/dojo/templates/issue-trackers/jira_full/jira-finding-group-description.tpl b/dojo/templates/issue-trackers/jira_full/jira-finding-group-description.tpl index 92a8997af27..11ab109af30 100644 --- a/dojo/templates/issue-trackers/jira_full/jira-finding-group-description.tpl +++ b/dojo/templates/issue-trackers/jira_full/jira-finding-group-description.tpl @@ -10,13 +10,16 @@ A group of Findings has been pushed to JIRA to be investigated and fixed: h2. Group *Group*: [{{ finding_group.name|jiraencode}}|{{ finding_group_url|full_url }}] in [{{ finding_group.test.engagement.product.name|jiraencode }}|{{ product_url|full_url }}] / [{{ finding_group.test.engagement.name|jiraencode }}|{{ engagement_url|full_url }}] / [{{ finding_group.test|stringformat:'s'|jiraencode }}|{{ test_url|full_url }}] +h2. Summary +*Severity:* {{ finding_group.findings.all | jira_severity }} {% if finding_group.sla_deadline %} *Due Date:* {{ finding_group | jira_sla_deadline }} {% endif %} -|| Severity || CVE || CWE || Component || Version || Title || Status ||{% for finding in finding_group.findings.all %} -| {{finding.severity}} | {% if finding.cve %}[{{finding.cve}}|{{finding.cve|vulnerability_url}}]{% else %}None{% endif %} | [{{finding.cwe}}|{{finding.cwe|cwe_url}}] | {{finding.component_name|jiraencode_component}} | {{finding.component_version}} | {% url 'view_finding' finding.id as finding_url %}[{{ finding.title|jiraencode}}|{{ finding_url|full_url }}] | {{ finding.status }} |{% endfor %} +Findings matching the Active, Verified and Severity criteria: +|| Severity || CVE || CWE || Component || Version || Title || Status ||{% for finding in finding_group|jira_qualified_findings %} +|{{finding.severity}}|{% if finding.cve %}[{{finding.cve}}|{{finding.cve|vulnerability_url}}]{% else %}None{% endif %}|[{{finding.cwe}}|{{finding.cwe|cwe_url}}]|{{finding.component_name|jiraencode_component}}|{{finding.component_version}}|{% url 'view_finding' finding.id as finding_url %}[{{ finding.title|jiraencode}}|{{ finding_url|full_url }}]|{{ finding.status }}|{% endfor %} -*Severity:* {{ finding_group.severity }} - -{% if finding_group.sla_deadline %} *Due Date:* {{ finding_group.sla_deadline }} {% endif %} +Findings *not* matching the Active, Verified and Severity criteria: +|| Severity || CVE || CWE || Component || Version || Title || Status ||{% for finding in finding_group|jira_non_qualified_findings %} +|{{finding.severity}}|{% if finding.cve %}[{{finding.cve}}|{{finding.cve|vulnerability_url}}]{% else %}None{% endif %}|[{{finding.cwe}}|{{finding.cwe|cwe_url}}]|{{finding.component_name|jiraencode_component}}|{{finding.component_version}}|{% url 'view_finding' finding.id as finding_url %}[{{ finding.title|jiraencode}}|{{ finding_url|full_url }}]|{{ finding.status }}|{% endfor %} {% if finding_group.test.engagement.branch_tag %} *Branch/Tag:* {{ finding_group.test.engagement.branch_tag }} diff --git a/dojo/templates/issue-trackers/jira_limited/jira-finding-group-description.tpl b/dojo/templates/issue-trackers/jira_limited/jira-finding-group-description.tpl index b80b20c5790..6c2cba4ff0f 100644 --- a/dojo/templates/issue-trackers/jira_limited/jira-finding-group-description.tpl +++ b/dojo/templates/issue-trackers/jira_limited/jira-finding-group-description.tpl @@ -7,11 +7,18 @@ A group of Findings has been pushed to JIRA to be investigated and fixed: +h2. Group *Group*: [{{ finding_group.name|jiraencode}}|{{ finding_group_url|full_url }}] in [{{ finding_group.test.engagement.product.name|jiraencode }}|{{ product_url|full_url }}] / [{{ finding_group.test.engagement.name|jiraencode }}|{{ engagement_url|full_url }}] / [{{ finding_group.test|stringformat:'s'|jiraencode }}|{{ test_url|full_url }}] -Findings: -{% for finding in finding_group.findings.all %} -{% url 'view_finding' finding.id as finding_url %} +h2. Summary +*Severity:* {{ finding_group.findings.all | jira_severity }} {% if finding_group.sla_deadline %} *Due Date:* {{ finding_group | jira_sla_deadline }} {% endif %} + +Findings matching the Active, Verified and Severity criteria: +{% for finding in finding_group|jira_qualified_findings %} +- [{{ finding.title|jiraencode}}|{{ finding_url|full_url }}]{% endfor %} + +Findings *not* matching the Active, Verified and Severity criteria: +{% for finding in finding_group|jira_non_qualified_findings %} - [{{ finding.title|jiraencode}}|{{ finding_url|full_url }}]{% endfor %} {% if finding_group.test.engagement.branch_tag %} diff --git a/dojo/templatetags/display_tags.py b/dojo/templatetags/display_tags.py index af6e3dc0e1f..4411a9c0fc8 100644 --- a/dojo/templatetags/display_tags.py +++ b/dojo/templatetags/display_tags.py @@ -870,6 +870,26 @@ def jira_change(obj): return jira_helper.get_jira_change(obj) +@register.filter +def jira_qualified_findings(finding_group): + return jira_helper.get_qualified_findings(finding_group) + + +@register.filter +def jira_non_qualified_findings(finding_group): + return jira_helper.get_non_qualified_findings(finding_group) + + +@register.filter +def jira_sla_deadline(obj): + return jira_helper.get_sla_deadline(obj) + + +@register.filter +def jira_severity(findings): + return jira_helper.get_severity(findings) + + @register.filter def get_thumbnail(file): from pathlib import Path diff --git a/run-unittest.sh b/run-unittest.sh index 6aaa8c78cb4..062ef1c9e0a 100755 --- a/run-unittest.sh +++ b/run-unittest.sh @@ -1,5 +1,4 @@ #!/usr/bin/env bash - unset TEST_CASE bash ./docker/docker-compose-check.sh @@ -51,7 +50,7 @@ then fi echo "Running docker compose unit tests with test case $TEST_CASE ..." -# Compose V2 integrates compose functions into the Docker platform, continuing to support -# most of the previous docker-compose features and flags. You can run Compose V2 by +# Compose V2 integrates compose functions into the Docker platform, continuing to support +# most of the previous docker-compose features and flags. You can run Compose V2 by # replacing the hyphen (-) with a space, using docker compose, instead of docker-compose. docker compose exec uwsgi bash -c "python manage.py test $TEST_CASE -v2 --keepdb" diff --git a/unittests/dojo_test_case.py b/unittests/dojo_test_case.py index 031984b6ede..3f1061d6002 100644 --- a/unittests/dojo_test_case.py +++ b/unittests/dojo_test_case.py @@ -65,6 +65,26 @@ def wrapper(*args, **kwargs): return decorator +def with_system_setting(field, value): + """Decorator to temporarily set a value in System Settings.""" + + def decorator(test_func): + @wraps(test_func) + def wrapper(*args, **kwargs): + old_value = getattr(System_Settings.objects.get(), field) + # Set the flag to the specified value + System_Settings.objects.update(**{field: value}) + try: + return test_func(*args, **kwargs) + finally: + # Reset the flag to its original state after the test + System_Settings.objects.update(**{field: old_value}) + + return wrapper + + return decorator + + class DojoTestUtilsMixin: def get_test_admin(self, *args, **kwargs): @@ -386,6 +406,10 @@ def get_jira_issue_status(self, finding_id): finding = Finding.objects.get(id=finding_id) return jira_helper.get_jira_status(finding) + def get_jira_issue_priority(self, finding_id): + finding = Finding.objects.get(id=finding_id) + return jira_helper.get_jira_priortiy(finding) + def get_jira_issue_updated(self, finding_id): finding = Finding.objects.get(id=finding_id) return jira_helper.get_jira_updated(finding) diff --git a/unittests/scans/npm_audit/many_vuln_with_groups.json b/unittests/scans/npm_audit/many_vuln_with_groups.json index 306266d4b62..6e9d0ce3b3d 100644 --- a/unittests/scans/npm_audit/many_vuln_with_groups.json +++ b/unittests/scans/npm_audit/many_vuln_with_groups.json @@ -188,7 +188,7 @@ "recommendation": "Update to version 0.6.1 or later.", "references": "", "access": "public", - "severity": "high", + "severity": "moderate", "cwe": "CWE-400", "metadata": { "module_type": "Network.Library", @@ -317,7 +317,7 @@ "recommendation": "Update to version 0.5.2 or later.", "references": "", "access": "public", - "severity": "high", + "severity": "moderate", "cwe": "CWE-400", "metadata": { "module_type": "Multi.Library", @@ -359,7 +359,7 @@ "recommendation": "* Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )", "references": "[Node Postgres: Code Execution Vulnerability Announcement](https://node-postgres.com/announcements#2017-08-12-code-execution-vulnerability)", "access": "public", - "severity": "high", + "severity": "moderate", "cwe": "CWE-94", "metadata": { "module_type": "Network.Library", diff --git a/unittests/scans/npm_audit/many_vuln_with_groups_different_titles.json b/unittests/scans/npm_audit/many_vuln_with_groups_different_titles.json new file mode 100644 index 00000000000..ac781d74f04 --- /dev/null +++ b/unittests/scans/npm_audit/many_vuln_with_groups_different_titles.json @@ -0,0 +1,387 @@ +{ + "actions": [ + { + "action": "install", + "module": "express", + "target": "4.16.3", + "isMajor": false, + "resolves": [ + { + "id": 534, + "path": "express>debug", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 534, + "path": "express>finalhandler>debug", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 534, + "path": "express>send>debug", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 534, + "path": "express>serve-static>send>debug", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 106, + "path": "express>accepts>negotiator", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 526, + "path": "express>fresh", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 526, + "path": "express>send>fresh", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 526, + "path": "express>serve-static>send>fresh", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 535, + "path": "express>send>mime", + "dev": false, + "optional": false, + "bundled": false + }, + { + "id": 535, + "path": "express>serve-static>send>mime", + "dev": false, + "optional": false, + "bundled": false + } + ] + }, + { + "action": "install", + "module": "serve-favicon", + "target": "2.5.0", + "isMajor": false, + "resolves": [ + { + "id": 526, + "path": "serve-favicon>fresh", + "dev": false, + "optional": false, + "bundled": false + } + ] + }, + { + "action": "install", + "module": "pg-promise", + "target": "8.4.5", + "isMajor": true, + "resolves": [ + { + "id": 521, + "path": "pg-promise>pg", + "dev": false, + "optional": false, + "bundled": false + } + ] + }, + { + "action": "install", + "module": "body-parser", + "target": "1.18.3", + "isMajor": false, + "resolves": [ + { + "id": 534, + "path": "body-parser>debug", + "dev": false, + "optional": false, + "bundled": false + } + ] + }, + { + "action": "install", + "module": "debug", + "target": "3.1.0", + "isMajor": true, + "resolves": [ + { + "id": 534, + "path": "debug", + "dev": false, + "optional": false, + "bundled": false + } + ] + }, + { + "action": "install", + "module": "morgan", + "target": "1.9.0", + "isMajor": false, + "resolves": [ + { + "id": 534, + "path": "morgan>debug", + "dev": false, + "optional": false, + "bundled": false + } + ] + } + ], + "advisories": { + "106": { + "findings": [ + { + "version": "0.5.3", + "paths": [ + "express>accepts>negotiator" + ], + "dev": false, + "optional": false, + "bundled": false + } + ], + "id": 106, + "created": "2016-05-04T16:34:12.000Z", + "updated": "2018-04-17T12:58:40.142Z", + "deleted": null, + "title": "Regular Expression Denial of Service Different Title", + "found_by": { + "name": "Adam Baldwin" + }, + "reported_by": { + "name": "Adam Baldwin" + }, + "module_name": "negotiator", + "cves": [ + "CVE-2016-10539" + ], + "vulnerable_versions": "<= 0.6.0", + "patched_versions": ">= 0.6.1", + "overview": "Affected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n", + "recommendation": "Update to version 0.6.1 or later.", + "references": "", + "access": "public", + "severity": "moderate", + "cwe": "CWE-400", + "metadata": { + "module_type": "Network.Library", + "exploitability": 6, + "affected_components": "Internal::Code::Function::acceptsLanguages()" + }, + "url": "https://nodesecurity.io/advisories/106" + }, + "107": { + "findings": [ + { + "version": "0.5.3", + "paths": [ + "express>accepts>negotiator" + ], + "dev": false, + "optional": false, + "bundled": false + } + ], + "id": 107, + "created": "2016-05-04T16:34:12.000Z", + "updated": "2018-04-17T12:58:40.142Z", + "deleted": null, + "title": "2222Regular Expression Denial of Service Different Title", + "found_by": { + "name": "Adam Baldwin" + }, + "reported_by": { + "name": "Adam Baldwin" + }, + "module_name": "negotiator", + "cves": [ + "CVE-2019-10321" + ], + "vulnerable_versions": "<= 0.6.0", + "patched_versions": ">= 0.6.1", + "overview": "Affected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header value.\n\n", + "recommendation": "Update to version 0.6.1 or later.", + "references": "", + "access": "public", + "severity": "high", + "cwe": "CWE-300", + "metadata": { + "module_type": "Network.Library", + "exploitability": 6, + "affected_components": "Internal::Code::Function::acceptsLanguages()" + }, + "url": "https://nodesecurity.io/advisories/107" + }, + "521": { + "findings": [ + { + "version": "5.1.0", + "paths": [ + "pg-promise>pg" + ], + "dev": false, + "optional": false, + "bundled": false + } + ], + "id": 521, + "created": "2017-08-13T04:26:17.960Z", + "updated": "2018-04-08T22:40:41.503Z", + "deleted": null, + "title": "Remote Code Execution Different Title", + "found_by": { + "name": "Sehrope Sarkuni" + }, + "reported_by": { + "name": "Sehrope Sarkuni" + }, + "module_name": "pg", + "cves": [ + "CVE-2017-16082" + ], + "vulnerable_versions": "< 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2", + "patched_versions": ">= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2", + "overview": "Affected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. The application executes unsafe, user-supplied sql which contains malicious column names.\n2. The application connects to an untrusted database and executes a query returning results which contain a malicious column name.\n\n## Proof of Concept\n```\nconst { Client } = require('pg')\nconst client = new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\'/*\", 2 AS \"\\\\'*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```", + "recommendation": "* Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )", + "references": "[Node Postgres: Code Execution Vulnerability Announcement](https://node-postgres.com/announcements#2017-08-12-code-execution-vulnerability)", + "access": "public", + "severity": "high", + "cwe": "CWE-94", + "metadata": { + "module_type": "Network.Library", + "exploitability": 5, + "affected_components": "" + }, + "url": "https://nodesecurity.io/advisories/521" + }, + "526": { + "findings": [ + { + "version": "0.3.0", + "paths": [ + "express>fresh", + "express>send>fresh", + "express>serve-static>send>fresh", + "serve-favicon>fresh" + ], + "dev": false, + "optional": false, + "bundled": false + } + ], + "id": 526, + "created": "2017-09-08T20:23:54.164Z", + "updated": "2018-04-09T00:15:21.807Z", + "deleted": null, + "title": "Regular Expression Denial of Service Different Title", + "found_by": { + "name": "Cristian-Alexandru Staicu" + }, + "reported_by": { + "name": "Cristian-Alexandru Staicu" + }, + "module_name": "fresh", + "cves": [ + "CVE-2017-16119" + ], + "vulnerable_versions": "< 0.5.2", + "patched_versions": ">= 0.5.2", + "overview": "Affected versions of `fresh` are vulnerable to regular expression denial of service when parsing specially crafted user input.", + "recommendation": "Update to version 0.5.2 or later.", + "references": "", + "access": "public", + "severity": "moderate", + "cwe": "CWE-400", + "metadata": { + "module_type": "Multi.Library", + "exploitability": 5, + "affected_components": "" + }, + "url": "https://nodesecurity.io/advisories/526" + }, + "522": { + "findings": [ + { + "version": "5.1.0", + "paths": [ + "pg-promise>pg" + ], + "dev": false, + "optional": false, + "bundled": false + } + ], + "id": 522, + "created": "2017-08-13T04:26:17.960Z", + "updated": "2018-04-08T22:40:41.503Z", + "deleted": null, + "title": "2222Remote Code Execution Different Title", + "found_by": { + "name": "Sehrope Sarkuni" + }, + "reported_by": { + "name": "Sehrope Sarkuni" + }, + "module_name": "pg", + "cves": [ + "CVE-2019-16082" + ], + "vulnerable_versions": "< 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2", + "patched_versions": ">= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2", + "overview": "Affected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. The application executes unsafe, user-supplied sql which contains malicious column names.\n2. The application connects to an untrusted database and executes a query returning results which contain a malicious column name.\n\n## Proof of Concept\n```\nconst { Client } = require('pg')\nconst client = new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\'/*\", 2 AS \"\\\\'*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```", + "recommendation": "* Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )", + "references": "[Node Postgres: Code Execution Vulnerability Announcement](https://node-postgres.com/announcements#2017-08-12-code-execution-vulnerability)", + "access": "public", + "severity": "moderate", + "cwe": "CWE-94", + "metadata": { + "module_type": "Network.Library", + "exploitability": 5, + "affected_components": "" + }, + "url": "https://nodesecurity.io/advisories/522" + } + }, + "muted": [], + "metadata": { + "vulnerabilities": { + "info": 0, + "low": 7, + "moderate": 2, + "high": 6, + "critical": 0 + }, + "dependencies": 159, + "devDependencies": 0, + "optionalDependencies": 0, + "totalDependencies": 159 + }, + "runId": "849ed1f1-5dd8-4fda-872a-05cd46957c82" +} \ No newline at end of file diff --git a/unittests/test_jira_import_and_pushing_api.py b/unittests/test_jira_import_and_pushing_api.py index cb22298e7a9..57017442dd1 100644 --- a/unittests/test_jira_import_and_pushing_api.py +++ b/unittests/test_jira_import_and_pushing_api.py @@ -16,6 +16,7 @@ get_unit_tests_path, get_unit_tests_scans_path, toggle_system_setting_boolean, + with_system_setting, ) logger = logging.getLogger(__name__) @@ -69,11 +70,14 @@ def setUp(self): self.testuser = User.objects.get(username="admin") self.testuser.usercontactinfo.block_execution = True self.testuser.usercontactinfo.save() + token = Token.objects.get(user=self.testuser) self.client = APIClient() self.client.credentials(HTTP_AUTHORIZATION="Token " + token.key) self.zap_sample5_filename = get_unit_tests_scans_path("zap") / "5_zap_sample_one.xml" self.npm_groups_sample_filename = get_unit_tests_scans_path("npm_audit") / "many_vuln_with_groups.json" + self.npm_groups_sample_filename2 = get_unit_tests_scans_path("npm_audit") / "many_vuln_with_groups_different_titles.json" + self.clair_few_findings = get_unit_tests_scans_path("clair") / "clair_few_vuln.json" self.client.force_login(self.get_test_admin()) def test_import_no_push_to_jira(self): @@ -106,6 +110,29 @@ def test_import_with_groups_push_to_jira(self): # by asserting full cassette is played we know issues have been updated in JIRA self.assert_cassette_played() + @with_system_setting("jira_minimum_severity", "Critical") + def test_import_with_groups_push_to_jira_minimum_critical(self): + # No Critical findings in report, so expect no groups to be pushed + import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type="NPM Audit Scan", group_by="component_name+component_version", push_to_jira=True, verified=True) + test_id = import0["test"] + # all findings should be in a group, so no JIRA issues for individual findings + self.assert_jira_issue_count_in_test(test_id, 0) + self.assert_jira_group_issue_count_in_test(test_id, 0) + # by asserting full cassette is played we know issues have been updated in JIRA + self.assert_cassette_played() + + @with_system_setting("jira_minimum_severity", "High") + def test_import_with_groups_push_to_jira_minimum_high(self): + # 7 findings, 5 unique component_name+component_version + import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type="NPM Audit Scan", group_by="component_name+component_version", push_to_jira=True, verified=True) + test_id = import0["test"] + # all findings should be in a group, so no JIRA issues for individual findings + self.assert_jira_issue_count_in_test(test_id, 0) + # fresh library has only medium findings, so only 2 instead of 3 groups expected + self.assert_jira_group_issue_count_in_test(test_id, 2) + # by asserting full cassette is played we know issues have been updated in JIRA + self.assert_cassette_played() + def test_import_with_push_to_jira_epic_as_issue_type(self): jira_instance = JIRA_Instance.objects.get(id=2) # we choose issue type Epic and test if it can be created successfully. @@ -382,43 +409,61 @@ def test_create_edit_update_finding(self): finding_id = findings["results"][0]["id"] - # logger.debug('finding_id: %s', finding_id) - # use existing finding as template, but change some fields to make it not a duplicate finding_details = self.get_finding_api(finding_id) del finding_details["id"] del finding_details["push_to_jira"] - finding_details["title"] = "jira api test 1" - self.post_new_finding_api(finding_details) - self.assert_jira_issue_count_in_test(test_id, 0) - self.assert_jira_group_issue_count_in_test(test_id, 0) - - finding_details["title"] = "jira api test 2" - self.post_new_finding_api(finding_details, push_to_jira=True) - self.assert_jira_issue_count_in_test(test_id, 1) - self.assert_jira_group_issue_count_in_test(test_id, 0) - - finding_details["title"] = "jira api test 3" - new_finding_json = self.post_new_finding_api(finding_details) - self.assert_jira_issue_count_in_test(test_id, 1) - self.assert_jira_group_issue_count_in_test(test_id, 0) - - self.patch_finding_api(new_finding_json["id"], {"push_to_jira": False}) - self.assert_jira_issue_count_in_test(test_id, 1) - self.assert_jira_group_issue_count_in_test(test_id, 0) - self.patch_finding_api(new_finding_json["id"], {"push_to_jira": True}) - self.assert_jira_issue_count_in_test(test_id, 2) - self.assert_jira_group_issue_count_in_test(test_id, 0) - pre_jira_status = self.get_jira_issue_status(new_finding_json["id"]) - - self.patch_finding_api(new_finding_json["id"], {"push_to_jira": True, - "is_mitigated": True, - "active": False}) - self.assert_jira_issue_count_in_test(test_id, 2) - self.assert_jira_group_issue_count_in_test(test_id, 0) - post_jira_status = self.get_jira_issue_status(new_finding_json["id"]) - self.assertNotEqual(pre_jira_status, post_jira_status) + with self.subTest("New finding, no push to jira should not create a new issue"): + finding_details["title"] = "jira api test 1" + self.post_new_finding_api(finding_details) + self.assert_jira_issue_count_in_test(test_id, 0) + self.assert_jira_group_issue_count_in_test(test_id, 0) + + with self.subTest("New finding, push to jira should create a new issue"): + finding_details["title"] = "jira api test 2" + self.post_new_finding_api(finding_details, push_to_jira=True) + self.assert_jira_issue_count_in_test(test_id, 1) + self.assert_jira_group_issue_count_in_test(test_id, 0) + + with self.subTest("New finding, no push to jira should not create a new issue"): + finding_details["title"] = "jira api test 3" + new_finding_json = self.post_new_finding_api(finding_details) + self.assert_jira_issue_count_in_test(test_id, 1) + self.assert_jira_group_issue_count_in_test(test_id, 0) + + with self.subTest("Updating this new finding without push to jira should not create a new issue"): + self.patch_finding_api(new_finding_json["id"], {"push_to_jira": False}) + self.assert_jira_issue_count_in_test(test_id, 1) + self.assert_jira_group_issue_count_in_test(test_id, 0) + + with self.subTest("Updating this new finding with push to jira should create a new issue"): + self.patch_finding_api(new_finding_json["id"], {"push_to_jira": True}) + self.assert_jira_issue_count_in_test(test_id, 2) + self.assert_jira_group_issue_count_in_test(test_id, 0) + + # Only Finding Groups will have their priority synced on updates. + # For Findings we resepect any priority change made in JIRA + # https://github.com/DefectDojo/django-DefectDojo/pull/9571 and https://github.com/DefectDojo/django-DefectDojo/pull/12475 + with self.subTest("Changing priority of a finding should NOT be reflected in JIRA"): + pre_jira_priority = self.get_jira_issue_priority(new_finding_json["id"]) + self.patch_finding_api(new_finding_json["id"], {"severity": "Medium"}) + self.assert_jira_issue_count_in_test(test_id, 2) + self.assert_jira_group_issue_count_in_test(test_id, 0) + post_jira_priority = self.get_jira_issue_priority(new_finding_json["id"]) + self.assertEqual(pre_jira_priority, post_jira_priority) + + with self.subTest("Mitigating this finding should result in a status change in JIRA"): + pre_jira_status = self.get_jira_issue_status(new_finding_json["id"]) + self.assertEqual("Backlog", pre_jira_status.name) + + self.patch_finding_api(new_finding_json["id"], {"push_to_jira": True, + "is_mitigated": True, + "active": False}) + self.assert_jira_issue_count_in_test(test_id, 2) + self.assert_jira_group_issue_count_in_test(test_id, 0) + post_jira_status = self.get_jira_issue_status(new_finding_json["id"]) + self.assertEqual("Done", post_jira_status.name) finding_details["title"] = "jira api test 4" new_finding_json = self.post_new_finding_api(finding_details) @@ -449,80 +494,127 @@ def test_groups_create_edit_update_finding(self): self.assertEqual(len(findings["results"]), 2) - finding_details = self.get_finding_api(findings["results"][0]["id"]) - finding_group_id = findings["results"][0]["finding_groups"][0]["id"] + with self.subTest("Pushing a finding with in a group should result in the group issue being pushed"): + finding_details = self.get_finding_api(findings["results"][0]["id"]) + finding_group_id = findings["results"][0]["finding_groups"][0]["id"] + + del finding_details["id"] + del finding_details["push_to_jira"] + + # push a finding should result in pushing the group instead + self.patch_finding_api(findings["results"][0]["id"], {"push_to_jira": True, "verified": True}) + + self.assert_jira_issue_count_in_test(test_id, 0) + self.assert_jira_group_issue_count_in_test(test_id, 1) + + post_jira_status = self.get_jira_issue_status(findings["results"][0]["id"]) + self.assertEqual("Backlog", post_jira_status.name) + + with self.subTest("Pushing a different finding with in a group should result in the group issue being pushed and not a new issue being created"): + # push second finding from the same group should not result in a new jira issue + self.patch_finding_api(findings["results"][1]["id"], {"push_to_jira": True}) + self.assert_jira_issue_count_in_test(test_id, 0) + self.assert_jira_group_issue_count_in_test(test_id, 1) - del finding_details["id"] - del finding_details["push_to_jira"] + post_jira_status = self.get_jira_issue_status(findings["results"][0]["id"]) + self.assertEqual("Backlog", post_jira_status.name) - # push a finding should result in pushing the group instead - self.patch_finding_api(findings["results"][0]["id"], {"push_to_jira": True}) + with self.subTest("Changing severity of findings in the group to Medium should result in the group issue priority being updated"): + pre_jira_priority = self.get_jira_issue_priority(findings["results"][0]["id"]) + self.assertEqual("High", pre_jira_priority.name) - self.assert_jira_issue_count_in_test(test_id, 0) - self.assert_jira_group_issue_count_in_test(test_id, 1) - - # push second finding from the same group should not result in a new jira issue + # change only 1 to medium, the other one remains high + self.patch_finding_api(findings["results"][0]["id"], {"severity": "Medium", "push_to_jira": True}) + post_jira_priority = self.get_jira_issue_priority(findings["results"][0]["id"]) + self.assertEqual("High", post_jira_priority.name) - self.patch_finding_api(findings["results"][1]["id"], {"push_to_jira": True}) - self.assert_jira_issue_count_in_test(test_id, 0) - self.assert_jira_group_issue_count_in_test(test_id, 1) + # both are Medium now + self.patch_finding_api(findings["results"][1]["id"], {"severity": "Medium", "push_to_jira": True}) + post_jira_priority = self.get_jira_issue_priority(findings["results"][1]["id"]) + self.assertEqual("Medium", post_jira_priority.name) - pre_jira_status = self.get_jira_issue_status(findings["results"][0]["id"]) - # close both findings - self.patch_finding_api(findings["results"][0]["id"], {"active": False, "is_mitigated": True, "push_to_jira": True}) - self.patch_finding_api(findings["results"][1]["id"], {"active": False, "is_mitigated": True, "push_to_jira": True}) + # revert to not mess up the following tests + self.patch_finding_api(findings["results"][0]["id"], {"severity": "High", "push_to_jira": True}) + post_jira_priority = self.get_jira_issue_priority(findings["results"][1]["id"]) + self.assertEqual("High", post_jira_priority.name) - post_jira_status = self.get_jira_issue_status(findings["results"][0]["id"]) - # both findings inactive -> should update status in JIRA - self.assertNotEqual(pre_jira_status, post_jira_status) + with self.subTest("Closing all findings in the group should result in the group issue being closed and priority being updated"): + pre_jira_status = self.get_jira_issue_status(findings["results"][0]["id"]) + pre_jira_priority = self.get_jira_issue_priority(findings["results"][0]["id"]) + self.assertEqual("High", pre_jira_priority.name) + self.assertEqual("Backlog", pre_jira_status.name) - # new finding, not pushed to JIRA. no new issue, still 1 group issue + # close both findings + self.patch_finding_api(findings["results"][0]["id"], {"active": False, "is_mitigated": True, "push_to_jira": True}) + self.patch_finding_api(findings["results"][1]["id"], {"active": False, "is_mitigated": True, "push_to_jira": True}) - # use existing finding as template, but change some fields to make it not a duplicate - self.get_finding_api(findings["results"][0]["id"]) + post_jira_status = self.get_jira_issue_status(findings["results"][0]["id"]) + post_jira_priority = self.get_jira_issue_priority(findings["results"][0]["id"]) + self.assertEqual("Lowest", post_jira_priority.name) + self.assertEqual("Done", post_jira_status.name) - finding_details["title"] = "jira api test 1" - self.post_new_finding_api(finding_details) - self.assert_jira_issue_count_in_test(test_id, 0) - self.assert_jira_group_issue_count_in_test(test_id, 1) + with self.subTest("Updating group findings to have no active findings above threshold should result in the group issue being set to the lowest priority and remain inactive"): + # reopen 1 finding, but make it below the threshold + self.patch_finding_api(findings["results"][0]["id"], {"active": True, "is_mitigated": False, "severity": "Info", "push_to_jira": True}) - # another new finding, pushed to JIRA - # same component_name, but not yet in a group, so finding pushed to JIRA + post_jira_status = self.get_jira_issue_status(findings["results"][0]["id"]) + post_jira_priority = self.get_jira_issue_priority(findings["results"][0]["id"]) + self.assertEqual("Lowest", post_jira_priority.name) + self.assertEqual("Done", post_jira_status.name) - finding_details["title"] = "jira api test 2" - new_finding_json = self.post_new_finding_api(finding_details, push_to_jira=True) - self.assert_jira_issue_count_in_test(test_id, 1) - self.assert_jira_group_issue_count_in_test(test_id, 1) + # reopen the other finding + self.patch_finding_api(findings["results"][1]["id"], {"active": True, "is_mitigated": False, "severity": "Medium", "push_to_jira": True}) + post_jira_status = self.get_jira_issue_status(findings["results"][1]["id"]) + post_jira_priority = self.get_jira_issue_priority(findings["results"][1]["id"]) + self.assertEqual("Medium", post_jira_priority.name) + self.assertEqual("Backlog", post_jira_status.name) - # no way to set finding group easily via API yet - Finding_Group.objects.get(id=finding_group_id).findings.add(Finding.objects.get(id=new_finding_json["id"])) + with self.subTest("Opening a finding without push_to_jira should not result in a new issue being created"): + # new finding, not pushed to JIRA + # use existing finding as template, but change some fields to make it not a duplicate + self.get_finding_api(findings["results"][0]["id"]) - self.patch_finding_api(new_finding_json["id"], {"push_to_jira": True}) + finding_details["title"] = "jira api test 1" + self.post_new_finding_api(finding_details) + self.assert_jira_issue_count_in_test(test_id, 0) + self.assert_jira_group_issue_count_in_test(test_id, 1) - self.assert_jira_issue_count_in_test(test_id, 1) - self.assert_jira_group_issue_count_in_test(test_id, 1) + with self.subTest("Opening a finding in the same group without push_to_jira should not result in a new issue being created"): + # another new finding, pushed to JIRA + # same component_name, but not yet in a group, so finding pushed to JIRA - # another new finding, pushed to JIRA, different component_name / different group + finding_details["title"] = "jira api test 2" + new_finding_json = self.post_new_finding_api(finding_details, push_to_jira=True) + self.assert_jira_issue_count_in_test(test_id, 1) + self.assert_jira_group_issue_count_in_test(test_id, 1) - finding_details["title"] = "jira api test 3" - finding_details["component_name"] = "pg" - # post without pushing to JIRA - new_finding_json = self.post_new_finding_api(finding_details) - self.assert_jira_issue_count_in_test(test_id, 1) - self.assert_jira_group_issue_count_in_test(test_id, 1) + # no way to set finding group easily via API yet + Finding_Group.objects.get(id=finding_group_id).findings.add(Finding.objects.get(id=new_finding_json["id"])) - findings = self.get_test_findings_api(test_id, component_name="pg") + self.patch_finding_api(new_finding_json["id"], {"push_to_jira": True}) - finding_group_id = findings["results"][0]["finding_groups"][0]["id"] + self.assert_jira_issue_count_in_test(test_id, 1) + self.assert_jira_group_issue_count_in_test(test_id, 1) - # no way to set finding group easily via API yet - Finding_Group.objects.get(id=finding_group_id).findings.add(Finding.objects.get(id=new_finding_json["id"])) + with self.subTest("Opening a finding with different fields resulting in a diffrent group should result in a new group issue being created"): + # another new finding, pushed to JIRA, different component_name / different group + finding_details["title"] = "jira api test 3" + finding_details["component_name"] = "pg" + new_finding_json = self.post_new_finding_api(finding_details) + self.assert_jira_issue_count_in_test(test_id, 1) + self.assert_jira_group_issue_count_in_test(test_id, 1) - # now pushing to JIRA should result a new group issue - self.patch_finding_api(new_finding_json["id"], {"push_to_jira": True}) + findings = self.get_test_findings_api(test_id, component_name="pg") - self.assert_jira_issue_count_in_test(test_id, 1) - self.assert_jira_group_issue_count_in_test(test_id, 2) + finding_group_id = findings["results"][0]["finding_groups"][0]["id"] + + # no way to set finding group easily via API yet + Finding_Group.objects.get(id=finding_group_id).findings.add(Finding.objects.get(id=new_finding_json["id"])) + + self.patch_finding_api(new_finding_json["id"], {"push_to_jira": True}) + + self.assert_jira_issue_count_in_test(test_id, 1) + self.assert_jira_group_issue_count_in_test(test_id, 2) self.assert_cassette_played() @@ -626,36 +718,58 @@ def test_import_with_push_to_jira_update_tags(self): @toggle_system_setting_boolean("enforce_verified_status", True) # noqa: FBT003 @toggle_system_setting_boolean("enforce_verified_status_jira", True) # noqa: FBT003 + @with_system_setting("jira_minimum_severity", "Low") def test_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_true(self): import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, verified=False) test_id = import0["test"] # This scan file has two active findings, so we should not push either of them self.assert_jira_issue_count_in_test(test_id, 0) + + # Verfied findings should be pushed, different scan to avoid dedupe interference + import0 = self.import_scan_with_params(self.clair_few_findings, scan_type="Clair Scan", push_to_jira=True, verified=True) + test_id = import0["test"] + self.assert_jira_issue_count_in_test(test_id, 4) + # by asserting full cassette is played we know all calls to JIRA have been made as expected self.assert_cassette_played() @toggle_system_setting_boolean("enforce_verified_status", True) # noqa: FBT003 @toggle_system_setting_boolean("enforce_verified_status_jira", False) # noqa: FBT003 + @with_system_setting("jira_minimum_severity", "Low") def test_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_false(self): import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, verified=False) test_id = import0["test"] # This scan file has two active findings, so we should not push either of them self.assert_jira_issue_count_in_test(test_id, 0) + + # Verfied findings should be pushed, different scan to avoid dedupe interference + import0 = self.import_scan_with_params(self.clair_few_findings, scan_type="Clair Scan", push_to_jira=True, verified=True) + test_id = import0["test"] + self.assert_jira_issue_count_in_test(test_id, 4) # by asserting full cassette is played we know all calls to JIRA have been made as expected + self.assert_cassette_played() @toggle_system_setting_boolean("enforce_verified_status", False) # noqa: FBT003 @toggle_system_setting_boolean("enforce_verified_status_jira", True) # noqa: FBT003 + @with_system_setting("jira_minimum_severity", "Low") def test_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_true(self): import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, verified=False) test_id = import0["test"] # This scan file has two active findings, so we should not push either of them self.assert_jira_issue_count_in_test(test_id, 0) + + # Verfied findings should be pushed, different scan to avoid dedupe interference + import0 = self.import_scan_with_params(self.clair_few_findings, scan_type="Clair Scan", push_to_jira=True, verified=True) + test_id = import0["test"] + self.assert_jira_issue_count_in_test(test_id, 4) + # by asserting full cassette is played we know all calls to JIRA have been made as expected self.assert_cassette_played() @toggle_system_setting_boolean("enforce_verified_status", False) # noqa: FBT003 @toggle_system_setting_boolean("enforce_verified_status_jira", False) # noqa: FBT003 + @with_system_setting("jira_minimum_severity", "Low") def test_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_false(self): import0 = self.import_scan_with_params(self.zap_sample5_filename, push_to_jira=True, verified=False) test_id = import0["test"] @@ -664,6 +778,61 @@ def test_import_with_push_to_jira_not_verified_enforced_verified_globally_false_ # by asserting full cassette is played we know all calls to JIRA have been made as expected self.assert_cassette_played() + @toggle_system_setting_boolean("enforce_verified_status", True) # noqa: FBT003 + @toggle_system_setting_boolean("enforce_verified_status_jira", True) # noqa: FBT003 + def test_groups_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_true(self): + import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type="NPM Audit Scan", group_by="component_name+component_version", push_to_jira=True, verified=False) + test_id = import0["test"] + # No verified findings, means no groups pushed to JIRA + self.assert_jira_group_issue_count_in_test(test_id, 0) + + import0 = self.import_scan_with_params(self.npm_groups_sample_filename2, scan_type="NPM Audit Scan", group_by="component_name+component_version", push_to_jira=True, verified=True) + test_id = import0["test"] + self.assert_jira_group_issue_count_in_test(test_id, 3) + + # by asserting full cassette is played we know all calls to JIRA have been made as expected + self.assert_cassette_played() + + @toggle_system_setting_boolean("enforce_verified_status", True) # noqa: FBT003 + @toggle_system_setting_boolean("enforce_verified_status_jira", False) # noqa: FBT003 + def test_groups_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_false(self): + import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type="NPM Audit Scan", group_by="component_name+component_version", push_to_jira=True, verified=False) + test_id = import0["test"] + # No verified findings, means no groups pushed to JIRA + self.assert_jira_group_issue_count_in_test(test_id, 0) + + import0 = self.import_scan_with_params(self.npm_groups_sample_filename2, scan_type="NPM Audit Scan", group_by="component_name+component_version", push_to_jira=True, verified=True) + test_id = import0["test"] + self.assert_jira_group_issue_count_in_test(test_id, 3) + # by asserting full cassette is played we know all calls to JIRA have been made as expected + + self.assert_cassette_played() + + @toggle_system_setting_boolean("enforce_verified_status", False) # noqa: FBT003 + @toggle_system_setting_boolean("enforce_verified_status_jira", True) # noqa: FBT003 + def test_groups_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_true(self): + import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type="NPM Audit Scan", group_by="component_name+component_version", push_to_jira=True, verified=False) + test_id = import0["test"] + # No verified findings, means no groups pushed to JIRA + self.assert_jira_group_issue_count_in_test(test_id, 0) + + import0 = self.import_scan_with_params(self.npm_groups_sample_filename2, scan_type="NPM Audit Scan", group_by="component_name+component_version", push_to_jira=True, verified=True) + test_id = import0["test"] + self.assert_jira_group_issue_count_in_test(test_id, 3) + + # by asserting full cassette is played we know all calls to JIRA have been made as expected + self.assert_cassette_played() + + @toggle_system_setting_boolean("enforce_verified_status", False) # noqa: FBT003 + @toggle_system_setting_boolean("enforce_verified_status_jira", False) # noqa: FBT003 + @with_system_setting("jira_minimum_severity", "Low") + def test_groups_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_false(self): + import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type="NPM Audit Scan", group_by="component_name+component_version", push_to_jira=True, verified=True) + test_id = import0["test"] + self.assert_jira_group_issue_count_in_test(test_id, 3) + # by asserting full cassette is played we know all calls to JIRA have been made as expected + self.assert_cassette_played() + def test_engagement_epic_creation(self): eng = self.get_engagement(3) # Set epic_mapping to true diff --git a/unittests/vcr/jira/JIRAConfigEngagementEpicTest.test_add_engagement_with_jira_project_and_epic_mapping.yaml b/unittests/vcr/jira/JIRAConfigEngagementEpicTest.test_add_engagement_with_jira_project_and_epic_mapping.yaml index 6ab33f2393d..16ec8f023de 100644 --- a/unittests/vcr/jira/JIRAConfigEngagementEpicTest.test_add_engagement_with_jira_project_and_epic_mapping.yaml +++ b/unittests/vcr/jira/JIRAConfigEngagementEpicTest.test_add_engagement_with_jira_project_and_epic_mapping.yaml @@ -22,7 +22,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - engagement_added X-DefectDojo-Instance: @@ -36,10 +36,10 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"702\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"engagement_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \ \"http://localhost:8080\"\n ]\n },\n \"method\": \"POST\",\n \"origin\": - \"172.18.0.9:34022\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n + \"10.250.1.6:43268\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n \ \"data\": \"{\\\"description\\\": \\\"Event engagement_added has occurred.\\\", \\\"title\\\": \\\"Engagement created for \\\\\\\"Python How-to\\\\\\\": new engagement\\\", \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/7\\\", @@ -70,7 +70,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:23:42 GMT + - Sat, 24 May 2025 11:12:34 GMT Transfer-Encoding: - chunked status: @@ -95,12 +95,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:23:42.478+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T13:12:37.200+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 6af19709-e928-4ec7-9500-a6bcf64a94d4 + - 0dd7e40b-266b-4eb5-b222-55a277300b9b Atl-Traceid: - - 6af19709e9284ec79500a6bcf64a94d4 + - 0dd7e40b266b4eb5b22255a277300b9b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -110,7 +110,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:42 GMT + - Sat, 24 May 2025 11:12:37 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -120,7 +120,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=399,atl-edge;dur=316,atl-edge-internal;dur=14,atl-edge-upstream;dur=302,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="Kd0c8DMTzurmrrMBZ5YAL7WlVVSbQZZxOEdT5hMhO2Bk2XdYK3ItRA==",cdn-downstream-fbl;dur=403 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=7,cdn-upstream-fbl;dur=261,atl-edge;dur=231,atl-edge-internal;dur=26,atl-edge-upstream;dur=206,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="eBRgWybWmybUa6JZ7xRsFtGlMuJxmykwc92BvPEJU6RPlL_rIbA_Tg==",cdn-downstream-fbl;dur=264 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -130,15 +130,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5b8f26c7595104a396342213c43d8b98.cloudfront.net (CloudFront) + - 1.1 b0062bb33b961b53be87d688f2bdd9f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Kd0c8DMTzurmrrMBZ5YAL7WlVVSbQZZxOEdT5hMhO2Bk2XdYK3ItRA== + - eBRgWybWmybUa6JZ7xRsFtGlMuJxmykwc92BvPEJU6RPlL_rIbA_Tg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 8ec8683265d84b3dc1da60445ee79828 + - 794a3271f1161036f83c1302143339e2 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -176,9 +176,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 0f03dd41-a463-46e5-bb94-ab4949b45e85 + - 87d1a762-4a82-4550-8823-087b2e80c0cb Atl-Traceid: - - 0f03dd41a46346e5bb94ab4949b45e85 + - 87d1a7624a8245508823087b2e80c0cb Cache-Control: - no-cache, no-store, no-transform Connection: @@ -188,7 +188,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:43 GMT + - Sat, 24 May 2025 11:12:37 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -198,7 +198,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="M_3oZdIgh3rGOfLfMy6TpK5Y-oP1XKWWQUOQwHOiOxdI0X8mxQJuPw==",cdn-downstream-fbl;dur=447,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=444,atl-edge;dur=355,atl-edge-internal;dur=17,atl-edge-upstream;dur=338,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=353,atl-edge;dur=326,atl-edge-internal;dur=16,atl-edge-upstream;dur=310,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="4ubtVou5-YE9OCBal-MwZZotMPEZkK2AnOvj7klM7ymZJKDPi_QHkw==",cdn-downstream-fbl;dur=357 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -208,18 +208,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 36e36df999d8d13e1e708941d33a5866.cloudfront.net (CloudFront) + - 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - M_3oZdIgh3rGOfLfMy6TpK5Y-oP1XKWWQUOQwHOiOxdI0X8mxQJuPw== + - 4ubtVou5-YE9OCBal-MwZZotMPEZkK2AnOvj7klM7ymZJKDPi_QHkw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - c98a8df1e27f386dd155e374408dd339 + - c658610d7cac7bb80469553e0a0ecb56 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -248,12 +248,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:23:43.402+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T13:12:38.042+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - c7b97827-1755-4de6-aa7a-507289d22131 + - 1c0663ce-4dfb-47db-9c93-7d523bf3e22e Atl-Traceid: - - c7b9782717554de6aa7a507289d22131 + - 1c0663ce4dfb47db9c937d523bf3e22e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -263,7 +263,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:43 GMT + - Sat, 24 May 2025 11:12:38 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -273,7 +273,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="dKisb8BoI_Mt_XbGepch_aZp21wttgb_-AWR47klCYCAKG-78tc2Tw==",cdn-downstream-fbl;dur=233,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=57,cdn-upstream-fbl;dur=230,atl-edge;dur=152,atl-edge-internal;dur=15,atl-edge-upstream;dur=138,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=135,atl-edge;dur=106,atl-edge-internal;dur=21,atl-edge-upstream;dur=86,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="7h-YkWjGY4VuA04WLJmlsBTXWr40KMUAXQLscSLcK0pPGZ1gMc15bg==",cdn-downstream-fbl;dur=138 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -283,15 +283,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e61f6cd3dfbf1a805c935627b416490e.cloudfront.net (CloudFront) + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - dKisb8BoI_Mt_XbGepch_aZp21wttgb_-AWR47klCYCAKG-78tc2Tw== + - 7h-YkWjGY4VuA04WLJmlsBTXWr40KMUAXQLscSLcK0pPGZ1gMc15bg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 6608d2f06d9a1abf8d69bd0184ab0d2b + - f568cb2b92ae3e67301301a399b33284 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -332,9 +332,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 71778293-41e4-43a2-bba0-62ca40c1905e + - 243545da-38e6-445b-9bc4-6852668732c0 Atl-Traceid: - - 7177829341e443a2bba062ca40c1905e + - 243545da38e6445b9bc46852668732c0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -344,7 +344,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:43 GMT + - Sat, 24 May 2025 11:12:38 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -354,7 +354,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="kCRrafBXnH6Ao4668Di4X-zfuIIyiISUqNG4uefJlDrU77hgIVTdqg==",cdn-downstream-fbl;dur=333,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=56,cdn-upstream-fbl;dur=331,atl-edge;dur=256,atl-edge-internal;dur=18,atl-edge-upstream;dur=238,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=309,atl-edge;dur=283,atl-edge-internal;dur=18,atl-edge-upstream;dur=265,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="r_7DzKI4OfBWuLO88PmDt-4aA_8HB3SQ2w0XC-JT3B-frUaCwDjSiQ==",cdn-downstream-fbl;dur=316 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -364,18 +364,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f82a4020c8fc9b14a403737c65661074.cloudfront.net (CloudFront) + - 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - kCRrafBXnH6Ao4668Di4X-zfuIIyiISUqNG4uefJlDrU77hgIVTdqg== + - r_7DzKI4OfBWuLO88PmDt-4aA_8HB3SQ2w0XC-JT3B-frUaCwDjSiQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 02e0063e85db7de3f693f95ab9029c67 + - bd33846f4370f41122522c96447399ac X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -407,12 +407,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18155","key":"NTEST-1830","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18155"}' + string: '{"id":"19723","key":"NTEST-3051","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19723"}' headers: Atl-Request-Id: - - 05e1afff-12a9-450e-b9de-fcf7259a4a72 + - 259909c3-c9e0-4e8e-a13f-fd9b42c4389c Atl-Traceid: - - 05e1afff12a9450eb9defcf7259a4a72 + - 259909c3c9e04e8ea13ffd9b42c4389c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -420,7 +420,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:45 GMT + - Sat, 24 May 2025 11:12:39 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -430,7 +430,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="b0UAhMmguWyTv95Evp4KyvPQj5Sg93v_CZeDN5OvPpQgZTLydN-68g==",cdn-downstream-fbl;dur=873,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=870,atl-edge;dur=786,atl-edge-internal;dur=15,atl-edge-upstream;dur=771,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=782,atl-edge;dur=755,atl-edge-internal;dur=15,atl-edge-upstream;dur=740,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="dwSzNonci8rWeWeFqtdSj7gpJ91hIJ4zetj-DCoQh9-rRnMXoqHy0w==",cdn-downstream-fbl;dur=787 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -440,15 +440,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c1388c9ad241eb02cd4ddbe69b1a2d34.cloudfront.net (CloudFront) + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - b0UAhMmguWyTv95Evp4KyvPQj5Sg93v_CZeDN5OvPpQgZTLydN-68g== + - dwSzNonci8rWeWeFqtdSj7gpJ91hIJ4zetj-DCoQh9-rRnMXoqHy0w== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - c7c28b6474367809d0f45d2201d8a6eb + - f2a2bde24f661546063557f5bf3e0329 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -474,26 +474,26 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1830 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3051 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18155","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18155","key":"NTEST-1830","fields":{"statuscategorychangedate":"2025-04-30T18:23:44.992+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10000","id":"10000","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19723","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19723","key":"NTEST-3051","fields":{"statuscategorychangedate":"2025-05-24T13:12:39.255+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10000","id":"10000","description":"A big user story that needs to be broken down. Created by Jira Software - do not edit or delete.","iconUrl":"https://defectdojo.atlassian.net/images/icons/issuetypes/epic.svg","name":"Epic","subtask":false,"hierarchyLevel":1},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"fixVersions":[],"customfield_10033":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1830/watchers","watchCount":1,"isWatching":true},"created":"2025-04-30T18:23:44.633+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"customfield_10023":null,"labels":[],"customfield_10026":null,"customfield_10016":null,"customfield_10017":"teal","customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sx3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:23:44.761+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3051/watchers","watchCount":1,"isWatching":true},"created":"2025-05-24T13:12:38.881+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"customfield_10023":null,"labels":[],"customfield_10026":null,"customfield_10016":null,"customfield_10017":"dark_orange","customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010t3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T13:12:38.978+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"new engagement","customfield_10010":null,"customfield_10055":null,"customfield_10011":"new engagement","customfield_10056":null,"customfield_10012":{"self":"https://defectdojo.atlassian.net/rest/api/2/customFieldOption/10016","value":"To - Do","id":"10016"},"customfield_10013":"ghx-label-11","customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10049":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"aggregatetimeestimate":null,"attachment":[],"customfield_10009":null,"summary":"new - engagement","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10048":null,"customfield_10004":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1830/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18155/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Do","id":"10016"},"customfield_10013":"ghx-label-14","customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10049":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"aggregatetimeestimate":null,"attachment":[],"customfield_10009":null,"summary":"new + engagement","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10048":null,"customfield_10004":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3051/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19723/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 5f0659c7-5b3c-4bc2-8bf5-053a88006161 + - 153adc78-ae28-43fb-b5df-94537f61552c Atl-Traceid: - - 5f0659c75b3c4bc28bf5053a88006161 + - 153adc78ae2843fbb5df94537f61552c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -503,7 +503,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:45 GMT + - Sat, 24 May 2025 11:12:39 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -513,7 +513,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="V7l25GXPxmIUA1lRT2C2YBKpySbfjWDak_CEAv9wxZFUMrH0OSDm-g==",cdn-downstream-fbl;dur=358,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=356,atl-edge;dur=272,atl-edge-internal;dur=19,atl-edge-upstream;dur=253,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=270,atl-edge;dur=242,atl-edge-internal;dur=16,atl-edge-upstream;dur=226,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="LgP7shD9NLLXvGaAyO7RfVDyzKxpcykBxirQEfYPb_Hn5rlqq-ktgQ==",cdn-downstream-fbl;dur=274 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -523,15 +523,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 bd02c4a72f88f2bbd693051675941962.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - V7l25GXPxmIUA1lRT2C2YBKpySbfjWDak_CEAv9wxZFUMrH0OSDm-g== + - LgP7shD9NLLXvGaAyO7RfVDyzKxpcykBxirQEfYPb_Hn5rlqq-ktgQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 8ec2bc5269a95ba5dfa77a91fbd97e91 + - 6a88d520c9bacfcea87c024105867824 X-Cache: - Miss from cloudfront X-Content-Type-Options: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_create_edit_update_finding.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_create_edit_update_finding.yaml index 556ca0905d3..f41129899a4 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_create_edit_update_finding.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_create_edit_update_finding.yaml @@ -24,7 +24,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -38,9 +38,9 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"838\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:34024\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:58144\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, @@ -76,7 +76,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:23:46 GMT + - Sat, 24 May 2025 10:30:54 GMT Transfer-Encoding: - chunked status: @@ -113,7 +113,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -127,9 +127,9 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1310\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:34026\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:58146\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": @@ -180,7 +180,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:23:46 GMT + - Sat, 24 May 2025 10:30:54 GMT Transfer-Encoding: - chunked status: @@ -205,12 +205,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:23:46.724+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:30:56.778+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 96ebd2aa-f3d6-471f-909f-443199eb8e81 + - 01a17fb4-4cfd-43e9-9acf-58b633179033 Atl-Traceid: - - 96ebd2aaf3d6471f909f443199eb8e81 + - 01a17fb44cfd43e99acf58b633179033 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -220,7 +220,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:46 GMT + - Sat, 24 May 2025 10:30:56 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -230,7 +230,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=31,cdn-upstream-fbl;dur=288,atl-edge;dur=160,atl-edge-internal;dur=16,atl-edge-upstream;dur=145,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="Q-qP-AHAgvFOCA_S0eFIZGmKfAYg4AlgT94smSdF9DrRr35SkEgwyw==",cdn-downstream-fbl;dur=291 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=7,cdn-upstream-fbl;dur=188,atl-edge;dur=160,atl-edge-internal;dur=15,atl-edge-upstream;dur=144,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="kFtp58_zdYUKylXHxxMq8-1ZY1OaOMLAK8FpMfvH2FOZPbTPRT-gLA==",cdn-downstream-fbl;dur=192 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -240,15 +240,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5ea7f8bcbac3004590a821cdd0466e1c.cloudfront.net (CloudFront) + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Q-qP-AHAgvFOCA_S0eFIZGmKfAYg4AlgT94smSdF9DrRr35SkEgwyw== + - kFtp58_zdYUKylXHxxMq8-1ZY1OaOMLAK8FpMfvH2FOZPbTPRT-gLA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 1f41bb813e740faff8aff3cb09113484 + - 7c3fdc94839f2c54ed59fe23addf2833 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -286,9 +286,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 0a8417c8-7279-40a6-9cee-2896bc3640b2 + - e131c2dd-ccf8-4ad1-8f09-684b2a46d0c6 Atl-Traceid: - - 0a8417c8727940a69cee2896bc3640b2 + - e131c2ddccf84ad18f09684b2a46d0c6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -298,7 +298,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:47 GMT + - Sat, 24 May 2025 10:30:57 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -308,7 +308,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="6jgpDU6wZCWK_5DWGVhSgO6GSJPEZVE5vShc5m4MXWDBAYJzbud8-g==",cdn-downstream-fbl;dur=365,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=362,atl-edge;dur=276,atl-edge-internal;dur=15,atl-edge-upstream;dur=262,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=325,atl-edge;dur=317,atl-edge-internal;dur=17,atl-edge-upstream;dur=300,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="i_pNYguk9eS4rWzGHR7XpFvSgAOPobEBVyKFccuCSkrd7Ix9tujuGw==",cdn-downstream-fbl;dur=330 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -318,18 +318,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 40867fef594010a8d9ec2cb0a5cb2350.cloudfront.net (CloudFront) + - 1.1 9835af751c15612a813bbc131d2ce1e6.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 6jgpDU6wZCWK_5DWGVhSgO6GSJPEZVE5vShc5m4MXWDBAYJzbud8-g== + - i_pNYguk9eS4rWzGHR7XpFvSgAOPobEBVyKFccuCSkrd7Ix9tujuGw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 7146018f99c9137897c570af605b6201 + - 280c313541719be8500d54f93ca5fb4a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -343,7 +343,7 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Jira Api Test 2", "description": "\n\n\n\n\n\n*Title*: [Jira Api Test 2|http://localhost:8080/finding/235]\n\n*Defect Dojo link:* http://localhost:8080/finding/235 - (235)\n\n*Severity:* Low\n\n\n*Due Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + (235)\n\n*Severity:* Low\n\n\n*Due Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe @@ -362,7 +362,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1190' + - '1191' Content-Type: - application/json User-Agent: @@ -371,12 +371,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18157","key":"NTEST-1831","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18157"}' + string: '{"id":"19628","key":"NTEST-2956","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19628"}' headers: Atl-Request-Id: - - 359e64f2-a512-491a-8883-37b5b40efa65 + - a41c8d52-ec2d-41c3-b27c-6905835d9e21 Atl-Traceid: - - 359e64f2a512491a888337b5b40efa65 + - a41c8d52ec2d41c3b27c6905835d9e21 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -384,7 +384,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:48 GMT + - Sat, 24 May 2025 10:30:58 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -394,7 +394,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="RDmo3H_adebdHM-lb0Hg2sYMEY4iVAOWKfYzwrn4rfDoEhMYjieRZQ==",cdn-downstream-fbl;dur=844,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=98,cdn-upstream-fbl;dur=841,atl-edge;dur=709,atl-edge-internal;dur=15,atl-edge-upstream;dur=695,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=716,atl-edge;dur=708,atl-edge-internal;dur=34,atl-edge-upstream;dur=674,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="b9B6i0V5y6_TOLGB61Pc98B7_7iBeYV4d_ln9rOy10i011jDcCXxPQ==",cdn-downstream-fbl;dur=720 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -404,15 +404,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2918cacbb3dda2d143059f9b5f341e32.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - RDmo3H_adebdHM-lb0Hg2sYMEY4iVAOWKfYzwrn4rfDoEhMYjieRZQ== + - b9B6i0V5y6_TOLGB61Pc98B7_7iBeYV4d_ln9rOy10i011jDcCXxPQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 79abb4b717c4395071d791355b987dd2 + - 5980e49e4b32987ccedd32f71ed2ea56 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -438,17 +438,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1831 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2956 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18157","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18157","key":"NTEST-1831","fields":{"statuscategorychangedate":"2025-04-30T18:23:48.080+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19628","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19628","key":"NTEST-2956","fields":{"statuscategorychangedate":"2025-05-24T12:30:57.930+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1831/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:23:47.768+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sxb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:23:47.872+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2956/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:30:57.621+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0107z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:30:57.701+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Jira Api Test 2|http://localhost:8080/finding/235]\n\n*Defect Dojo link:* http://localhost:8080/finding/235 (235)\n\n*Severity:* Low\n\n\n*Due Date:* - Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe @@ -457,14 +457,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira - Api Test 2","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1831/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18157/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Api Test 2","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2956/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19628/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 038992ce-9f30-4c8d-82bb-2ad6f4ab6c8d + - 3f85ec65-ead7-4186-806c-4792628dca7e Atl-Traceid: - - 038992ce9f304c8d82bb2ad6f4ab6c8d + - 3f85ec65ead74186806c4792628dca7e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -474,7 +474,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:48 GMT + - Sat, 24 May 2025 10:30:58 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -484,7 +484,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=32,cdn-upstream-fbl;dur=517,atl-edge;dur=388,atl-edge-internal;dur=18,atl-edge-upstream;dur=370,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="v4zZUY95r4HFbuYneM_3vPZsYRJjQ_4wAio89ociI3y4SvEv05NS7Q==",cdn-downstream-fbl;dur=522 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=252,atl-edge;dur=224,atl-edge-internal;dur=18,atl-edge-upstream;dur=206,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="9IaWy00Ve7qSNjwjcb3pHEOhLmUrKJPhCXZM9BhZofh9KfiP0cgR4Q==",cdn-downstream-fbl;dur=256 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -494,15 +494,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9dbecd95f02024b36225d6b521598db6.cloudfront.net (CloudFront) + - 1.1 b0062bb33b961b53be87d688f2bdd9f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - v4zZUY95r4HFbuYneM_3vPZsYRJjQ_4wAio89ociI3y4SvEv05NS7Q== + - 9IaWy00Ve7qSNjwjcb3pHEOhLmUrKJPhCXZM9BhZofh9KfiP0cgR4Q== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 1730874687ad03bbd9fd21854fa93814 + - d4427840f034ce12d038cafc6320ef8f X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -528,17 +528,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18157 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19628 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18157","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18157","key":"NTEST-1831","fields":{"statuscategorychangedate":"2025-04-30T18:23:48.080+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19628","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19628","key":"NTEST-2956","fields":{"statuscategorychangedate":"2025-05-24T12:30:57.930+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1831/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:23:47.768+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sxb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:23:47.872+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2956/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:30:57.621+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0107z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:30:57.701+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Jira Api Test 2|http://localhost:8080/finding/235]\n\n*Defect Dojo link:* http://localhost:8080/finding/235 (235)\n\n*Severity:* Low\n\n\n*Due Date:* - Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe @@ -547,14 +547,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira - Api Test 2","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1831/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18157/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Api Test 2","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2956/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19628/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 2565d373-862e-440b-ae8d-da80cae6214f + - bb97bbb0-9ef4-41c6-8c7f-7a5d9c1de634 Atl-Traceid: - - 2565d373862e440bae8dda80cae6214f + - bb97bbb09ef441c68c7f7a5d9c1de634 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -564,7 +564,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:49 GMT + - Sat, 24 May 2025 10:30:58 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -574,7 +574,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="URf9JlTZwVXl-_8fxg7OuCAxEWC91kIGXxKyLtY6AKtUX-L4nwJw8g==",cdn-downstream-fbl;dur=400,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=95,cdn-upstream-fbl;dur=397,atl-edge;dur=270,atl-edge-internal;dur=18,atl-edge-upstream;dur=251,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="9dlcZRV18aaxElW64i-Cv2SkANwQguLWl48PaRN4yuxK1Lc-xarsTw==",cdn-downstream-fbl;dur=263,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=18,cdn-upstream-fbl;dur=261,atl-edge;dur=235,atl-edge-internal;dur=16,atl-edge-upstream;dur=218,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -584,15 +584,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 de5b26aba33b480d2b740b96a34fe916.cloudfront.net (CloudFront) + - 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - URf9JlTZwVXl-_8fxg7OuCAxEWC91kIGXxKyLtY6AKtUX-L4nwJw8g== + - 9dlcZRV18aaxElW64i-Cv2SkANwQguLWl48PaRN4yuxK1Lc-xarsTw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - f641f6dae978f5880b4509854f6d1763 + - d7f6d25633bc0779b25c15ec79970863 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -621,12 +621,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:23:49.941+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:30:59.078+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 80bb533c-3dfc-4959-b6c8-2fe6491f744c + - 7146e336-0ef9-47c6-9b54-2259747e3a10 Atl-Traceid: - - 80bb533c3dfc4959b6c82fe6491f744c + - 7146e3360ef947c69b542259747e3a10 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -636,7 +636,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:49 GMT + - Sat, 24 May 2025 10:30:59 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -646,7 +646,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="eRDa8jszcNv9GBXtQwv1VbD96U9ha8W4VvZ1pH1wOxexCBIdqPsR-w==",cdn-downstream-fbl;dur=302,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=97,cdn-upstream-fbl;dur=299,atl-edge;dur=165,atl-edge-internal;dur=18,atl-edge-upstream;dur=150,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="j1A3m8No59DFmiF_WsGYzECzvvCyEV9SPlAp3wvmL13LMRxWF7mToA==",cdn-downstream-fbl;dur=138,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=136,atl-edge;dur=106,atl-edge-internal;dur=17,atl-edge-upstream;dur=90,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -656,15 +656,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 71ab92edd02bc8ec941d842529d753d0.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - eRDa8jszcNv9GBXtQwv1VbD96U9ha8W4VvZ1pH1wOxexCBIdqPsR-w== + - j1A3m8No59DFmiF_WsGYzECzvvCyEV9SPlAp3wvmL13LMRxWF7mToA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - ae46b4c87036ed92b65aa373618902d4 + - 7bdc19fe178f6e56cdbe6da5a0ad378c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -702,9 +702,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 3875504f-163b-48e4-8795-32e35683dfa1 + - 2f2aef7a-db59-4373-9799-75e43ce61b31 Atl-Traceid: - - 3875504f163b48e4879532e35683dfa1 + - 2f2aef7adb594373979975e43ce61b31 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -714,7 +714,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:50 GMT + - Sat, 24 May 2025 10:30:59 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -724,7 +724,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="fie3rXSD9GuNg3_CulBgqCgbrRzV88Pz9Jl0pUJ-5MrO1_iiDHEvAQ==",cdn-downstream-fbl;dur=410,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=408,atl-edge;dur=323,atl-edge-internal;dur=15,atl-edge-upstream;dur=308,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=254,atl-edge;dur=246,atl-edge-internal;dur=16,atl-edge-upstream;dur=230,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="wQENX-L1RDJB5zXcsusYyVV2noY2MaN2N7AU1_hwlxcczfnycd8_ow==",cdn-downstream-fbl;dur=257 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -734,18 +734,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3cab2977109e9e185607e6a3005951e0.cloudfront.net (CloudFront) + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - fie3rXSD9GuNg3_CulBgqCgbrRzV88Pz9Jl0pUJ-5MrO1_iiDHEvAQ== + - wQENX-L1RDJB5zXcsusYyVV2noY2MaN2N7AU1_hwlxcczfnycd8_ow== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 8f82990c0f4b8d0717100f8cab9b350c + - d0bc383912235a151bb7fc80a6762675 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -759,7 +759,7 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Jira Api Test 3", "description": "\n\n\n\n\n\n*Title*: [Jira Api Test 3|http://localhost:8080/finding/236]\n\n*Defect Dojo link:* http://localhost:8080/finding/236 - (236)\n\n*Severity:* Low\n\n\n*Due Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + (236)\n\n*Severity:* Low\n\n\n*Due Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe @@ -778,7 +778,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1190' + - '1191' Content-Type: - application/json User-Agent: @@ -787,12 +787,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18159","key":"NTEST-1832","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18159"}' + string: '{"id":"19629","key":"NTEST-2957","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19629"}' headers: Atl-Request-Id: - - 53d80a72-0728-4136-a9be-c61ac9a29101 + - 8cf4a5b8-8b31-4b5c-814d-15a85b408c1d Atl-Traceid: - - 53d80a7207284136a9bec61ac9a29101 + - 8cf4a5b88b314b5c814d15a85b408c1d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -800,7 +800,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:51 GMT + - Sat, 24 May 2025 10:31:00 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -810,7 +810,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=31,cdn-upstream-fbl;dur=817,atl-edge;dur=690,atl-edge-internal;dur=16,atl-edge-upstream;dur=673,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="aNy_k1TepuD992apdXK-jkBJR9TtmcH1rGv7YRv7Y1T41eiFG0QHRg==",cdn-downstream-fbl;dur=821 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=780,atl-edge;dur=754,atl-edge-internal;dur=15,atl-edge-upstream;dur=739,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ZgadyYAmi24VWYIatB45z48HXGgkDJ4vpGHeuHiaEDKJPFfxGNkbjw==",cdn-downstream-fbl;dur=783 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -820,15 +820,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront) + - 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - aNy_k1TepuD992apdXK-jkBJR9TtmcH1rGv7YRv7Y1T41eiFG0QHRg== + - ZgadyYAmi24VWYIatB45z48HXGgkDJ4vpGHeuHiaEDKJPFfxGNkbjw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 0df92f866bb3b1a6339a5ce88d9ba5df + - 688fc75b60b66bca838c89ea75c0b0b4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -854,17 +854,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1832 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18159","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18159","key":"NTEST-1832","fields":{"statuscategorychangedate":"2025-04-30T18:23:51.540+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19629","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19629","key":"NTEST-2957","fields":{"statuscategorychangedate":"2025-05-24T12:31:00.181+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1832/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:23:51.255+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sxj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:23:51.338+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:30:59.795+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i01087:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:30:59.896+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Jira Api Test 3|http://localhost:8080/finding/236]\n\n*Defect Dojo link:* http://localhost:8080/finding/236 (236)\n\n*Severity:* Low\n\n\n*Due Date:* - Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe @@ -873,14 +873,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira - Api Test 3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1832/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18159/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Api Test 3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19629/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 39705df9-cd05-49ef-b2e5-78c6f65bb839 + - 06a958a7-5ed2-4dfe-9b48-5249ecc46675 Atl-Traceid: - - 39705df9cd0549efb2e578c6f65bb839 + - 06a958a75ed24dfe9b485249ecc46675 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -890,7 +890,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:52 GMT + - Sat, 24 May 2025 10:31:00 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -900,7 +900,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=31,cdn-upstream-fbl;dur=413,atl-edge;dur=286,atl-edge-internal;dur=17,atl-edge-upstream;dur=269,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="l9R2x3dKxnjfuqw1UTfmrBUU5g8ZcS8GfUBrvkVenHl_Jc9-B22mZg==",cdn-downstream-fbl;dur=416 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=226,atl-edge;dur=200,atl-edge-internal;dur=17,atl-edge-upstream;dur=183,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="laH4adopiPlMVp-56s_9-KLLxPedLKg479_2sLg4BAo4hJD0FfvP1g==",cdn-downstream-fbl;dur=231 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -910,15 +910,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9fe7d47ea2a815113a41181f1d63f69e.cloudfront.net (CloudFront) + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - l9R2x3dKxnjfuqw1UTfmrBUU5g8ZcS8GfUBrvkVenHl_Jc9-B22mZg== + - laH4adopiPlMVp-56s_9-KLLxPedLKg479_2sLg4BAo4hJD0FfvP1g== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 155b34752b0ce19b083a1cbab3700d3a + - fbfa92fed7974980261f8fdb3283025f X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -944,17 +944,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18159 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19629 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18159","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18159","key":"NTEST-1832","fields":{"statuscategorychangedate":"2025-04-30T18:23:51.540+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19629","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19629","key":"NTEST-2957","fields":{"statuscategorychangedate":"2025-05-24T12:31:00.181+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1832/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:23:51.255+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sxj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:23:51.338+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:30:59.795+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i01087:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:30:59.896+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Jira Api Test 3|http://localhost:8080/finding/236]\n\n*Defect Dojo link:* http://localhost:8080/finding/236 (236)\n\n*Severity:* Low\n\n\n*Due Date:* - Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe @@ -963,14 +963,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira - Api Test 3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1832/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18159/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Api Test 3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19629/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - a637266f-e145-48c0-973c-275e6ecd553a + - 78af0210-e2f6-471d-9673-5d383c86f4f5 Atl-Traceid: - - a637266fe14548c0973c275e6ecd553a + - 78af0210e2f6471d96735d383c86f4f5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -980,7 +980,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:52 GMT + - Sat, 24 May 2025 10:31:00 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -990,7 +990,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=318,atl-edge;dur=285,atl-edge-internal;dur=15,atl-edge-upstream;dur=270,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="RWY2b5xZRIVEY2ORoueQ7fAXlSLyD2FObJ1F9NIVI0jfbp-MPxY-vA==",cdn-downstream-fbl;dur=322 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=257,atl-edge;dur=250,atl-edge-internal;dur=16,atl-edge-upstream;dur=234,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="xjngTvebLmpqNCdCejeSc281glgAHE_ZQTmqbIb8X5q_L07kOZQ-rQ==",cdn-downstream-fbl;dur=263 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1000,15 +1000,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - RWY2b5xZRIVEY2ORoueQ7fAXlSLyD2FObJ1F9NIVI0jfbp-MPxY-vA== + - xjngTvebLmpqNCdCejeSc281glgAHE_ZQTmqbIb8X5q_L07kOZQ-rQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 824fb8a1b6fda208caab991bb226f23c + - 0a09c33d5479c8aecf5a0a370cb042dc X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1037,12 +1037,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:23:53.078+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:01.165+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - be5baa6a-2a6c-4b44-b224-3ab4966b1815 + - 0e3fcaaa-4fb1-471b-987c-d80a068ab826 Atl-Traceid: - - be5baa6a2a6c4b44b2243ab4966b1815 + - 0e3fcaaa4fb1471b987cd80a068ab826 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1052,7 +1052,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:53 GMT + - Sat, 24 May 2025 10:31:01 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1062,7 +1062,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="q2JcJofduVzwhHNgc7ksFnxJGNgKu2n_jlUPBjyw0Fu4Mj3msbSL5g==",cdn-downstream-fbl;dur=254,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=251,atl-edge;dur=167,atl-edge-internal;dur=13,atl-edge-upstream;dur=154,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="xZr5_3oKFpT7YmGeZs5OLezIfpe8pZUVZScWmFIDOfZEFt4YOmry8g==",cdn-downstream-fbl;dur=141,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=19,cdn-upstream-fbl;dur=139,atl-edge;dur=112,atl-edge-internal;dur=15,atl-edge-upstream;dur=97,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1072,15 +1072,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c80d7d73c19744418338fdf12216d306.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - q2JcJofduVzwhHNgc7ksFnxJGNgKu2n_jlUPBjyw0Fu4Mj3msbSL5g== + - xZr5_3oKFpT7YmGeZs5OLezIfpe8pZUVZScWmFIDOfZEFt4YOmry8g== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - a5aad0b948364700b71f7650bdd80d22 + - 59fde365665791c01fb6671b032b86ca X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1106,17 +1106,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18159 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19629 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18159","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18159","key":"NTEST-1832","fields":{"statuscategorychangedate":"2025-04-30T18:23:51.540+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19629","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19629","key":"NTEST-2957","fields":{"statuscategorychangedate":"2025-05-24T12:31:00.181+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1832/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:23:51.255+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sxj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:23:51.338+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:30:59.795+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i01087:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:30:59.896+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Jira Api Test 3|http://localhost:8080/finding/236]\n\n*Defect Dojo link:* http://localhost:8080/finding/236 (236)\n\n*Severity:* Low\n\n\n*Due Date:* - Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe @@ -1125,14 +1125,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira - Api Test 3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1832/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18159/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Api Test 3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19629/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 6b670f7b-3509-4169-aefd-0eca51fc4c76 + - 7ad5c8fa-f5ed-43cc-aa05-fc0cd0b4f819 Atl-Traceid: - - 6b670f7b35094169aefd0eca51fc4c76 + - 7ad5c8faf5ed43ccaa05fc0cd0b4f819 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1142,7 +1142,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:53 GMT + - Sat, 24 May 2025 10:31:01 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1152,7 +1152,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=340,atl-edge;dur=252,atl-edge-internal;dur=17,atl-edge-upstream;dur=236,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="vVpQ3QFQQDdtZhUM4hBQ0EkGU7kHp2q4ZSanq1WCZLySskOM9FAG8A==",cdn-downstream-fbl;dur=344 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=301,atl-edge;dur=272,atl-edge-internal;dur=17,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="aP54kH4sqG7lLaylMAsezOxpvdk6kjgj2XffE3ZIyZa3fsHtwKGV_w==",cdn-downstream-fbl;dur=305 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1162,15 +1162,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ed78483d37e5338746e5a4b545e5818e.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - vVpQ3QFQQDdtZhUM4hBQ0EkGU7kHp2q4ZSanq1WCZLySskOM9FAG8A== + - aP54kH4sqG7lLaylMAsezOxpvdk6kjgj2XffE3ZIyZa3fsHtwKGV_w== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 629dee93735f6ec03acb2dd48399b43d + - b6622f968226569ac08cc007e4266d1a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1199,12 +1199,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:23:53.951+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:01.861+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 9855d93e-5b0d-4dbe-8a1e-8016178d0966 + - d11b0b7d-3d58-4ab4-9aaf-4ef8c5dd4ee6 Atl-Traceid: - - 9855d93e5b0d4dbe8a1e8016178d0966 + - d11b0b7d3d584ab49aaf4ef8c5dd4ee6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1214,7 +1214,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:53 GMT + - Sat, 24 May 2025 10:31:01 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1224,7 +1224,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=32,cdn-upstream-fbl;dur=273,atl-edge;dur=143,atl-edge-internal;dur=15,atl-edge-upstream;dur=128,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="16Qf7AgGwEHa6EAaWtdqEsnPQIARc818Ti-YMiv8Z5EMs1NYAlAQuA==",cdn-downstream-fbl;dur=276 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=143,atl-edge;dur=115,atl-edge-internal;dur=14,atl-edge-upstream;dur=101,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="USnW88OxDKKgbUFHEfRGPbPhwDxgc0EghnCzln0Nhecwu1EztQalEQ==",cdn-downstream-fbl;dur=148 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1234,15 +1234,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c31337642f54c5bd34bb485701d02e8a.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 16Qf7AgGwEHa6EAaWtdqEsnPQIARc818Ti-YMiv8Z5EMs1NYAlAQuA== + - USnW88OxDKKgbUFHEfRGPbPhwDxgc0EghnCzln0Nhecwu1EztQalEQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - dcb7d0ae868cbb87086643b459a1ed46 + - 9d64415fb12922d0cc961ed47e1ea36c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1268,17 +1268,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18159 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19629 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18159","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18159","key":"NTEST-1832","fields":{"statuscategorychangedate":"2025-04-30T18:23:51.540+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19629","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19629","key":"NTEST-2957","fields":{"statuscategorychangedate":"2025-05-24T12:31:00.181+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1832/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:23:51.255+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sxj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:23:51.338+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:30:59.795+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i01087:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:30:59.896+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Jira Api Test 3|http://localhost:8080/finding/236]\n\n*Defect Dojo link:* http://localhost:8080/finding/236 (236)\n\n*Severity:* Low\n\n\n*Due Date:* - Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe @@ -1287,14 +1287,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira - Api Test 3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1832/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18159/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Api Test 3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19629/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 8913cb8b-9aa5-4f6b-be45-a391f9ed4e0c + - 29565722-e1f4-462a-b4d9-cde268137d35 Atl-Traceid: - - 8913cb8b9aa54f6bbe45a391f9ed4e0c + - 29565722e1f4462ab4d9cde268137d35 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1304,7 +1304,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:54 GMT + - Sat, 24 May 2025 10:31:02 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1314,7 +1314,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=257,atl-edge;dur=224,atl-edge-internal;dur=17,atl-edge-upstream;dur=207,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="Ne95likRpMWRaa_AgMpJ7ZDuOSn3g4lfeAc4DL53cfgrP2iyM1yoGQ==",cdn-downstream-fbl;dur=261 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=274,atl-edge;dur=246,atl-edge-internal;dur=21,atl-edge-upstream;dur=225,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="clPdOdBjRN4LY1SAiSK8Q9Vr8kIKK17UQm81YAVmqujskhiGgksTKw==",cdn-downstream-fbl;dur=278 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1324,15 +1324,339 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Ne95likRpMWRaa_AgMpJ7ZDuOSn3g4lfeAc4DL53cfgrP2iyM1yoGQ== + - clPdOdBjRN4LY1SAiSK8Q9Vr8kIKK17UQm81YAVmqujskhiGgksTKw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 61c883a9f07172cddd18711c47f6437e + - d8c4ddc94eb58c49f56b252bbbb7fc03 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:02.413+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 736b3909-9100-4517-ac8a-45ceaa020484 + Atl-Traceid: + - 736b390991004517ac8a45ceaa020484 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:31:02 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=116,atl-edge;dur=109,atl-edge-internal;dur=19,atl-edge-upstream;dur=90,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Aj-L-pB_fpLLAIdRYbkJn4FakCRFsS8tSyTbNEiXYmWLN9mHyGqkHw==",cdn-downstream-fbl;dur=121 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - Aj-L-pB_fpLLAIdRYbkJn4FakCRFsS8tSyTbNEiXYmWLN9mHyGqkHw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - d6330c14a311f876b99b537132138e7b + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19629 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19629","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19629","key":"NTEST-2957","fields":{"statuscategorychangedate":"2025-05-24T12:31:00.181+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:30:59.795+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i01087:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:30:59.896+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [Jira Api Test 3|http://localhost:8080/finding/236]\n\n*Defect Dojo link:* + http://localhost:8080/finding/236 (236)\n\n*Severity:* Low\n\n\n*Due Date:* + Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set + for cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira + Api Test 3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19629/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 78f37659-2e2a-479c-8486-a77b8d249976 + Atl-Traceid: + - 78f376592e2a479c8486a77b8d249976 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:31:02 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=268,atl-edge;dur=241,atl-edge-internal;dur=14,atl-edge-upstream;dur=227,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="7RTCVZuH-RRqnft86DrFcBTNB1eyjmiq-UjTDl-WY9V4cYY37OG-XQ==",cdn-downstream-fbl;dur=272 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 7RTCVZuH-RRqnft86DrFcBTNB1eyjmiq-UjTDl-WY9V4cYY37OG-XQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - acebff256866380cdce19a298f88bc9e + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:03.046+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - b741ad42-4d90-4cee-b397-cfdc5b63b779 + Atl-Traceid: + - b741ad424d904ceeb397cfdc5b63b779 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:31:03 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=142,atl-edge;dur=114,atl-edge-internal;dur=17,atl-edge-upstream;dur=97,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="uQ5XydSRgYXF963c8sXe5aAILyPnaH5kKIab1pi9a4Bs6b2K0RBemA==",cdn-downstream-fbl;dur=147 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 f5d6b2021b5a22554c0e7f5b20207324.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - uQ5XydSRgYXF963c8sXe5aAILyPnaH5kKIab1pi9a4Bs6b2K0RBemA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - e91faa0e47f1b51af0db029e9856b51c + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19629 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19629","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19629","key":"NTEST-2957","fields":{"statuscategorychangedate":"2025-05-24T12:31:00.181+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:30:59.795+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i01087:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:30:59.896+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [Jira Api Test 3|http://localhost:8080/finding/236]\n\n*Defect Dojo link:* + http://localhost:8080/finding/236 (236)\n\n*Severity:* Low\n\n\n*Due Date:* + Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA + cookie has been set without the secure flag, which means that the cookie can\nbe + accessed via unencrypted connections.\n\n\n*Mitigation*:\nWhenever a cookie + contains sensitive information or is a session token, then\nit should always + be passed using an encrypted channel. Ensure that the secure\nflag is set + for cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira + Api Test 3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19629/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 002b8bd2-3627-403a-8071-a27a0c51b0dc + Atl-Traceid: + - 002b8bd23627403a8071a27a0c51b0dc + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:31:03 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=259,atl-edge;dur=231,atl-edge-internal;dur=14,atl-edge-upstream;dur=216,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="xnNVwf5ZpbN7QdbZHhnHI_CjDCg0EhpQEHBR2mgEIoJAwoSpex1Oaw==",cdn-downstream-fbl;dur=262 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - xnNVwf5ZpbN7QdbZHhnHI_CjDCg0EhpQEHBR2mgEIoJAwoSpex1Oaw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - ae604e532f4474fc1dcfae737ad97e0d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1370,9 +1694,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 6f344ea6-a6e7-472e-b3b1-10f3dd2ba492 + - 39e2fb89-6be1-4d14-b5ab-4f5a8831dda7 Atl-Traceid: - - 6f344ea6a6e7472eb3b110f3dd2ba492 + - 39e2fb896be14d14b5ab4f5a8831dda7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1382,7 +1706,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:54 GMT + - Sat, 24 May 2025 10:31:03 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1392,7 +1716,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=309,atl-edge;dur=276,atl-edge-internal;dur=15,atl-edge-upstream;dur=261,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="oyJ9Oas0GwZLph86ZVRkzhRx4EMvS3ASWr1DqxFIhAoRkBQK3esmog==",cdn-downstream-fbl;dur=313 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=277,atl-edge;dur=270,atl-edge-internal;dur=16,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="xrFWTEp5rN_RoRj7tDicQfRJacabGqVU2EjQp04iVbARRAza-d5Uwg==",cdn-downstream-fbl;dur=282 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1402,18 +1726,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9dbecd95f02024b36225d6b521598db6.cloudfront.net (CloudFront) + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - oyJ9Oas0GwZLph86ZVRkzhRx4EMvS3ASWr1DqxFIhAoRkBQK3esmog== + - xrFWTEp5rN_RoRj7tDicQfRJacabGqVU2EjQp04iVbARRAza-d5Uwg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - e24ffacf1181fc666c8ba9496010bd46 + - 1a1693cdcdfd415866fcd24e9f68d0e7 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1427,7 +1751,7 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Jira Api Test 3", "description": "\n\n\n\n\n\n*Title*: [Jira Api Test 3|http://localhost:8080/finding/236]\n\n*Defect Dojo link:* http://localhost:8080/finding/236 - (236)\n\n*Severity:* Low\n\n\n*Due Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + (236)\n\n*Severity:* Medium\n\n\n*Due Date:* Aug. 22, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe @@ -1446,21 +1770,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1175' + - '1178' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18159 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19629 response: body: string: '' headers: Atl-Request-Id: - - 899f5682-d564-4e5d-8622-e861072fcbfe + - dd59fb1b-0efb-41aa-a94b-cc59dda4e579 Atl-Traceid: - - 899f5682d5644e5d8622e861072fcbfe + - dd59fb1b0efb41aaa94bcc59dda4e579 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1468,7 +1792,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:55 GMT + - Sat, 24 May 2025 10:31:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1478,7 +1802,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=31,cdn-upstream-fbl;dur=419,atl-edge;dur=292,atl-edge-internal;dur=29,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="zpfA-IKkbvRDztZqk8CxSTxa6XEVZgu1BHMzjY2XxXqQOMSCdDjW6A==",cdn-downstream-fbl;dur=423 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=524,atl-edge;dur=496,atl-edge-internal;dur=20,atl-edge-upstream;dur=477,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="txaIN1IjO8rGt1l-a6yzBaeikOIRu_CrjSXSGHvKH9bflEz9o4vCcQ==",cdn-downstream-fbl;dur=530 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1486,15 +1810,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9fe7d47ea2a815113a41181f1d63f69e.cloudfront.net (CloudFront) + - 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - zpfA-IKkbvRDztZqk8CxSTxa6XEVZgu1BHMzjY2XxXqQOMSCdDjW6A== + - txaIN1IjO8rGt1l-a6yzBaeikOIRu_CrjSXSGHvKH9bflEz9o4vCcQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - a19c456879264d7fe538facffa3699a8 + - 91b22067a079e374bb2a96e2b13bf30a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1520,17 +1844,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18159 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19629 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18159","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18159","key":"NTEST-1832","fields":{"statuscategorychangedate":"2025-04-30T18:23:51.540+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19629","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19629","key":"NTEST-2957","fields":{"statuscategorychangedate":"2025-05-24T12:31:00.181+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1832/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:23:51.255+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sxj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:23:51.338+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:30:59.795+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i01087:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:04.092+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Jira Api Test 3|http://localhost:8080/finding/236]\n\n*Defect Dojo link:* - http://localhost:8080/finding/236 (236)\n\n*Severity:* Low\n\n\n*Due Date:* - Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + http://localhost:8080/finding/236 (236)\n\n*Severity:* Medium\n\n\n*Due Date:* + Aug. 22, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe @@ -1539,14 +1863,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira - Api Test 3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1832/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18159/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Api Test 3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19629/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 1aeb0f23-25e6-4261-beef-4ff008e7bba1 + - 68caa6fe-c10f-44de-9dbc-aa58d53089aa Atl-Traceid: - - 1aeb0f2325e64261beef4ff008e7bba1 + - 68caa6fec10f44de9dbcaa58d53089aa Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1556,7 +1880,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:55 GMT + - Sat, 24 May 2025 10:31:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1566,7 +1890,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="uNegs_rC469E6yAFJIJLp6SyA-SlzLg9VTeuDaAx9f4ifb4xEy5PQQ==",cdn-downstream-fbl;dur=363,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=360,atl-edge;dur=274,atl-edge-internal;dur=22,atl-edge-upstream;dur=252,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=249,atl-edge;dur=241,atl-edge-internal;dur=19,atl-edge-upstream;dur=223,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="xc1btOZmtSJ0MTTy1-f-UGyJs6DNN3P0PiqNI_YN6dJ1M01-JxRJhg==",cdn-downstream-fbl;dur=252 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1576,15 +1900,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 bbfdc39b99d2b072cca90c3f38450aea.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - uNegs_rC469E6yAFJIJLp6SyA-SlzLg9VTeuDaAx9f4ifb4xEy5PQQ== + - xc1btOZmtSJ0MTTy1-f-UGyJs6DNN3P0PiqNI_YN6dJ1M01-JxRJhg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 530ab790904d35be9b94d94a76f9f774 + - daa97361d6e0580ce835b33d399276d3 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1612,15 +1936,15 @@ interactions: User-Agent: - python-requests/2.32.3 method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1832/transitions + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957/transitions response: body: string: '' headers: Atl-Request-Id: - - 1efa2b32-7305-4707-9da8-f80209c07a3d + - 5793780e-5304-4273-a1c2-85d1bf18fb63 Atl-Traceid: - - 1efa2b32730547079da8f80209c07a3d + - 5793780e53044273a1c285d1bf18fb63 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1628,7 +1952,7 @@ interactions: Content-Type: - text/html;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:56 GMT + - Sat, 24 May 2025 10:31:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1638,7 +1962,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=639,atl-edge;dur=606,atl-edge-internal;dur=16,atl-edge-upstream;dur=590,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="PYnRDmeuSf3kzL5il-2F8bQM04akewsDr3FGEEONSKdkuk6-BkgJHA==",cdn-downstream-fbl;dur=643 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="dVPqEHt7DTOwCnupKpKqOatZUBMXpFBR4jV5qjXWldQk42NSXO9J4A==",cdn-downstream-fbl;dur=523,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=521,atl-edge;dur=492,atl-edge-internal;dur=16,atl-edge-upstream;dur=476,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1646,15 +1970,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 60b2b330807c6611e06e3923c8e315cc.cloudfront.net (CloudFront) + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - PYnRDmeuSf3kzL5il-2F8bQM04akewsDr3FGEEONSKdkuk6-BkgJHA== + - dVPqEHt7DTOwCnupKpKqOatZUBMXpFBR4jV5qjXWldQk42NSXO9J4A== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - d1f2754f07d01d9271f5950ebe0714fc + - 216ae2d9a34ba6d16dea195c02c6733b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1683,12 +2007,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:23:56.812+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:05.478+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - b86d5c10-8e64-4d7b-8827-c7f1d218407f + - e0d7d195-6502-4730-9624-c6697156e719 Atl-Traceid: - - b86d5c108e644d7b8827c7f1d218407f + - e0d7d195650247309624c6697156e719 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1698,7 +2022,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:56 GMT + - Sat, 24 May 2025 10:31:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1708,7 +2032,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=200,atl-edge;dur=168,atl-edge-internal;dur=18,atl-edge-upstream;dur=150,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="N8BidY2nIeijgdJXEeqAMlDSKyC__C2lgAPLK05TaXUE6yWyC-yp1w==",cdn-downstream-fbl;dur=205 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=109,atl-edge;dur=101,atl-edge-internal;dur=14,atl-edge-upstream;dur=88,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="XXl4vhvEfjLp1DWMZH3glSAiYi0ZH9mS98fTGrp2La07CcS6F0Ugqg==",cdn-downstream-fbl;dur=112 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1718,15 +2042,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 771067dca4682f83a6c9963c412d66cc.cloudfront.net (CloudFront) + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - N8BidY2nIeijgdJXEeqAMlDSKyC__C2lgAPLK05TaXUE6yWyC-yp1w== + - XXl4vhvEfjLp1DWMZH3glSAiYi0ZH9mS98fTGrp2La07CcS6F0Ugqg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 508cb38f388a769052d44c686dbd626c + - 97da9d8bd6e32134d325a8b89269231e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1752,16 +2076,16 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18159 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19629 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18159","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18159","key":"NTEST-1832","fields":{"statuscategorychangedate":"2025-04-30T18:23:56.152+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19629","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19629","key":"NTEST-2957","fields":{"statuscategorychangedate":"2025-05-24T12:31:04.996+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-04-30T18:23:56.128+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1832/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:23:51.255+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_4897_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sxj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:23:56.152+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-05-24T12:31:04.968+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:30:59.795+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_5200_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i01087:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:04.995+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Jira Api Test 3|http://localhost:8080/finding/236]\n\n*Defect Dojo link:* - http://localhost:8080/finding/236 (236)\n\n*Severity:* Low\n\n\n*Due Date:* - Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + http://localhost:8080/finding/236 (236)\n\n*Severity:* Medium\n\n\n*Due Date:* + Aug. 22, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe @@ -1770,14 +2094,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira - Api Test 3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1832/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18159/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Api Test 3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2957/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19629/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 1713c299-e55c-4f03-8cb3-2936d4aa75aa + - cc9a9de8-07bf-4aec-8809-2c741413d733 Atl-Traceid: - - 1713c299e55c4f038cb32936d4aa75aa + - cc9a9de807bf4aec88092c741413d733 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1787,7 +2111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:57 GMT + - Sat, 24 May 2025 10:31:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1797,7 +2121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=642,atl-edge;dur=608,atl-edge-internal;dur=15,atl-edge-upstream;dur=593,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="sOoXbvVcjL9O9VjTJVDRKSXYBbDuCuzbUNXlNEj6G-xPerh6JFnY5A==",cdn-downstream-fbl;dur=645 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=7,cdn-upstream-fbl;dur=263,atl-edge;dur=232,atl-edge-internal;dur=18,atl-edge-upstream;dur=216,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="2NJ3jAQ8bz0mh_gMFmK7KJ_zvLgVzdJKkQuo1kBkwBMTXsSHt10zGA==",cdn-downstream-fbl;dur=267 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1807,15 +2131,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 771067dca4682f83a6c9963c412d66cc.cloudfront.net (CloudFront) + - 1.1 e086ec27af2d3105a1a9fa7efa1be454.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - sOoXbvVcjL9O9VjTJVDRKSXYBbDuCuzbUNXlNEj6G-xPerh6JFnY5A== + - 2NJ3jAQ8bz0mh_gMFmK7KJ_zvLgVzdJKkQuo1kBkwBMTXsSHt10zGA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 175363aa17b659914027d2fb5edabc0b + - 3c249c8032e6a4246532443266a028b6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1844,12 +2168,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:23:58.125+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:06.204+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 4519ae0c-75ae-459d-a569-94163135ab28 + - a3a51231-2bba-454a-943d-e61d627fa72b Atl-Traceid: - - 4519ae0c75ae459da56994163135ab28 + - a3a512312bba454a943de61d627fa72b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1859,7 +2183,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:58 GMT + - Sat, 24 May 2025 10:31:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1869,7 +2193,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=31,cdn-upstream-fbl;dur=297,atl-edge;dur=166,atl-edge-internal;dur=17,atl-edge-upstream;dur=152,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="wKh1MqyV-2zXtG6XJ5dE6EM1VcILZHgm3b203B1rQZ-ke1T2Y_Yfdg==",cdn-downstream-fbl;dur=302 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=129,atl-edge;dur=121,atl-edge-internal;dur=15,atl-edge-upstream;dur=107,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="TVn6vFdFzwwLMPNjhGcZf8yqwNuL8afHcJJ3xLxYd1KccsqyAByaRQ==",cdn-downstream-fbl;dur=133 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1879,15 +2203,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ad310b4d7c581c35032fa3fce068e53c.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - wKh1MqyV-2zXtG6XJ5dE6EM1VcILZHgm3b203B1rQZ-ke1T2Y_Yfdg== + - TVn6vFdFzwwLMPNjhGcZf8yqwNuL8afHcJJ3xLxYd1KccsqyAByaRQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - d0f2bc94a4e1d6f1b848b61e162d214c + - 9aaf0637ed25e6e4e2457600f9959aa0 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1925,9 +2249,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 1f695ad4-a578-4dc6-a62c-7e9ea3ecfc5f + - adf21eec-3982-4005-b011-d3f6db9dad4d Atl-Traceid: - - 1f695ad4a5784dc6a62c7e9ea3ecfc5f + - adf21eec39824005b011d3f6db9dad4d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1937,7 +2261,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:58 GMT + - Sat, 24 May 2025 10:31:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1947,7 +2271,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="0fmbjwNAnrkpMLtLpBEiLuopUfGyKFi1ISJqdbKkm56Myw_snY9j2A==",cdn-downstream-fbl;dur=426,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=423,atl-edge;dur=340,atl-edge-internal;dur=21,atl-edge-upstream;dur=319,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=321,atl-edge;dur=315,atl-edge-internal;dur=21,atl-edge-upstream;dur=292,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="_xx1Y6KPtA6MblJRovq23W77F4U29KK1CVvJbccW3sQOJVzZ985qgg==",cdn-downstream-fbl;dur=326 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1957,18 +2281,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 13926aef629bc9518d9ad769185e8c4e.cloudfront.net (CloudFront) + - 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 0fmbjwNAnrkpMLtLpBEiLuopUfGyKFi1ISJqdbKkm56Myw_snY9j2A== + - _xx1Y6KPtA6MblJRovq23W77F4U29KK1CVvJbccW3sQOJVzZ985qgg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - a98a943824a748768b23f6d31f335dd4 + - 67291e2fb05c2782d0041b6a7680a750 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1982,7 +2306,7 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Jira Api Test 4", "description": "\n\n\n\n\n\n*Title*: [Jira Api Test 4|http://localhost:8080/finding/237]\n\n*Defect Dojo link:* http://localhost:8080/finding/237 - (237)\n\n*Severity:* Low\n\n\n*Due Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + (237)\n\n*Severity:* Low\n\n\n*Due Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe @@ -2001,7 +2325,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1190' + - '1191' Content-Type: - application/json User-Agent: @@ -2010,12 +2334,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18161","key":"NTEST-1833","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18161"}' + string: '{"id":"19630","key":"NTEST-2958","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19630"}' headers: Atl-Request-Id: - - f65cd2da-817e-4475-a210-1b04505c62e2 + - 22e795c6-3530-48c5-b843-d7ef203732d8 Atl-Traceid: - - f65cd2da817e4475a2101b04505c62e2 + - 22e795c6353048c5b843d7ef203732d8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2023,7 +2347,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:23:59 GMT + - Sat, 24 May 2025 10:31:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2033,7 +2357,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="FwXbMEo9L_ojLAaPqo57AScigLvWeBFSr2noPSp_l4GOCwW5I9VeVg==",cdn-downstream-fbl;dur=710,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=708,atl-edge;dur=621,atl-edge-internal;dur=18,atl-edge-upstream;dur=603,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=743,atl-edge;dur=715,atl-edge-internal;dur=18,atl-edge-upstream;dur=698,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ZmeuZLlwEBz_dhAEEurJAfm_LiWXXiUXYua3WY-B1GNpTqU99bkElA==",cdn-downstream-fbl;dur=747 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2043,15 +2367,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f497fa2422d5b3ba3b34ed87ffef89a6.cloudfront.net (CloudFront) + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - FwXbMEo9L_ojLAaPqo57AScigLvWeBFSr2noPSp_l4GOCwW5I9VeVg== + - ZmeuZLlwEBz_dhAEEurJAfm_LiWXXiUXYua3WY-B1GNpTqU99bkElA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 1ea9337ee6363ceaf6c7d6ed2fe2ce21 + - 888682e14a931f65d2e135cd7056b151 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2077,17 +2401,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1833 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2958 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18161","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18161","key":"NTEST-1833","fields":{"statuscategorychangedate":"2025-04-30T18:23:59.793+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19630","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19630","key":"NTEST-2958","fields":{"statuscategorychangedate":"2025-05-24T12:31:07.362+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1833/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:23:59.521+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sxr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:23:59.596+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2958/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:07.058+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0108f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:07.141+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Jira Api Test 4|http://localhost:8080/finding/237]\n\n*Defect Dojo link:* http://localhost:8080/finding/237 (237)\n\n*Severity:* Low\n\n\n*Due Date:* - Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe @@ -2096,14 +2420,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira - Api Test 4","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1833/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18161/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Api Test 4","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2958/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19630/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 04569ff1-4327-4b0e-b3e4-add822b28cd7 + - 7b25ab9f-6312-4fc3-bc9e-a18f69b5af51 Atl-Traceid: - - 04569ff143274b0eb3e4add822b28cd7 + - 7b25ab9f63124fc3bc9ea18f69b5af51 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2113,7 +2437,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:00 GMT + - Sat, 24 May 2025 10:31:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2123,7 +2447,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="jn0PxAFgM7vRHMOhasMR7mfOhTSMCLD18SOtFhh0p3pys1Gm--BtuQ==",cdn-downstream-fbl;dur=358,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=355,atl-edge;dur=269,atl-edge-internal;dur=15,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=258,atl-edge;dur=231,atl-edge-internal;dur=19,atl-edge-upstream;dur=213,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="52u7QA6REMA2UyLGOFUSwpypLqXJDjgqBapNVLX_kw4m4BTrNVrqIw==",cdn-downstream-fbl;dur=264 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2133,15 +2457,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 452324c4cfd54555e3a2d8c074edaf78.cloudfront.net (CloudFront) + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - jn0PxAFgM7vRHMOhasMR7mfOhTSMCLD18SOtFhh0p3pys1Gm--BtuQ== + - 52u7QA6REMA2UyLGOFUSwpypLqXJDjgqBapNVLX_kw4m4BTrNVrqIw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 994c1a8a3806bb189b5d133aa8dbb3dd + - 7fb8b161cb11762dbea861358274b667 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2167,17 +2491,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18161 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19630 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18161","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18161","key":"NTEST-1833","fields":{"statuscategorychangedate":"2025-04-30T18:23:59.793+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19630","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19630","key":"NTEST-2958","fields":{"statuscategorychangedate":"2025-05-24T12:31:07.362+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1833/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:23:59.521+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sxr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:23:59.596+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2958/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:07.058+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0108f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:07.141+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Jira Api Test 4|http://localhost:8080/finding/237]\n\n*Defect Dojo link:* http://localhost:8080/finding/237 (237)\n\n*Severity:* Low\n\n\n*Due Date:* - Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe @@ -2186,14 +2510,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira - Api Test 4","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1833/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18161/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Api Test 4","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2958/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19630/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 895877c0-07ae-46aa-aa18-80915f2a9e58 + - a5288ec0-da1c-4fa0-b79c-9a4b19a06878 Atl-Traceid: - - 895877c007ae46aaaa1880915f2a9e58 + - a5288ec0da1c4fa0b79c9a4b19a06878 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2203,7 +2527,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:00 GMT + - Sat, 24 May 2025 10:31:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2213,7 +2537,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="-wHFTXZLJtehiBOe0hvCciIYFvgAdnkibIUBoAufsZdH-mrSH6NlvA==",cdn-downstream-fbl;dur=350,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=67,cdn-upstream-fbl;dur=348,atl-edge;dur=258,atl-edge-internal;dur=19,atl-edge-upstream;dur=239,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=239,atl-edge;dur=232,atl-edge-internal;dur=16,atl-edge-upstream;dur=216,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ju6Kntn1CBrmRURPVAja0Y87DxXeMBpHucfxLLL9K1ivCNCD-BTIZw==",cdn-downstream-fbl;dur=243 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2223,15 +2547,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 40867fef594010a8d9ec2cb0a5cb2350.cloudfront.net (CloudFront) + - 1.1 e086ec27af2d3105a1a9fa7efa1be454.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - -wHFTXZLJtehiBOe0hvCciIYFvgAdnkibIUBoAufsZdH-mrSH6NlvA== + - ju6Kntn1CBrmRURPVAja0Y87DxXeMBpHucfxLLL9K1ivCNCD-BTIZw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - f236535d820c725346f063f8dc976e82 + - cf0ed2fff4cfe271ea17e77873dbad17 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2260,12 +2584,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:01.357+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:08.470+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 0fba323d-44cd-4c55-924e-f982158ec593 + - 1a201295-3dec-4850-aa0c-b30f793416f0 Atl-Traceid: - - 0fba323d44cd4c55924ef982158ec593 + - 1a2012953dec4850aa0cb30f793416f0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2275,7 +2599,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:01 GMT + - Sat, 24 May 2025 10:31:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2285,7 +2609,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=31,cdn-upstream-fbl;dur=271,atl-edge;dur=142,atl-edge-internal;dur=14,atl-edge-upstream;dur=128,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="EPe6Ngr_IcVwkC2JrGg5LYu66Gqaa9sGHrPihN3TYQYYmbHauxiqiw==",cdn-downstream-fbl;dur=275 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=146,atl-edge;dur=120,atl-edge-internal;dur=15,atl-edge-upstream;dur=106,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="doWTxdwQNseV0BG15nVHcy6eN92kbKMbnnZ3WtdNyFbFvk4-fk-gaA==",cdn-downstream-fbl;dur=150 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2295,15 +2619,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 de5b26aba33b480d2b740b96a34fe916.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - EPe6Ngr_IcVwkC2JrGg5LYu66Gqaa9sGHrPihN3TYQYYmbHauxiqiw== + - doWTxdwQNseV0BG15nVHcy6eN92kbKMbnnZ3WtdNyFbFvk4-fk-gaA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 0737a3435c4d762ddf22d94cefd7d8d3 + - cce75cd39e9fc01270b28fd4d0400ee7 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2329,17 +2653,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18161 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19630 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18161","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18161","key":"NTEST-1833","fields":{"statuscategorychangedate":"2025-04-30T18:23:59.793+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19630","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19630","key":"NTEST-2958","fields":{"statuscategorychangedate":"2025-05-24T12:31:07.362+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1833/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:23:59.521+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sxr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:23:59.596+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2958/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:07.058+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0108f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:07.141+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Jira Api Test 4|http://localhost:8080/finding/237]\n\n*Defect Dojo link:* http://localhost:8080/finding/237 (237)\n\n*Severity:* Low\n\n\n*Due Date:* - Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe @@ -2348,14 +2672,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira - Api Test 4","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1833/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18161/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Api Test 4","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2958/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19630/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 71416e4c-236d-405a-b320-5b0edd609c1b + - d29c9e31-9433-4bee-a3f4-010fca8e64bf Atl-Traceid: - - 71416e4c236d405ab3205b0edd609c1b + - d29c9e3194334beea3f4010fca8e64bf Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2365,7 +2689,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:01 GMT + - Sat, 24 May 2025 10:31:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2375,7 +2699,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=424,atl-edge;dur=391,atl-edge-internal;dur=14,atl-edge-upstream;dur=377,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="q2dXXmQv2AmxKhdx4iKK81Fk2QZngc29IIvpPRkGlVCkCjwlS-5cGg==",cdn-downstream-fbl;dur=427 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=216,atl-edge;dur=208,atl-edge-internal;dur=21,atl-edge-upstream;dur=188,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="gqAQI0oRU7-OnCEaNVexejZbZMokuL6pcwnlcH9VNa6WFFYWRM8biw==",cdn-downstream-fbl;dur=219 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2385,15 +2709,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a65725dd05dc27eea7ae75a2e122228e.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - q2dXXmQv2AmxKhdx4iKK81Fk2QZngc29IIvpPRkGlVCkCjwlS-5cGg== + - gqAQI0oRU7-OnCEaNVexejZbZMokuL6pcwnlcH9VNa6WFFYWRM8biw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 7b934bb098eac300f115e9a1c09b954a + - f97abc114724883cbde267b3cec889d7 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2431,9 +2755,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 7b42c8a7-330c-4161-a0c0-311cb7fd128e + - 321a77b0-0c62-4168-bbd7-fb7d0b22d5b0 Atl-Traceid: - - 7b42c8a7330c4161a0c0311cb7fd128e + - 321a77b00c624168bbd7fb7d0b22d5b0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2443,7 +2767,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:02 GMT + - Sat, 24 May 2025 10:31:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2453,7 +2777,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=324,atl-edge;dur=292,atl-edge-internal;dur=15,atl-edge-upstream;dur=277,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="6S78cYP_Oh_i9g3fmuFBg7znp1bgzupRVU-aTeXcFH_QSJLrPIou5w==",cdn-downstream-fbl;dur=328 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=299,atl-edge;dur=272,atl-edge-internal;dur=18,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="CGc3FsdqEKVeeX7CIgiFSbYcQYRpiWQaVT2hYo_fYi-gVLRachVD2g==",cdn-downstream-fbl;dur=302 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2463,18 +2787,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8139bc666c011a53bdc5037ba6d5931e.cloudfront.net (CloudFront) + - 1.1 e086ec27af2d3105a1a9fa7efa1be454.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 6S78cYP_Oh_i9g3fmuFBg7znp1bgzupRVU-aTeXcFH_QSJLrPIou5w== + - CGc3FsdqEKVeeX7CIgiFSbYcQYRpiWQaVT2hYo_fYi-gVLRachVD2g== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 6cdf9f4846b7a9beb2b9d1a3173f4634 + - ad9a39b3e70bd464cf8988e886581934 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2488,7 +2812,7 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Jira Api Test 4", "description": "\n\n\n\n\n\n*Title*: [Jira Api Test 4|http://localhost:8080/finding/237]\n\n*Defect Dojo link:* http://localhost:8080/finding/237 - (237)\n\n*Severity:* Low\n\n\n*Due Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + (237)\n\n*Severity:* Low\n\n\n*Due Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe @@ -2507,21 +2831,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1175' + - '1176' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18161 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19630 response: body: string: '' headers: Atl-Request-Id: - - 5f9a5a97-27fc-4a2e-b472-1d550c1f8645 + - 15b7cb39-172b-4bcb-910a-7398e7012e6e Atl-Traceid: - - 5f9a5a9727fc4a2eb4721d550c1f8645 + - 15b7cb39172b4bcb910a7398e7012e6e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2529,7 +2853,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:02 GMT + - Sat, 24 May 2025 10:31:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2539,7 +2863,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="U8QkVqqALc_h_dGN3EmEqkBP2CZ46hH_0mIv0hZqSGFx5mpWztQ2mQ==",cdn-downstream-fbl;dur=356,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=354,atl-edge;dur=265,atl-edge-internal;dur=15,atl-edge-upstream;dur=249,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=268,atl-edge;dur=260,atl-edge-internal;dur=14,atl-edge-upstream;dur=246,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="D71_V-DfbyjXhNqMNOynZtesncracpMJBZ96wJFUctOGU7tHIDMtsA==",cdn-downstream-fbl;dur=272 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2547,15 +2871,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3cab2977109e9e185607e6a3005951e0.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - U8QkVqqALc_h_dGN3EmEqkBP2CZ46hH_0mIv0hZqSGFx5mpWztQ2mQ== + - D71_V-DfbyjXhNqMNOynZtesncracpMJBZ96wJFUctOGU7tHIDMtsA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - cc3d07b225539de69c8dacc542c7a83b + - cf6f66961865a22f49f0f75e1b540ade X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2581,17 +2905,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18161 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19630 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18161","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18161","key":"NTEST-1833","fields":{"statuscategorychangedate":"2025-04-30T18:23:59.793+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19630","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19630","key":"NTEST-2958","fields":{"statuscategorychangedate":"2025-05-24T12:31:07.362+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1833/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:23:59.521+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sxr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:23:59.596+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2958/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:07.058+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0108f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:07.141+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Jira Api Test 4|http://localhost:8080/finding/237]\n\n*Defect Dojo link:* http://localhost:8080/finding/237 (237)\n\n*Severity:* Low\n\n\n*Due Date:* - Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe @@ -2600,14 +2924,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira - Api Test 4","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1833/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18161/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Api Test 4","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2958/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19630/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - d99c201b-c87d-4d0d-a998-cf9f00672dd0 + - 4d99021d-7118-486a-bda5-2ab696a784b3 Atl-Traceid: - - d99c201bc87d4d0da998cf9f00672dd0 + - 4d99021d7118486abda52ab696a784b3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2617,7 +2941,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:03 GMT + - Sat, 24 May 2025 10:31:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2627,7 +2951,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="BoxPam2QuLWQ8lrWN11ISIUIR0wIrRQYPMue9FSVjeraAiZCgcxFGw==",cdn-downstream-fbl;dur=356,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=61,cdn-upstream-fbl;dur=353,atl-edge;dur=270,atl-edge-internal;dur=16,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="vdmCGXbuwFSVjDyZJsc4EXKW5gDkQejQCFrPYERG-0aVHm7UXPy1pg==",cdn-downstream-fbl;dur=267,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=264,atl-edge;dur=234,atl-edge-internal;dur=16,atl-edge-upstream;dur=219,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2637,15 +2961,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 dd3ca66f64c2ab5745848b5787ca747a.cloudfront.net (CloudFront) + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - BoxPam2QuLWQ8lrWN11ISIUIR0wIrRQYPMue9FSVjeraAiZCgcxFGw== + - vdmCGXbuwFSVjDyZJsc4EXKW5gDkQejQCFrPYERG-0aVHm7UXPy1pg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 72c4ac5284c9e3b1e8082224ae260fa7 + - ed955a24e23f69dbf7c0fd521f862d3b X-Cache: - Miss from cloudfront X-Content-Type-Options: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_creation.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_creation.yaml index c9986f07d09..99d2284de0a 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_creation.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_creation.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:03.746+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:10.134+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - e11e785c-f165-4540-bb51-9b9ddc359f66 + - 98dc04aa-0116-4057-b16f-75fb730d3c2f Atl-Traceid: - - e11e785cf1654540bb519b9ddc359f66 + - 98dc04aa01164057b16f75fb730d3c2f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:03 GMT + - Sat, 24 May 2025 10:31:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="kr1IKPTBG0xRGbwPqF-6847GCYqFbeJ6LVV1ZqMhr-PspJjPP2u3Zg==",cdn-downstream-fbl;dur=239,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=236,atl-edge;dur=163,atl-edge-internal;dur=15,atl-edge-upstream;dur=148,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=140,atl-edge;dur=132,atl-edge-internal;dur=35,atl-edge-upstream;dur=97,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="YSk-VVb_8beD8ndJMqcrLh9mLNoQmOm2obdpmtooEc5M5fGRBjbzjA==",cdn-downstream-fbl;dur=143 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c4fd63432996b55c90ff4db02c11a616.cloudfront.net (CloudFront) + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - kr1IKPTBG0xRGbwPqF-6847GCYqFbeJ6LVV1ZqMhr-PspJjPP2u3Zg== + - YSk-VVb_8beD8ndJMqcrLh9mLNoQmOm2obdpmtooEc5M5fGRBjbzjA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - b36248e46c0245f1e0bcb01ea58caba2 + - 3f2145cb7a9a13cc4774d000437d9851 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -102,9 +102,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 7ab78b1b-7d54-48b0-9563-4bf5b37e406a + - dc148bc7-9eb8-4c26-a012-deabc83a858d Atl-Traceid: - - 7ab78b1b7d5448b095634bf5b37e406a + - dc148bc79eb84c26a012deabc83a858d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -114,7 +114,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:04 GMT + - Sat, 24 May 2025 10:31:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -124,7 +124,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=18,cdn-upstream-fbl;dur=362,atl-edge;dur=286,atl-edge-internal;dur=14,atl-edge-upstream;dur=272,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="uihz5jw3hmT-71OUjeIQXXn7rdlZ_QUEvOyU3P1LLgBRq2hhKci9kQ==",cdn-downstream-fbl;dur=366 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=248,atl-edge;dur=239,atl-edge-internal;dur=16,atl-edge-upstream;dur=223,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="jNoUceNVR_63IOi3ybfCR6ca98KP41CMq2X9qS6L5ytTQhHGucOAMA==",cdn-downstream-fbl;dur=252 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -134,18 +134,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 6bddabf0adf0131ec8169647c939d30c.cloudfront.net (CloudFront) + - 1.1 9835af751c15612a813bbc131d2ce1e6.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - uihz5jw3hmT-71OUjeIQXXn7rdlZ_QUEvOyU3P1LLgBRq2hhKci9kQ== + - jNoUceNVR_63IOi3ybfCR6ca98KP41CMq2X9qS6L5ytTQhHGucOAMA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 1a466f5899246695c245da5a8cbcd670 + - 887cc472b1cd3cfda9d76123d8b5c679 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -178,12 +178,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18163","key":"NTEST-1834","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18163"}' + string: '{"id":"19631","key":"NTEST-2959","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19631"}' headers: Atl-Request-Id: - - b3f988cb-8b86-4db1-a05e-636bfd43b9d6 + - 6ede93e7-d974-458d-ac76-8a203e30b45b Atl-Traceid: - - b3f988cb8b864db1a05e636bfd43b9d6 + - 6ede93e7d974458dac768a203e30b45b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -191,7 +191,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:05 GMT + - Sat, 24 May 2025 10:31:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -201,7 +201,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=882,atl-edge;dur=849,atl-edge-internal;dur=15,atl-edge-upstream;dur=835,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="OejwQZFXY8I2sdfXVd59ZpeumxUYTvDMpMRD1D3HEpaX_QJ2xnKyuQ==",cdn-downstream-fbl;dur=885 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=781,atl-edge;dur=774,atl-edge-internal;dur=17,atl-edge-upstream;dur=756,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="avx75WizDzS98q_OJBlaowhmeMYn2qhPRstbQnkh2HZi6R2XGlWJuw==",cdn-downstream-fbl;dur=785 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -211,15 +211,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 535c2b5354e6ba6798fd64420ee97a2c.cloudfront.net (CloudFront) + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - OejwQZFXY8I2sdfXVd59ZpeumxUYTvDMpMRD1D3HEpaX_QJ2xnKyuQ== + - avx75WizDzS98q_OJBlaowhmeMYn2qhPRstbQnkh2HZi6R2XGlWJuw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 7294b2e8f6e9b87fef81afbdd6d2a5bc + - 031fa6d92afcb503594054133a6345e8 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -245,26 +245,26 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1834 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2959 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18163","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18163","key":"NTEST-1834","fields":{"statuscategorychangedate":"2025-04-30T18:24:05.156+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10000","id":"10000","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19631","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19631","key":"NTEST-2959","fields":{"statuscategorychangedate":"2025-05-24T12:31:11.212+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10000","id":"10000","description":"A big user story that needs to be broken down. Created by Jira Software - do not edit or delete.","iconUrl":"https://defectdojo.atlassian.net/images/icons/issuetypes/epic.svg","name":"Epic","subtask":false,"hierarchyLevel":1},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"fixVersions":[],"customfield_10033":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1834/watchers","watchCount":1,"isWatching":true},"created":"2025-04-30T18:24:04.775+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"customfield_10023":null,"labels":[],"customfield_10026":null,"customfield_10016":null,"customfield_10017":"dark_teal","customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sxz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:04.919+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2959/watchers","watchCount":1,"isWatching":true},"created":"2025-05-24T12:31:10.857+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"customfield_10023":null,"labels":[],"customfield_10026":null,"customfield_10016":null,"customfield_10017":"blue","customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0108n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:10.950+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"weekly engagement","customfield_10010":null,"customfield_10055":null,"customfield_10011":"weekly engagement","customfield_10056":null,"customfield_10012":{"self":"https://defectdojo.atlassian.net/rest/api/2/customFieldOption/10016","value":"To - Do","id":"10016"},"customfield_10013":"ghx-label-5","customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10049":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"aggregatetimeestimate":null,"attachment":[],"customfield_10009":null,"summary":"weekly - engagement","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10048":null,"customfield_10004":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1834/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18163/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Do","id":"10016"},"customfield_10013":"ghx-label-10","customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10049":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"aggregatetimeestimate":null,"attachment":[],"customfield_10009":null,"summary":"weekly + engagement","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10048":null,"customfield_10004":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2959/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19631/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - bc345e84-9f04-474f-a8bb-ba1a1e2c9ce2 + - 8459d26d-3c2c-42ae-a838-022f8fc025b8 Atl-Traceid: - - bc345e849f04474fa8bbba1a1e2c9ce2 + - 8459d26d3c2c42aea838022f8fc025b8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -274,7 +274,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:05 GMT + - Sat, 24 May 2025 10:31:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -284,7 +284,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="AKledC5X5DQThSDgMJGUou96C3yEoSvGiKsiqx6z1U7bRo785Is7Hw==",cdn-downstream-fbl;dur=559,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=96,cdn-upstream-fbl;dur=556,atl-edge;dur=427,atl-edge-internal;dur=19,atl-edge-upstream;dur=408,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=239,atl-edge;dur=232,atl-edge-internal;dur=18,atl-edge-upstream;dur=214,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="EmC0oG-6ol9xNN_csebznMI3Avr3iWVIzwFaHkREpkGIh1zhi-cMVw==",cdn-downstream-fbl;dur=242 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -294,15 +294,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - AKledC5X5DQThSDgMJGUou96C3yEoSvGiKsiqx6z1U7bRo785Is7Hw== + - EmC0oG-6ol9xNN_csebznMI3Avr3iWVIzwFaHkREpkGIh1zhi-cMVw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 3b00967d3d5b23f46015be455c6ff525 + - 0df1bfb15204156c519b80d2c9d09c66 X-Cache: - Miss from cloudfront X-Content-Type-Options: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_disabled_create_epic_and_push_findings.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_disabled_create_epic_and_push_findings.yaml index d27fb7679b1..65bcd53e8ab 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_disabled_create_epic_and_push_findings.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_disabled_create_epic_and_push_findings.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:06.411+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:11.956+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - ca09616d-5d09-411b-8bc7-09a852efb6c2 + - 765f5031-f811-4f4d-9695-22fa6766a2be Atl-Traceid: - - ca09616d5d09411b8bc709a852efb6c2 + - 765f5031f8114f4d969522fa6766a2be Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:06 GMT + - Sat, 24 May 2025 10:31:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=211,atl-edge;dur=177,atl-edge-internal;dur=15,atl-edge-upstream;dur=163,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="KDK8ldWW1mSlc5LONYyZZQHG20PqXU58ax7roKtp3KBTBmaAHHGxew==",cdn-downstream-fbl;dur=216 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=123,atl-edge;dur=115,atl-edge-internal;dur=15,atl-edge-upstream;dur=101,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="2PIXEVrvytjMcVlYE3nllGs8ssWV5M_YABX9ejE94_vCd_F2WA2npA==",cdn-downstream-fbl;dur=126 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1918cab433d8a05c792c3cff85897f3c.cloudfront.net (CloudFront) + - 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - KDK8ldWW1mSlc5LONYyZZQHG20PqXU58ax7roKtp3KBTBmaAHHGxew== + - 2PIXEVrvytjMcVlYE3nllGs8ssWV5M_YABX9ejE94_vCd_F2WA2npA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 89e78cfb0c4e3913a5f66ec5ca70fce1 + - 866becb014f70fe7c399a3562dc24134 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 840eebe8-5b89-4e4c-8453-51703703f968 + - 02f4d07e-c8f5-495d-b587-1c116fbdd1fd Atl-Traceid: - - 840eebe85b894e4c845351703703f968 + - 02f4d07ec8f5495db5871c116fbdd1fd Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:06 GMT + - Sat, 24 May 2025 10:31:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=330,atl-edge;dur=297,atl-edge-internal;dur=15,atl-edge-upstream;dur=282,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="UKh63rflT8rK_5gCNCnEKJawgZqlWJchBxiSk3clUjRIk6u57aDAFw==",cdn-downstream-fbl;dur=335 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=258,atl-edge;dur=251,atl-edge-internal;dur=17,atl-edge-upstream;dur=233,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Z8c8mq0ZU3HS6iW54LfVhE-yEhD5E9wUM6zPgzFPOiGbbBLTadFeVg==",cdn-downstream-fbl;dur=262 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e9bcf307d6ed54e3e501e39bc538dcfc.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - UKh63rflT8rK_5gCNCnEKJawgZqlWJchBxiSk3clUjRIk6u57aDAFw== + - Z8c8mq0ZU3HS6iW54LfVhE-yEhD5E9wUM6zPgzFPOiGbbBLTadFeVg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 2c6ee454c39e7b1aa06327656ae63add + - a8c3e6c0e793ae47dce3b356ac5458e8 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -157,7 +157,7 @@ interactions: "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/238]\n\n*Defect Dojo link:* http://localhost:8080/finding/238 (238)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/91]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -177,7 +177,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1317' + - '1318' Content-Type: - application/json User-Agent: @@ -186,12 +186,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18165","key":"NTEST-1835","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18165"}' + string: '{"id":"19632","key":"NTEST-2960","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19632"}' headers: Atl-Request-Id: - - 16f6c288-90b8-4e64-b6cd-61c8e900598e + - 1a17936f-c77d-4ddc-a1cd-db7473dd54e6 Atl-Traceid: - - 16f6c28890b84e64b6cd61c8e900598e + - 1a17936fc77d4ddca1cddb7473dd54e6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -199,7 +199,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:07 GMT + - Sat, 24 May 2025 10:31:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -209,7 +209,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="SjwqmibxJIz-3kA3_x_shCN2ywIBrE3OV6NXI0zNpDW-NxfPqldfTQ==",cdn-downstream-fbl;dur=788,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=58,cdn-upstream-fbl;dur=786,atl-edge;dur=708,atl-edge-internal;dur=15,atl-edge-upstream;dur=693,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=722,atl-edge;dur=715,atl-edge-internal;dur=17,atl-edge-upstream;dur=698,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="axyhTPKlp6yyRcwldbOBecDp_oEEEFPhlhkGr5wI7j9FUCjIaZXn7Q==",cdn-downstream-fbl;dur=725 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -219,15 +219,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 82e46a17c2e4998f87de230e61a57612.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - SjwqmibxJIz-3kA3_x_shCN2ywIBrE3OV6NXI0zNpDW-NxfPqldfTQ== + - axyhTPKlp6yyRcwldbOBecDp_oEEEFPhlhkGr5wI7j9FUCjIaZXn7Q== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - aba75712d2f9efbfd74c1530043fb353 + - eb62b6bf70ef56efecb3d39b56545372 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -253,17 +253,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1835 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2960 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18165","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18165","key":"NTEST-1835","fields":{"statuscategorychangedate":"2025-04-30T18:24:07.850+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19632","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19632","key":"NTEST-2960","fields":{"statuscategorychangedate":"2025-05-24T12:31:13.004+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1835/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:07.543+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sy7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:07.631+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2960/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:12.651+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0108v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:12.767+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/238]\n\n*Defect Dojo link:* http://localhost:8080/finding/238 (238)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/91]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -273,14 +273,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1835/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18165/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2960/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19632/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - c0b9019d-bb77-444f-bfb8-674c14c4530c + - 3bcdffb8-314f-4299-a8c7-bc09642e99d0 Atl-Traceid: - - c0b9019dbb77444fbfb8674c14c4530c + - 3bcdffb8314f4299a8c7bc09642e99d0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -290,7 +290,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:08 GMT + - Sat, 24 May 2025 10:31:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -300,7 +300,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=323,atl-edge;dur=290,atl-edge-internal;dur=15,atl-edge-upstream;dur=275,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="oSsn3dghiMb68xLL86YZNtXxTwiSQ5zwpoRgHZGvTublZ476snjXYw==",cdn-downstream-fbl;dur=328 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=253,atl-edge;dur=244,atl-edge-internal;dur=17,atl-edge-upstream;dur=227,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="cx_FvxKAFBC34JfeP7AjTIWeB5jLQKoK75qFjv0oGR_CU7z-VHxadw==",cdn-downstream-fbl;dur=257 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -310,15 +310,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a183b6545fea485604515ba7931cb9b8.cloudfront.net (CloudFront) + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - oSsn3dghiMb68xLL86YZNtXxTwiSQ5zwpoRgHZGvTublZ476snjXYw== + - cx_FvxKAFBC34JfeP7AjTIWeB5jLQKoK75qFjv0oGR_CU7z-VHxadw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 316267bc5f6b89f950c28b56dcbb9df6 + - 74143ff83df7babb44c8398d7b2e17f4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -344,17 +344,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18165 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19632 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18165","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18165","key":"NTEST-1835","fields":{"statuscategorychangedate":"2025-04-30T18:24:07.850+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19632","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19632","key":"NTEST-2960","fields":{"statuscategorychangedate":"2025-05-24T12:31:13.004+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1835/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:07.543+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sy7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:07.631+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2960/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:12.651+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0108v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:12.767+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/238]\n\n*Defect Dojo link:* http://localhost:8080/finding/238 (238)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/91]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -364,14 +364,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1835/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18165/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2960/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19632/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 9ef9bf46-caaf-4981-9092-d16b608c52fd + - 40c91633-a367-46a6-a760-0a974fbb2203 Atl-Traceid: - - 9ef9bf46caaf49819092d16b608c52fd + - 40c91633a36746a6a7600a974fbb2203 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -381,7 +381,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:08 GMT + - Sat, 24 May 2025 10:31:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -391,7 +391,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=19,cdn-upstream-fbl;dur=401,atl-edge;dur=320,atl-edge-internal;dur=23,atl-edge-upstream;dur=297,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="MDtGnyzNdpoBPu65TWDfqnlowoKYSaumwawA7Z8HL6OaXKNMl22VLg==",cdn-downstream-fbl;dur=405 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=283,atl-edge;dur=275,atl-edge-internal;dur=19,atl-edge-upstream;dur=255,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Wwyz7gkvS4m637akLAWpXoiK4KAC05e_2Gmy_XknXNGL1h2NGjAQrg==",cdn-downstream-fbl;dur=287 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -401,15 +401,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 596b1ac54ac9ee415236dc72536ba33a.cloudfront.net (CloudFront) + - 1.1 5de5e66003332bec09dff893114ac06c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - MDtGnyzNdpoBPu65TWDfqnlowoKYSaumwawA7Z8HL6OaXKNMl22VLg== + - Wwyz7gkvS4m637akLAWpXoiK4KAC05e_2Gmy_XknXNGL1h2NGjAQrg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - dafa96e4d53ce51f35cee9aee8bb7a0e + - c1e257b5540e73b4416c361317dce147 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -438,12 +438,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:09.212+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:14.031+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 4735be7f-fb50-4b30-991b-506d111d230a + - f6ea1d64-88a9-43f1-aee9-4bd9b998a281 Atl-Traceid: - - 4735be7ffb504b30991b506d111d230a + - f6ea1d6488a943f1aee94bd9b998a281 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -453,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:09 GMT + - Sat, 24 May 2025 10:31:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -463,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="LScbeAN7QLWO5bjghDMCqqoSVJsFbSxyBxHO8yQzA2tL9eoRPnVCag==",cdn-downstream-fbl;dur=232,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=53,cdn-upstream-fbl;dur=229,atl-edge;dur=156,atl-edge-internal;dur=13,atl-edge-upstream;dur=143,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=135,atl-edge;dur=107,atl-edge-internal;dur=14,atl-edge-upstream;dur=93,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="U9VSaxjEDEpzb_T1cxiDluaCYtYDHIOVZvoA1s_OVYnsHh_jQnjEgQ==",cdn-downstream-fbl;dur=138 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -473,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b6805b08a4af317938604723e3f3424a.cloudfront.net (CloudFront) + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - LScbeAN7QLWO5bjghDMCqqoSVJsFbSxyBxHO8yQzA2tL9eoRPnVCag== + - U9VSaxjEDEpzb_T1cxiDluaCYtYDHIOVZvoA1s_OVYnsHh_jQnjEgQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 6d268e568a04dbd73dd2034c541c1492 + - 5e53a81ae940cba6d6f6074da2ae80d2 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -519,9 +519,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 7c92abbb-36ea-416f-bb55-54dc3d2b36d1 + - e90b460d-f338-42b6-80b1-4f03525166f0 Atl-Traceid: - - 7c92abbb36ea416fbb5554dc3d2b36d1 + - e90b460df33842b680b14f03525166f0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -531,7 +531,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:09 GMT + - Sat, 24 May 2025 10:31:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -541,7 +541,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=350,atl-edge;dur=318,atl-edge-internal;dur=14,atl-edge-upstream;dur=302,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="SjUDwPKka5NMXnewpOz46kwVu9MN3Ibvre9scKyKNssWzoDOKJRVHg==",cdn-downstream-fbl;dur=354 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Glpm0szutRObJdhItElZNi_cy1M8EIdXLZJK05N7BBHbfaig2pNfOw==",cdn-downstream-fbl;dur=311,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=309,atl-edge;dur=280,atl-edge-internal;dur=16,atl-edge-upstream;dur=265,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -551,18 +551,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 223f95455b0bb3057583bfe63e0d5c7a.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - SjUDwPKka5NMXnewpOz46kwVu9MN3Ibvre9scKyKNssWzoDOKJRVHg== + - Glpm0szutRObJdhItElZNi_cy1M8EIdXLZJK05N7BBHbfaig2pNfOw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c1262029397303e05c7cd92ba1e7c434 + - 3f1a5ecd59320e3194ee2dd3699bb76b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -577,7 +577,7 @@ interactions: "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/239]\n\n*Defect Dojo link:* http://localhost:8080/finding/239 (239)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/91]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -597,7 +597,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1317' + - '1318' Content-Type: - application/json User-Agent: @@ -606,12 +606,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18167","key":"NTEST-1836","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18167"}' + string: '{"id":"19633","key":"NTEST-2961","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19633"}' headers: Atl-Request-Id: - - f6640803-ba10-4e85-a062-8a84dece3712 + - 92cfe5e5-0734-450d-8468-b2afa282fd7f Atl-Traceid: - - f6640803ba104e85a0628a84dece3712 + - 92cfe5e50734450d8468b2afa282fd7f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -619,7 +619,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:10 GMT + - Sat, 24 May 2025 10:31:15 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -629,7 +629,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="M0ycRuQii18ZKjPtCb_-rAs7mzqgC9UF9wbspk5vVn1AwecoAmyEfw==",cdn-downstream-fbl;dur=829,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=60,cdn-upstream-fbl;dur=827,atl-edge;dur=747,atl-edge-internal;dur=17,atl-edge-upstream;dur=730,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=773,atl-edge;dur=746,atl-edge-internal;dur=16,atl-edge-upstream;dur=730,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="4t-LFPgVsZCUv_3dBpyp5Ld1WG2hy9-9yCxfD1qxoVrFJGLe-3nIVA==",cdn-downstream-fbl;dur=777 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -639,15 +639,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c8780798b589dc6b55523ca0a9bc3c02.cloudfront.net (CloudFront) + - 1.1 1a89beee9d72657437f5e91f57220804.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - M0ycRuQii18ZKjPtCb_-rAs7mzqgC9UF9wbspk5vVn1AwecoAmyEfw== + - 4t-LFPgVsZCUv_3dBpyp5Ld1WG2hy9-9yCxfD1qxoVrFJGLe-3nIVA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 1a30a68e9ac3778f8982c98b9083fe1c + - 85d577d47384f70ef4e385b627b7238e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -673,17 +673,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1836 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2961 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18167","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18167","key":"NTEST-1836","fields":{"statuscategorychangedate":"2025-04-30T18:24:10.506+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19633","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19633","key":"NTEST-2961","fields":{"statuscategorychangedate":"2025-05-24T12:31:15.179+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1836/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:10.174+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00syf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:10.268+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2961/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:14.834+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i01093:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:14.922+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/239]\n\n*Defect Dojo link:* http://localhost:8080/finding/239 (239)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/91]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -693,14 +693,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1836/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18167/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2961/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19633/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 86e4a95c-b0e2-4340-81ad-de546895363d + - 5be95e6e-a3d4-4681-9b6e-f6e0fd9cdb9a Atl-Traceid: - - 86e4a95cb0e2434081adde546895363d + - 5be95e6ea3d446819b6ef6e0fd9cdb9a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -710,7 +710,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:11 GMT + - Sat, 24 May 2025 10:31:15 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -720,7 +720,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="f_2DabVRKzxQFg0bEeMS5dcY1RwH2ZcPPkubVSrn4iAEVSnHFh5OPw==",cdn-downstream-fbl;dur=368,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=366,atl-edge;dur=278,atl-edge-internal;dur=14,atl-edge-upstream;dur=265,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=248,atl-edge;dur=240,atl-edge-internal;dur=14,atl-edge-upstream;dur=226,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Fn7jHC_AgyQ9EllVkDYN37rK4zq26EAYBKIpneDx2ExcXI2_I9KdFQ==",cdn-downstream-fbl;dur=251 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -730,15 +730,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0730d54c3f7ca2a2e0c1b4cda1ebc0aa.cloudfront.net (CloudFront) + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - f_2DabVRKzxQFg0bEeMS5dcY1RwH2ZcPPkubVSrn4iAEVSnHFh5OPw== + - Fn7jHC_AgyQ9EllVkDYN37rK4zq26EAYBKIpneDx2ExcXI2_I9KdFQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 605179318249af034eabf5bf5c7a0226 + - a7547cbd1415ca8123246d658cc00b74 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -764,17 +764,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18167 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19633 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18167","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18167","key":"NTEST-1836","fields":{"statuscategorychangedate":"2025-04-30T18:24:10.506+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19633","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19633","key":"NTEST-2961","fields":{"statuscategorychangedate":"2025-05-24T12:31:15.179+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1836/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:10.174+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00syf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:10.268+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2961/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:14.834+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i01093:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:14.922+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/239]\n\n*Defect Dojo link:* http://localhost:8080/finding/239 (239)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/91]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -784,14 +784,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1836/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18167/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2961/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19633/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - d09eb5b5-84e7-4576-b995-be6c89d28618 + - 397dbaca-5772-42ab-be3b-f26847d3a0f6 Atl-Traceid: - - d09eb5b584e74576b995be6c89d28618 + - 397dbaca577242abbe3bf26847d3a0f6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -801,7 +801,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:11 GMT + - Sat, 24 May 2025 10:31:15 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -811,7 +811,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=294,atl-edge;dur=261,atl-edge-internal;dur=14,atl-edge-upstream;dur=247,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="9190YbP9Hst6-5L5ZZs4N_cnssJO-p8J3lFs67INcMtKZ-Bxp_-Ssg==",cdn-downstream-fbl;dur=298 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=222,atl-edge;dur=215,atl-edge-internal;dur=17,atl-edge-upstream;dur=198,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ZPgTP0ZqJNWifqeqodl4I0UHW627bxpaJeVuKlaLJBhNpzsjx6jhnA==",cdn-downstream-fbl;dur=226 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -821,15 +821,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 223f95455b0bb3057583bfe63e0d5c7a.cloudfront.net (CloudFront) + - 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 9190YbP9Hst6-5L5ZZs4N_cnssJO-p8J3lFs67INcMtKZ-Bxp_-Ssg== + - ZPgTP0ZqJNWifqeqodl4I0UHW627bxpaJeVuKlaLJBhNpzsjx6jhnA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 957c91d105e2aeea2c5b209dccd718f4 + - 942b64fb882d3dd40d6d6687e1212b9c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -863,7 +863,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -877,9 +877,9 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"828\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:34156\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:57314\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: weekly engagement: ZAP Scan\\\", \\\"user\\\": null, \\\"url_ui\\\": @@ -915,7 +915,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:24:11 GMT + - Sat, 24 May 2025 10:31:15 GMT Transfer-Encoding: - chunked status: @@ -952,7 +952,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -966,9 +966,9 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1300\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:34164\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:57316\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: weekly engagement: ZAP Scan\\\", \\\"user\\\": @@ -1019,7 +1019,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:24:11 GMT + - Sat, 24 May 2025 10:31:15 GMT Transfer-Encoding: - chunked status: @@ -1044,12 +1044,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:11.817+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:16.149+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - c976bb35-5e09-4b44-a0fe-3d18864a1a25 + - 60451e74-7359-4f4a-9608-1d29b6afd758 Atl-Traceid: - - c976bb355e094b44a0fe3d18864a1a25 + - 60451e7473594f4a96081d29b6afd758 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1059,7 +1059,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:11 GMT + - Sat, 24 May 2025 10:31:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1069,7 +1069,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=206,atl-edge;dur=173,atl-edge-internal;dur=14,atl-edge-upstream;dur=159,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="MMw3melzr9famCvpBrWPXy0pqO2jQq7pyBtOVqCVRnpVeJvrtRswJA==",cdn-downstream-fbl;dur=210 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=118,atl-edge;dur=110,atl-edge-internal;dur=16,atl-edge-upstream;dur=94,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="b80L0aOty6Tmpy7t6jZT3JByQjabJlS3OoZMue9aVcLsTcHdbA6_Yw==",cdn-downstream-fbl;dur=121 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1079,15 +1079,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8139bc666c011a53bdc5037ba6d5931e.cloudfront.net (CloudFront) + - 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - MMw3melzr9famCvpBrWPXy0pqO2jQq7pyBtOVqCVRnpVeJvrtRswJA== + - b80L0aOty6Tmpy7t6jZT3JByQjabJlS3OoZMue9aVcLsTcHdbA6_Yw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 8629b8ad729f98dfd2ebbe11109c29eb + - 82c788596d52673d0f667dbf8f0847a4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1116,12 +1116,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:12.130+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:16.341+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 2a9de0e1-f066-41f9-adac-e6c0f6243e9e + - 7ea457de-a4e3-485b-a2ac-0dc353220399 Atl-Traceid: - - 2a9de0e1f06641f9adace6c0f6243e9e + - 7ea457dea4e3485ba2ac0dc353220399 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1131,7 +1131,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:12 GMT + - Sat, 24 May 2025 10:31:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1141,7 +1141,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=214,atl-edge;dur=181,atl-edge-internal;dur=23,atl-edge-upstream;dur=158,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="kZgSC-T9A5xFNwvidPnOlNtEAbBzpiBmsOw_wHtf78WD8F2PGzjDYA==",cdn-downstream-fbl;dur=218 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=115,atl-edge;dur=108,atl-edge-internal;dur=12,atl-edge-upstream;dur=96,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Iy643U658rSpaV_zsp2t1B0ul0Sgy2MFzfZnxsfp7a1SK39TjMJ_MA==",cdn-downstream-fbl;dur=119 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1151,15 +1151,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1918cab433d8a05c792c3cff85897f3c.cloudfront.net (CloudFront) + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - kZgSC-T9A5xFNwvidPnOlNtEAbBzpiBmsOw_wHtf78WD8F2PGzjDYA== + - Iy643U658rSpaV_zsp2t1B0ul0Sgy2MFzfZnxsfp7a1SK39TjMJ_MA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 9bf4805d4cb5912610d0ae822648ed42 + - b983d450b230ee2178da90d7fdda7357 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1304,9 +1304,9 @@ interactions: date\",\"custom\":false,\"orderable\":true,\"navigable\":true,\"searchable\":true,\"clauseNames\":[\"due\",\"duedate\"],\"schema\":{\"type\":\"date\",\"system\":\"duedate\"}},{\"id\":\"comment\",\"key\":\"comment\",\"name\":\"Comment\",\"custom\":false,\"orderable\":true,\"navigable\":false,\"searchable\":true,\"clauseNames\":[\"comment\"],\"schema\":{\"type\":\"comments-page\",\"system\":\"comment\"}}]" headers: Atl-Request-Id: - - c62a04e0-38c9-410f-b84f-1bfae91aafb9 + - d3792df9-4f13-4cc1-b086-71d5a01a6d5c Atl-Traceid: - - c62a04e038c9410fb84f1bfae91aafb9 + - d3792df94f134cc1b08671d5a01a6d5c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1316,7 +1316,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:12 GMT + - Sat, 24 May 2025 10:31:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1326,7 +1326,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=262,atl-edge;dur=228,atl-edge-internal;dur=17,atl-edge-upstream;dur=211,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="fOovOn_58A7fHJO3uJeyDzgMy85RMMjFSNbMrgMvaw4PIyH0VcgGYw==",cdn-downstream-fbl;dur=266 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=194,atl-edge;dur=187,atl-edge-internal;dur=18,atl-edge-upstream;dur=169,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="By_cTtky4o5OzWu2aWE3pOZ9CB9okCp38ya5hP7m3y0ZxgMGJbvL8Q==",cdn-downstream-fbl;dur=198 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1336,15 +1336,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4bbf91f2f9edc22eb68408b6405ae452.cloudfront.net (CloudFront) + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - fOovOn_58A7fHJO3uJeyDzgMy85RMMjFSNbMrgMvaw4PIyH0VcgGYw== + - By_cTtky4o5OzWu2aWE3pOZ9CB9okCp38ya5hP7m3y0ZxgMGJbvL8Q== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 76b5b48abbeea911f398d4ba18bad51e + - 0438b1f6a59691ce4c0478b988b6c7cd X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1370,17 +1370,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-1835 + uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-2960 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18165","self":"https://defectdojo.atlassian.net/rest/api/latest/issue/18165","key":"NTEST-1835","fields":{"statuscategorychangedate":"2025-04-30T18:24:07.850+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19632","self":"https://defectdojo.atlassian.net/rest/api/latest/issue/19632","key":"NTEST-2960","fields":{"statuscategorychangedate":"2025-05-24T12:31:13.004+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1835/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:07.543+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sy7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:07.631+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2960/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:12.651+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0108v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:12.767+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/238]\n\n*Defect Dojo link:* http://localhost:8080/finding/238 (238)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/91]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -1390,14 +1390,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1835/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18165/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2960/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19632/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - cd494b77-ad53-4807-9a26-d7adb7d44781 + - a780fb3f-b580-4ef1-b225-26bb115e3a82 Atl-Traceid: - - cd494b77ad5348079a26d7adb7d44781 + - a780fb3fb5804ef1b22526bb115e3a82 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1407,7 +1407,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:12 GMT + - Sat, 24 May 2025 10:31:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1417,7 +1417,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="3uzqS2AkqqENqUP-EH6V9oAsluk8kbgz5xtsnqyHkLR00wTtkGyyaA==",cdn-downstream-fbl;dur=371,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=58,cdn-upstream-fbl;dur=368,atl-edge;dur=290,atl-edge-internal;dur=16,atl-edge-upstream;dur=273,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=234,atl-edge;dur=226,atl-edge-internal;dur=17,atl-edge-upstream;dur=210,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="5hxrR3ubShYCTmIkW6t8oTr-m4xmeKrDrTnA2MG-uaSPOby6E_E4Eg==",cdn-downstream-fbl;dur=238 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1427,15 +1427,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 82e46a17c2e4998f87de230e61a57612.cloudfront.net (CloudFront) + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 3uzqS2AkqqENqUP-EH6V9oAsluk8kbgz5xtsnqyHkLR00wTtkGyyaA== + - 5hxrR3ubShYCTmIkW6t8oTr-m4xmeKrDrTnA2MG-uaSPOby6E_E4Eg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 6748f53a296dc41829a794fe108f8a41 + - 80401cdec0b789e9f1357ff502908bfd X-Cache: - Miss from cloudfront X-Content-Type-Options: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_disabled_no_epic_and_push_findings.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_disabled_no_epic_and_push_findings.yaml index a982fd2a1da..660e5555a66 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_disabled_no_epic_and_push_findings.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_disabled_no_epic_and_push_findings.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:13.415+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:17.186+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - f4e327b8-e272-422e-8a41-ece40a57c89e + - ff504587-1949-4e67-b21b-b27bc6a8eaf6 Atl-Traceid: - - f4e327b8e272422e8a41ece40a57c89e + - ff50458719494e67b21bb27bc6a8eaf6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:13 GMT + - Sat, 24 May 2025 10:31:17 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="He_iGTjUdclFE3SmB1oQ8zIq06wZ82vCD5c1JbGcHal4wq7acnPZPA==",cdn-downstream-fbl;dur=229,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=227,atl-edge;dur=144,atl-edge-internal;dur=15,atl-edge-upstream;dur=129,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=122,atl-edge;dur=114,atl-edge-internal;dur=15,atl-edge-upstream;dur=100,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="tNOWsY671Rxk-44PvQjwGjmqQ6iMYOSOyAqJtDhwaj-opnLiGEj6RQ==",cdn-downstream-fbl;dur=126 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 dd3ca66f64c2ab5745848b5787ca747a.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - He_iGTjUdclFE3SmB1oQ8zIq06wZ82vCD5c1JbGcHal4wq7acnPZPA== + - tNOWsY671Rxk-44PvQjwGjmqQ6iMYOSOyAqJtDhwaj-opnLiGEj6RQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - cbe88b42a0dac451fa64bac06e0c9dfc + - d1295b0e5e6ad2c9e5ec3ee3bf341c0e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 321d18aa-a2a2-44e5-9df7-3a13845b77d1 + - a8ed2102-da27-4088-9e58-471dd24cfad4 Atl-Traceid: - - 321d18aaa2a244e59df73a13845b77d1 + - a8ed2102da2740889e58471dd24cfad4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:13 GMT + - Sat, 24 May 2025 10:31:17 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=315,atl-edge;dur=283,atl-edge-internal;dur=17,atl-edge-upstream;dur=262,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="1L1e4kBoGaFSrwTq25EXW2kP4GwkLYJywHEfyfS-yvMt0L-aXJw2dg==",cdn-downstream-fbl;dur=319 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="7ZgHNKpd1IlaD3pTv3WE-4o0zZdq18U_eukErSKR1DtCagYL_vuKZQ==",cdn-downstream-fbl;dur=304,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=23,cdn-upstream-fbl;dur=301,atl-edge;dur=270,atl-edge-internal;dur=15,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5ea7f8bcbac3004590a821cdd0466e1c.cloudfront.net (CloudFront) + - 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 1L1e4kBoGaFSrwTq25EXW2kP4GwkLYJywHEfyfS-yvMt0L-aXJw2dg== + - 7ZgHNKpd1IlaD3pTv3WE-4o0zZdq18U_eukErSKR1DtCagYL_vuKZQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c0103a7218b4731a7a0ebdb0b1faca2d + - 06e6df38f7addc9f20afe6e3957615b8 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -157,7 +157,7 @@ interactions: "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* http://localhost:8080/finding/240 (240)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -177,7 +177,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1317' + - '1318' Content-Type: - application/json User-Agent: @@ -186,12 +186,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18169","key":"NTEST-1837","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18169"}' + string: '{"id":"19634","key":"NTEST-2962","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19634"}' headers: Atl-Request-Id: - - a0f1dc9b-e0ff-442f-ad91-c95560edeb57 + - 8f9aec20-de11-4bc5-802f-49510b41ddd3 Atl-Traceid: - - a0f1dc9be0ff442fad91c95560edeb57 + - 8f9aec20de114bc5802f49510b41ddd3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -199,7 +199,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:14 GMT + - Sat, 24 May 2025 10:31:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -209,7 +209,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=694,atl-edge;dur=662,atl-edge-internal;dur=15,atl-edge-upstream;dur=648,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="9ydMySbMpaaSC-qFu-UnpgLm7mgUjmj9iJ4_sVwgDKMfZJd3Z8PpKA==",cdn-downstream-fbl;dur=699 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=689,atl-edge;dur=668,atl-edge-internal;dur=17,atl-edge-upstream;dur=651,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="1B46bFrOiSuX9skAIVGt4qr3e35hSFodf96LwqY76IWTPTnH4RKzRQ==",cdn-downstream-fbl;dur=692 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -219,15 +219,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a78d8f4a6ccd81221651cd6112d5330a.cloudfront.net (CloudFront) + - 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 9ydMySbMpaaSC-qFu-UnpgLm7mgUjmj9iJ4_sVwgDKMfZJd3Z8PpKA== + - 1B46bFrOiSuX9skAIVGt4qr3e35hSFodf96LwqY76IWTPTnH4RKzRQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 14a3468de87e75a47437baa9aab39812 + - fc15737b97d58c9a1bf0ff227ed62394 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -253,17 +253,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1837 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2962 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18169","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18169","key":"NTEST-1837","fields":{"statuscategorychangedate":"2025-04-30T18:24:14.691+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19634","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19634","key":"NTEST-2962","fields":{"statuscategorychangedate":"2025-05-24T12:31:18.264+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1837/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:14.432+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00syn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:14.506+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2962/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:17.947+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0109b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:18.018+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* http://localhost:8080/finding/240 (240)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -273,14 +273,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1837/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18169/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2962/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19634/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 9823d323-f5f5-4ee9-9f0f-e428feec8f7d + - aeec5f7f-903a-47ee-9059-02145f218222 Atl-Traceid: - - 9823d323f5f54ee99f0fe428feec8f7d + - aeec5f7f903a47ee905902145f218222 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -290,7 +290,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:15 GMT + - Sat, 24 May 2025 10:31:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -300,7 +300,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="WJ7P4vFUpfnx42II245GfH_Gfs2bdZwvxba33teL2qOSRqXuMrlr2g==",cdn-downstream-fbl;dur=500,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=497,atl-edge;dur=411,atl-edge-internal;dur=23,atl-edge-upstream;dur=389,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="kwIT8GS-sU66vMMG0LFzvaKMkc1BIiEkCX_dfjaWqvRGbA6Jelm06Q==",cdn-downstream-fbl;dur=259,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=257,atl-edge;dur=228,atl-edge-internal;dur=17,atl-edge-upstream;dur=212,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -310,15 +310,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 72fcd81c14e3eb0facf41fedad65e9e4.cloudfront.net (CloudFront) + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - WJ7P4vFUpfnx42II245GfH_Gfs2bdZwvxba33teL2qOSRqXuMrlr2g== + - kwIT8GS-sU66vMMG0LFzvaKMkc1BIiEkCX_dfjaWqvRGbA6Jelm06Q== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 3650df92ead64242cfe1d04368faead5 + - e4874de39b0b63e0ec77f719f65beaca X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -344,17 +344,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18169 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19634 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18169","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18169","key":"NTEST-1837","fields":{"statuscategorychangedate":"2025-04-30T18:24:14.691+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19634","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19634","key":"NTEST-2962","fields":{"statuscategorychangedate":"2025-05-24T12:31:18.264+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1837/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:14.432+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00syn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:14.506+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2962/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:17.947+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0109b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:18.018+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* http://localhost:8080/finding/240 (240)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -364,14 +364,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1837/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18169/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2962/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19634/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 82a63f21-bab6-46a7-86a5-7ac054360dc1 + - fe1f12e1-0131-465a-91d8-d4716f39ec17 Atl-Traceid: - - 82a63f21bab646a786a57ac054360dc1 + - fe1f12e10131465a91d8d4716f39ec17 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -381,7 +381,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:15 GMT + - Sat, 24 May 2025 10:31:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -391,7 +391,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=284,atl-edge;dur=251,atl-edge-internal;dur=16,atl-edge-upstream;dur=236,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="H8s8_LTbVd3TwK53G2InIXACt9vw2pMT4AWlZB2euffeqiAAI4DcSA==",cdn-downstream-fbl;dur=289 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=236,atl-edge;dur=229,atl-edge-internal;dur=16,atl-edge-upstream;dur=213,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="BfjW1T8fw1F1QbdEKRewvQm3bk52hh2tfdr4LJyE-LGzfvKm3JFDpw==",cdn-downstream-fbl;dur=239 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -401,15 +401,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 aa3674a12327640af71c59263be8ffc6.cloudfront.net (CloudFront) + - 1.1 5de5e66003332bec09dff893114ac06c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - H8s8_LTbVd3TwK53G2InIXACt9vw2pMT4AWlZB2euffeqiAAI4DcSA== + - BfjW1T8fw1F1QbdEKRewvQm3bk52hh2tfdr4LJyE-LGzfvKm3JFDpw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 6ff862883a27cfefb47ce94e6e479caf + - 54670fa98502c93bf0621c06129700c1 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -438,12 +438,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:16.187+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:19.194+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - d615212c-5917-48c3-ae1f-80a59e316334 + - 6d5ece8d-7571-4504-a90f-c40338d72490 Atl-Traceid: - - d615212c591748c3ae1f80a59e316334 + - 6d5ece8d75714504a90fc40338d72490 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -453,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:16 GMT + - Sat, 24 May 2025 10:31:19 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -463,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="wS7ztRuoaGBKDQ2j_sbvurS7vTMxIFp2VytYTrkv0uwoReXe4m98Pw==",cdn-downstream-fbl;dur=267,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=265,atl-edge;dur=181,atl-edge-internal;dur=14,atl-edge-upstream;dur=167,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=117,atl-edge;dur=110,atl-edge-internal;dur=14,atl-edge-upstream;dur=96,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="7Xco7WehCKgFr-Mj3Y69q3mLnt7hDsugyIpS6C474EgV5KoyV9YvZg==",cdn-downstream-fbl;dur=120 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -473,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a63f854fb49823d899d920c07df1bcae.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - wS7ztRuoaGBKDQ2j_sbvurS7vTMxIFp2VytYTrkv0uwoReXe4m98Pw== + - 7Xco7WehCKgFr-Mj3Y69q3mLnt7hDsugyIpS6C474EgV5KoyV9YvZg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 23105cf5d7e7ba7a7c037e2584b208ee + - d02043acac55766764833bbab7a2324b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -519,9 +519,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 45d763fd-6c70-4229-bcdb-e85ad48e052c + - 6768c29e-20ac-417c-ad2e-048808950db9 Atl-Traceid: - - 45d763fd6c704229bcdbe85ad48e052c + - 6768c29e20ac417cad2e048808950db9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -531,7 +531,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:16 GMT + - Sat, 24 May 2025 10:31:19 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -541,7 +541,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=345,atl-edge;dur=313,atl-edge-internal;dur=16,atl-edge-upstream;dur=297,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="A0DicNCmNB4ZdDVHSY_eOeR4YmsKLJyT6VMY8aBAfJb_bc0B3HhX-w==",cdn-downstream-fbl;dur=350 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=255,atl-edge;dur=246,atl-edge-internal;dur=17,atl-edge-upstream;dur=230,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="J9GbQqK1PenwEbBLczx3HgUbCSoEJfhxuJdVj8v1Xz29UhQiZApopg==",cdn-downstream-fbl;dur=259 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -551,18 +551,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8139bc666c011a53bdc5037ba6d5931e.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - A0DicNCmNB4ZdDVHSY_eOeR4YmsKLJyT6VMY8aBAfJb_bc0B3HhX-w== + - J9GbQqK1PenwEbBLczx3HgUbCSoEJfhxuJdVj8v1Xz29UhQiZApopg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 5b0c5bc507e487652c5b4a5d5a6ffe55 + - 9c2675d501cdcd3e95c7968013355734 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -577,7 +577,7 @@ interactions: "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/241]\n\n*Defect Dojo link:* http://localhost:8080/finding/241 (241)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -597,7 +597,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1317' + - '1318' Content-Type: - application/json User-Agent: @@ -606,12 +606,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18171","key":"NTEST-1838","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18171"}' + string: '{"id":"19635","key":"NTEST-2963","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19635"}' headers: Atl-Request-Id: - - 2aeb4061-1051-477c-9b86-9862212d4258 + - 27985429-46fe-42e2-8702-8aabf5d1437c Atl-Traceid: - - 2aeb40611051477c9b869862212d4258 + - 2798542946fe42e287028aabf5d1437c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -619,7 +619,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:17 GMT + - Sat, 24 May 2025 10:31:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -629,7 +629,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=754,atl-edge;dur=720,atl-edge-internal;dur=18,atl-edge-upstream;dur=703,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="pIXLWCesH_0v8SwlTp0f1-wFTvEVMHlJM3lY0qBNpAfqDdUllE-qPA==",cdn-downstream-fbl;dur=760 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=679,atl-edge;dur=671,atl-edge-internal;dur=15,atl-edge-upstream;dur=655,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Y3sTIOqovI0VQ2Ku-9PjQeZHy4uF0j1iWj4xvdXKQK5kDzIEQ38exg==",cdn-downstream-fbl;dur=682 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -639,15 +639,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9fe7d47ea2a815113a41181f1d63f69e.cloudfront.net (CloudFront) + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - pIXLWCesH_0v8SwlTp0f1-wFTvEVMHlJM3lY0qBNpAfqDdUllE-qPA== + - Y3sTIOqovI0VQ2Ku-9PjQeZHy4uF0j1iWj4xvdXKQK5kDzIEQ38exg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - a288cf829760816ff9024b2374a71644 + - 272b4ef5c601a004c1989c2e331fdbe6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -673,17 +673,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1838 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2963 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18171","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18171","key":"NTEST-1838","fields":{"statuscategorychangedate":"2025-04-30T18:24:17.405+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19635","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19635","key":"NTEST-2963","fields":{"statuscategorychangedate":"2025-05-24T12:31:20.173+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1838/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:17.100+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00syv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:17.197+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2963/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:19.876+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0109j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:19.945+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/241]\n\n*Defect Dojo link:* http://localhost:8080/finding/241 (241)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -693,14 +693,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1838/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18171/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2963/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19635/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 1db88122-4396-40df-af76-2a4da1b6fcce + - 4be4e667-0551-424d-9fb1-914b8aff2bcf Atl-Traceid: - - 1db88122439640dfaf762a4da1b6fcce + - 4be4e6670551424d9fb1914b8aff2bcf Cache-Control: - no-cache, no-store, no-transform Connection: @@ -710,7 +710,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:17 GMT + - Sat, 24 May 2025 10:31:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -720,7 +720,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=362,atl-edge;dur=274,atl-edge-internal;dur=17,atl-edge-upstream;dur=257,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="SBnTfAI3Ffryaw97TRknPi9RwFRjJWf_uSi_FaKpQeOmtTMLNAg_-A==",cdn-downstream-fbl;dur=365 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=216,atl-edge;dur=209,atl-edge-internal;dur=16,atl-edge-upstream;dur=193,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="j-ONH3J0NPVdCmDFpGTG3zzMOZdYzfirTtnonL8rIBbyHFGhBoe1XQ==",cdn-downstream-fbl;dur=221 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -730,15 +730,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0835ebd52ef8594cd8aa4dac9cfbd9a8.cloudfront.net (CloudFront) + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - SBnTfAI3Ffryaw97TRknPi9RwFRjJWf_uSi_FaKpQeOmtTMLNAg_-A== + - j-ONH3J0NPVdCmDFpGTG3zzMOZdYzfirTtnonL8rIBbyHFGhBoe1XQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - e54c94e2a16f7e12cdb79e3c237768c8 + - 32f48692b288d20cc6ae1d43f275ea73 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -764,17 +764,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18171 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19635 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18171","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18171","key":"NTEST-1838","fields":{"statuscategorychangedate":"2025-04-30T18:24:17.405+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19635","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19635","key":"NTEST-2963","fields":{"statuscategorychangedate":"2025-05-24T12:31:20.173+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1838/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:17.100+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00syv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:17.197+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2963/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:19.876+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0109j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:19.945+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/241]\n\n*Defect Dojo link:* http://localhost:8080/finding/241 (241)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -784,14 +784,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1838/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18171/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2963/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19635/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - ca67633e-9ad3-4637-93de-cfddefea1471 + - 59387681-ae92-4eb5-a7e7-63ab68b2b047 Atl-Traceid: - - ca67633e9ad3463793decfddefea1471 + - 59387681ae924eb5a7e763ab68b2b047 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -801,7 +801,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:18 GMT + - Sat, 24 May 2025 10:31:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -811,7 +811,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="PLrw7tgO4XIY5Ch-u4655UGns_qkGl01gGQ4EeUxvU94znjCVf3Nmg==",cdn-downstream-fbl;dur=386,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=61,cdn-upstream-fbl;dur=383,atl-edge;dur=300,atl-edge-internal;dur=15,atl-edge-upstream;dur=285,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=212,atl-edge;dur=184,atl-edge-internal;dur=15,atl-edge-upstream;dur=169,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="5eEsd1fSuNFMFogWfLk3emglYwc3s-jGt4NMi2T9wJv8D2mbDsStKw==",cdn-downstream-fbl;dur=215 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -821,15 +821,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 82e46a17c2e4998f87de230e61a57612.cloudfront.net (CloudFront) + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - PLrw7tgO4XIY5Ch-u4655UGns_qkGl01gGQ4EeUxvU94znjCVf3Nmg== + - 5eEsd1fSuNFMFogWfLk3emglYwc3s-jGt4NMi2T9wJv8D2mbDsStKw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 1dc3dca94cd8671ba26362fb4c6dfd45 + - 30961efabbebbcae69c91f0a5513f782 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -863,7 +863,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -877,9 +877,9 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"828\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:44580\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:57328\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: weekly engagement: ZAP Scan\\\", \\\"user\\\": null, \\\"url_ui\\\": @@ -915,7 +915,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:24:18 GMT + - Sat, 24 May 2025 10:31:20 GMT Transfer-Encoding: - chunked status: @@ -952,7 +952,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -966,9 +966,9 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1300\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:44588\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:57332\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: weekly engagement: ZAP Scan\\\", \\\"user\\\": @@ -1019,7 +1019,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:24:18 GMT + - Sat, 24 May 2025 10:31:20 GMT Transfer-Encoding: - chunked status: @@ -1044,12 +1044,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:19.114+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:21.124+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 08a34387-e1e1-413c-ad52-6ff90dbae894 + - 4f7bb4ea-6962-412a-95a2-f88c8bc0ac6c Atl-Traceid: - - 08a34387e1e1413cad526ff90dbae894 + - 4f7bb4ea6962412a95a2f88c8bc0ac6c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1059,7 +1059,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:19 GMT + - Sat, 24 May 2025 10:31:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1069,7 +1069,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="IkIcZfoqtC20ByNuuPuvhxOdMC7RQDSze7DoC8DX-AVX80a5RRWJHw==",cdn-downstream-fbl;dur=441,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=66,cdn-upstream-fbl;dur=439,atl-edge;dur=351,atl-edge-internal;dur=15,atl-edge-upstream;dur=336,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=123,atl-edge;dur=115,atl-edge-internal;dur=15,atl-edge-upstream;dur=101,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="QzVGR8zLGIhK4EgQhvQIlYRQmneAoG9Rm8stnTNHMRQMrK4bjdit4Q==",cdn-downstream-fbl;dur=127 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1079,15 +1079,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3cab2977109e9e185607e6a3005951e0.cloudfront.net (CloudFront) + - 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - IkIcZfoqtC20ByNuuPuvhxOdMC7RQDSze7DoC8DX-AVX80a5RRWJHw== + - QzVGR8zLGIhK4EgQhvQIlYRQmneAoG9Rm8stnTNHMRQMrK4bjdit4Q== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 748abac7e6adefd4babe5f9dde52d411 + - ebb34ae1436f208b83f464c73147359b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1116,12 +1116,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:19.487+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:21.339+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - b6f20024-9924-484a-98b0-61894ebbbdee + - 134bb96e-f33f-4180-a71a-db85d7870cca Atl-Traceid: - - b6f200249924484a98b061894ebbbdee + - 134bb96ef33f4180a71adb85d7870cca Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1131,7 +1131,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:19 GMT + - Sat, 24 May 2025 10:31:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1141,7 +1141,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="f3lmmgdodjRDRK5DnsrJyfcdPwepfjmGtEJrpn1lyxE4DsIz4GbYig==",cdn-downstream-fbl;dur=258,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=72,cdn-upstream-fbl;dur=256,atl-edge;dur=159,atl-edge-internal;dur=15,atl-edge-upstream;dur=143,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ahZ5Dor7CFm6v7bTzE1DseKL2E2su2E_o6v7SEBMp5PCLy9ezNZntg==",cdn-downstream-fbl;dur=137,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=134,atl-edge;dur=105,atl-edge-internal;dur=15,atl-edge-upstream;dur=91,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1151,15 +1151,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 05df0d22c8cc3d4b946b6f2dc43d6b9c.cloudfront.net (CloudFront) + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - f3lmmgdodjRDRK5DnsrJyfcdPwepfjmGtEJrpn1lyxE4DsIz4GbYig== + - ahZ5Dor7CFm6v7bTzE1DseKL2E2su2E_o6v7SEBMp5PCLy9ezNZntg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - ebb86984e7bdb28dfc606326b2ea5e45 + - 881e9f20fc0134e0b9de7781996723b6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1304,9 +1304,9 @@ interactions: date\",\"custom\":false,\"orderable\":true,\"navigable\":true,\"searchable\":true,\"clauseNames\":[\"due\",\"duedate\"],\"schema\":{\"type\":\"date\",\"system\":\"duedate\"}},{\"id\":\"comment\",\"key\":\"comment\",\"name\":\"Comment\",\"custom\":false,\"orderable\":true,\"navigable\":false,\"searchable\":true,\"clauseNames\":[\"comment\"],\"schema\":{\"type\":\"comments-page\",\"system\":\"comment\"}}]" headers: Atl-Request-Id: - - b1ad90d9-c96b-41ad-a5a3-b6a29031338b + - 58e60c82-bc78-4354-88ea-a427a1022660 Atl-Traceid: - - b1ad90d9c96b41ada5a3b6a29031338b + - 58e60c82bc78435488eaa427a1022660 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1316,7 +1316,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:19 GMT + - Sat, 24 May 2025 10:31:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1326,7 +1326,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=288,atl-edge;dur=254,atl-edge-internal;dur=16,atl-edge-upstream;dur=239,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="jcLUzSJJcH2lr4rI_RAjoh7N5WBJCqvAR-pS1fKOGVbtjdrZtZvkyA==",cdn-downstream-fbl;dur=292 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=7,cdn-upstream-fbl;dur=245,atl-edge;dur=216,atl-edge-internal;dur=15,atl-edge-upstream;dur=201,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="cT0z2hxdiQCpN6tR4FuC_qUaSmAvpHchYuP2BAG85PEmJCmQojhgvw==",cdn-downstream-fbl;dur=248 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1336,15 +1336,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 1a89beee9d72657437f5e91f57220804.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - jcLUzSJJcH2lr4rI_RAjoh7N5WBJCqvAR-pS1fKOGVbtjdrZtZvkyA== + - cT0z2hxdiQCpN6tR4FuC_qUaSmAvpHchYuP2BAG85PEmJCmQojhgvw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - b85f9b0fb6d13d09aaf12cebba07fbe9 + - bcf07842521df73e5e330a0ab5d06326 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1370,17 +1370,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-1837 + uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-2962 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18169","self":"https://defectdojo.atlassian.net/rest/api/latest/issue/18169","key":"NTEST-1837","fields":{"statuscategorychangedate":"2025-04-30T18:24:14.691+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19634","self":"https://defectdojo.atlassian.net/rest/api/latest/issue/19634","key":"NTEST-2962","fields":{"statuscategorychangedate":"2025-05-24T12:31:18.264+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1837/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:14.432+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00syn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:14.506+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2962/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:17.947+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0109b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:18.018+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* http://localhost:8080/finding/240 (240)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -1390,14 +1390,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1837/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18169/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2962/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19634/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 9945b432-ca55-43df-a1d5-b7f96990c088 + - 19a1384d-5891-438c-bc5b-f4c425c41053 Atl-Traceid: - - 9945b432ca5543dfa1d5b7f96990c088 + - 19a1384d5891438cbc5bf4c425c41053 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1407,7 +1407,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:20 GMT + - Sat, 24 May 2025 10:31:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1417,7 +1417,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=356,atl-edge;dur=270,atl-edge-internal;dur=16,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="tR9q07J3-NFstnx8WIkmCjB5u9t9eWorAIE7VTxh2U6imF2a3iZDNw==",cdn-downstream-fbl;dur=360 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=232,atl-edge;dur=224,atl-edge-internal;dur=19,atl-edge-upstream;dur=205,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="31uwN65G76F-IOLYjsnt-chvoKwUERVFJ6nOHZ5QiM51vLWjeJiX-Q==",cdn-downstream-fbl;dur=236 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1427,15 +1427,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 124fcc45b0cac625cd0077abe70a7c60.cloudfront.net (CloudFront) + - 1.1 0e12b175c31e0e750266df78bf0e1068.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - tR9q07J3-NFstnx8WIkmCjB5u9t9eWorAIE7VTxh2U6imF2a3iZDNw== + - 31uwN65G76F-IOLYjsnt-chvoKwUERVFJ6nOHZ5QiM51vLWjeJiX-Q== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 90564deaf14b017f27106e8d44307237 + - 2a6a423b5b5b7b37ecfc74b95454bc2e X-Cache: - Miss from cloudfront X-Content-Type-Options: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_enabled_create_epic_and_push_findings.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_enabled_create_epic_and_push_findings.yaml index 4ac7d622977..b756882a0a4 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_enabled_create_epic_and_push_findings.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_enabled_create_epic_and_push_findings.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:20.812+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:22.177+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - fb9d84f8-7fcc-47a0-b2a8-f2f7396e55e5 + - 76c8d620-8f3c-4fd4-8f28-8a58f34f35b3 Atl-Traceid: - - fb9d84f87fcc47a0b2a8f2f7396e55e5 + - 76c8d6208f3c4fd48f288a58f34f35b3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:20 GMT + - Sat, 24 May 2025 10:31:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="yyzQRfvG1YUIFJoAlc1gSgVoGoH_xV8hAi8kHuFCzrjMJCKPMyvp7w==",cdn-downstream-fbl;dur=239,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=56,cdn-upstream-fbl;dur=236,atl-edge;dur=160,atl-edge-internal;dur=14,atl-edge-upstream;dur=146,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=119,atl-edge;dur=111,atl-edge-internal;dur=16,atl-edge-upstream;dur=95,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="y8ObZ7tgKZB7aU2oC3w47suisoqNZf1RnBgz36_JFFxX8Dd-ZvQEWA==",cdn-downstream-fbl;dur=123 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 6bddabf0adf0131ec8169647c939d30c.cloudfront.net (CloudFront) + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - yyzQRfvG1YUIFJoAlc1gSgVoGoH_xV8hAi8kHuFCzrjMJCKPMyvp7w== + - y8ObZ7tgKZB7aU2oC3w47suisoqNZf1RnBgz36_JFFxX8Dd-ZvQEWA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 55682b18813025571db780c514ab7fce + - c1f356a197a9893dfa07d433b1804c0b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -102,9 +102,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - ebee5922-17a6-4f23-8a3a-cd163ae56d4b + - 8044b88b-22dd-4c92-98eb-162fa21906f1 Atl-Traceid: - - ebee592217a64f238a3acd163ae56d4b + - 8044b88b22dd4c9298eb162fa21906f1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -114,7 +114,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:21 GMT + - Sat, 24 May 2025 10:31:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -124,7 +124,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="OHJeWAoLBhuwMDeZammSQ2vZAx64GEeSyHS9bVma74Ex3WSWcu5xpA==",cdn-downstream-fbl;dur=391,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=57,cdn-upstream-fbl;dur=369,atl-edge;dur=293,atl-edge-internal;dur=17,atl-edge-upstream;dur=275,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=276,atl-edge;dur=269,atl-edge-internal;dur=18,atl-edge-upstream;dur=251,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="azjW3CBF88bcVsxyGQ34PdSnFUg8q6JYOMIN2szDaeARZG7hbH8Y-w==",cdn-downstream-fbl;dur=282 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -134,18 +134,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ed78483d37e5338746e5a4b545e5818e.cloudfront.net (CloudFront) + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - OHJeWAoLBhuwMDeZammSQ2vZAx64GEeSyHS9bVma74Ex3WSWcu5xpA== + - azjW3CBF88bcVsxyGQ34PdSnFUg8q6JYOMIN2szDaeARZG7hbH8Y-w== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 90d02fc5520cdc1fd545d54bdaf82924 + - 6b1e4d94f3c420f63c0b29e78b625028 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -178,12 +178,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18173","key":"NTEST-1839","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18173"}' + string: '{"id":"19636","key":"NTEST-2964","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19636"}' headers: Atl-Request-Id: - - e43a62ad-ef63-4348-b97b-d973f459f771 + - 96fcd80e-2710-4931-abc0-f9d9dacbeed3 Atl-Traceid: - - e43a62adef634348b97bd973f459f771 + - 96fcd80e27104931abc0f9d9dacbeed3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -191,7 +191,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:22 GMT + - Sat, 24 May 2025 10:31:23 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -201,7 +201,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=771,atl-edge;dur=738,atl-edge-internal;dur=17,atl-edge-upstream;dur=722,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="cy1eDE6dESIcmSm6h1QfSkfTm2LYlkAtBY0eGaYTjeKVecwzThdhDg==",cdn-downstream-fbl;dur=775 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=672,atl-edge;dur=665,atl-edge-internal;dur=16,atl-edge-upstream;dur=649,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="MOBEHcb8kNBtkgnXJQt5LVq8TbqaE_7LddfI1xtLKMqUC1reNIq7Qg==",cdn-downstream-fbl;dur=675 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -211,15 +211,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 848ee9f48eafd6caa6bf5371a2f79f28.cloudfront.net (CloudFront) + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - cy1eDE6dESIcmSm6h1QfSkfTm2LYlkAtBY0eGaYTjeKVecwzThdhDg== + - MOBEHcb8kNBtkgnXJQt5LVq8TbqaE_7LddfI1xtLKMqUC1reNIq7Qg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 659a8fce2b32c5858f581c0c0ffb7028 + - 894a990bc95043b4a8917beb2a83233b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -245,26 +245,26 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1839 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2964 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18173","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18173","key":"NTEST-1839","fields":{"statuscategorychangedate":"2025-04-30T18:24:22.230+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10000","id":"10000","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19636","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19636","key":"NTEST-2964","fields":{"statuscategorychangedate":"2025-05-24T12:31:23.211+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10000","id":"10000","description":"A big user story that needs to be broken down. Created by Jira Software - do not edit or delete.","iconUrl":"https://defectdojo.atlassian.net/images/icons/issuetypes/epic.svg","name":"Epic","subtask":false,"hierarchyLevel":1},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"fixVersions":[],"customfield_10033":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1839/watchers","watchCount":1,"isWatching":true},"created":"2025-04-30T18:24:21.906+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"customfield_10023":null,"labels":[],"customfield_10026":null,"customfield_10016":null,"customfield_10017":"grey","customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00sz3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:22.031+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2964/watchers","watchCount":1,"isWatching":true},"created":"2025-05-24T12:31:22.913+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"customfield_10023":null,"labels":[],"customfield_10026":null,"customfield_10016":null,"customfield_10017":"dark_purple","customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0109r:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:22.986+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"weekly engagement","customfield_10010":null,"customfield_10055":null,"customfield_10011":"weekly engagement","customfield_10056":null,"customfield_10012":{"self":"https://defectdojo.atlassian.net/rest/api/2/customFieldOption/10016","value":"To - Do","id":"10016"},"customfield_10013":"ghx-label-12","customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10049":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"aggregatetimeestimate":null,"attachment":[],"customfield_10009":null,"summary":"weekly - engagement","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10048":null,"customfield_10004":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1839/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18173/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Do","id":"10016"},"customfield_10013":"ghx-label-8","customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10049":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"aggregatetimeestimate":null,"attachment":[],"customfield_10009":null,"summary":"weekly + engagement","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10048":null,"customfield_10004":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2964/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19636/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - bf834164-e6e6-436b-9ce7-a70d0e1a7450 + - 9bea86c5-34c5-4700-bcbb-fd32ee46d82d Atl-Traceid: - - bf834164e6e6436b9ce7a70d0e1a7450 + - 9bea86c534c54700bcbbfd32ee46d82d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -274,7 +274,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:22 GMT + - Sat, 24 May 2025 10:31:23 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -284,7 +284,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=31,cdn-upstream-fbl;dur=389,atl-edge;dur=262,atl-edge-internal;dur=15,atl-edge-upstream;dur=247,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="hhKmRUcMXPoxVEV4bBOJ7LNj6ZAKYnBYol1TkWQhRzShUlVgvwOOuw==",cdn-downstream-fbl;dur=394 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=266,atl-edge;dur=247,atl-edge-internal;dur=18,atl-edge-upstream;dur=229,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="c-MpdAngw6jlm4mUDleoaQsBKOhdZz59CLGszYXi94RMBmxBrkUogA==",cdn-downstream-fbl;dur=270 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -294,15 +294,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 800cba2437ee092ab9e4755c65d34a72.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - hhKmRUcMXPoxVEV4bBOJ7LNj6ZAKYnBYol1TkWQhRzShUlVgvwOOuw== + - c-MpdAngw6jlm4mUDleoaQsBKOhdZz59CLGszYXi94RMBmxBrkUogA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 03f8f438152b04671c169298b7eb14d2 + - 4b2c96e3aed923d6e92b0d7a0d32f10f X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -331,12 +331,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:23.133+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:23.886+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 5334420d-caee-46cb-af6c-5783ead6bf6f + - 8bc40229-b7fa-44e4-a98a-5933a6de8f07 Atl-Traceid: - - 5334420dcaee46cbaf6c5783ead6bf6f + - 8bc40229b7fa44e4a98a5933a6de8f07 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -346,7 +346,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:23 GMT + - Sat, 24 May 2025 10:31:23 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -356,7 +356,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=196,atl-edge;dur=164,atl-edge-internal;dur=19,atl-edge-upstream;dur=146,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="FFvO2BfIzaI5-hCH9Q4OaizVufkPbSp-NnVhQkwakptjQI43oUei2A==",cdn-downstream-fbl;dur=200 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=109,atl-edge;dur=101,atl-edge-internal;dur=16,atl-edge-upstream;dur=85,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="vJX9YOXYEZMD1IJpDHSw1L7abIQEdvFfHAP72Tf2NUQJieTWszC4Vw==",cdn-downstream-fbl;dur=114 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -366,15 +366,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 edb5724c2fa0963fde9c6c5089b747ce.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - FFvO2BfIzaI5-hCH9Q4OaizVufkPbSp-NnVhQkwakptjQI43oUei2A== + - vJX9YOXYEZMD1IJpDHSw1L7abIQEdvFfHAP72Tf2NUQJieTWszC4Vw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - e5e253fa1b704676a5fbf3ed758a7b9d + - de5b583ac51bd56f557f706f08e581be X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -412,9 +412,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 181a198d-fc88-4276-b1a5-68c577ecf5eb + - 965243e6-0813-4b85-bf1a-ab1654386623 Atl-Traceid: - - 181a198dfc884276b1a568c577ecf5eb + - 965243e608134b85bf1aab1654386623 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -424,7 +424,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:23 GMT + - Sat, 24 May 2025 10:31:24 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -434,7 +434,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=395,atl-edge;dur=310,atl-edge-internal;dur=18,atl-edge-upstream;dur=292,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="GX5_CczcRMu-KgCDD4L5l4FEn-iET7n46WNKcbbWO378ID4HbuqNFA==",cdn-downstream-fbl;dur=399 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=284,atl-edge;dur=255,atl-edge-internal;dur=20,atl-edge-upstream;dur=235,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="MsjaIXVv5mCgGvztxIwvh4no0NS0R1fMNSjx2k5qfnpHghdiPb-X8A==",cdn-downstream-fbl;dur=288 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -444,18 +444,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 57f0537bdb26692a5be92bbbe93e4ea2.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - GX5_CczcRMu-KgCDD4L5l4FEn-iET7n46WNKcbbWO378ID4HbuqNFA== + - MsjaIXVv5mCgGvztxIwvh4no0NS0R1fMNSjx2k5qfnpHghdiPb-X8A== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 42c77c88b3faf78eb9ebfca7d24c11cc + - 9c3a0c330e67fb2cd33a1fd2c2f6332b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -470,7 +470,7 @@ interactions: "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/242]\n\n*Defect Dojo link:* http://localhost:8080/finding/242 (242)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/93]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -490,7 +490,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1317' + - '1318' Content-Type: - application/json User-Agent: @@ -499,12 +499,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18175","key":"NTEST-1840","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18175"}' + string: '{"id":"19637","key":"NTEST-2965","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19637"}' headers: Atl-Request-Id: - - 6d1c437f-b4b2-432f-a6d7-1365b28dcec4 + - 864a9b7e-2df2-4dfe-80ef-e7197b0e92e0 Atl-Traceid: - - 6d1c437fb4b2432fa6d71365b28dcec4 + - 864a9b7e2df24dfe80efe7197b0e92e0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -512,7 +512,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:24 GMT + - Sat, 24 May 2025 10:31:24 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -522,7 +522,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="VuShks7FXZ3lWDjyBTPYbjnzStskAcqt_zlbQlBz4i3jqCP5JX-ENQ==",cdn-downstream-fbl;dur=886,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=883,atl-edge;dur=796,atl-edge-internal;dur=47,atl-edge-upstream;dur=749,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=631,atl-edge;dur=623,atl-edge-internal;dur=14,atl-edge-upstream;dur=609,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="uZBvIxF7iWDqoTMhpJFYZQcuIFU-Kgwoo0uQYg9MdN4Gd5wP0kod7A==",cdn-downstream-fbl;dur=635 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -532,15 +532,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f6567fa2210130239a3a2c737c9517ac.cloudfront.net (CloudFront) + - 1.1 9835af751c15612a813bbc131d2ce1e6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - VuShks7FXZ3lWDjyBTPYbjnzStskAcqt_zlbQlBz4i3jqCP5JX-ENQ== + - uZBvIxF7iWDqoTMhpJFYZQcuIFU-Kgwoo0uQYg9MdN4Gd5wP0kod7A== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 07cec8f0c91a0cc3c78798763f2ca939 + - 8990591459e589967e4c43bfca3b60d0 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -566,17 +566,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1840 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2965 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18175","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18175","key":"NTEST-1840","fields":{"statuscategorychangedate":"2025-04-30T18:24:24.572+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19637","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19637","key":"NTEST-2965","fields":{"statuscategorychangedate":"2025-05-24T12:31:24.895+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1840/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:24.264+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00szb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:24.369+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2965/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:24.619+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0109z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:24.689+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/242]\n\n*Defect Dojo link:* http://localhost:8080/finding/242 (242)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/93]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -586,14 +586,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1840/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18175/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2965/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19637/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 8028a642-1162-47f2-b5b6-7ea7ac887516 + - 7390aca6-4009-4152-b273-57b4ef56ce27 Atl-Traceid: - - 8028a642116247f2b5b67ea7ac887516 + - 7390aca640094152b27357b4ef56ce27 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -603,7 +603,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:25 GMT + - Sat, 24 May 2025 10:31:25 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -613,7 +613,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=343,atl-edge;dur=261,atl-edge-internal;dur=16,atl-edge-upstream;dur=245,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="BAF8i7sEHRFnMlaaEOL7U8FMP4KLRzPO-7ymqzfNjGPgS8BFV2O1mg==",cdn-downstream-fbl;dur=347 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=244,atl-edge;dur=236,atl-edge-internal;dur=16,atl-edge-upstream;dur=220,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="j6RUmPJjjWy3TOLogJA8MT3hR4oSZ9G-eEIvRj-5GwoNsdaUox3yXw==",cdn-downstream-fbl;dur=247 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -623,15 +623,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2bdfafaaaec33c116889588ecd9de280.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - BAF8i7sEHRFnMlaaEOL7U8FMP4KLRzPO-7ymqzfNjGPgS8BFV2O1mg== + - j6RUmPJjjWy3TOLogJA8MT3hR4oSZ9G-eEIvRj-5GwoNsdaUox3yXw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - e45067186e2515b7e4d253d152228711 + - 596152a89519fdd35b3a85f73d2d7806 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -657,17 +657,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18175 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19637 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18175","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18175","key":"NTEST-1840","fields":{"statuscategorychangedate":"2025-04-30T18:24:24.572+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19637","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19637","key":"NTEST-2965","fields":{"statuscategorychangedate":"2025-05-24T12:31:24.895+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1840/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:24.264+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00szb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:24.369+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2965/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:24.619+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0109z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:24.689+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/242]\n\n*Defect Dojo link:* http://localhost:8080/finding/242 (242)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/93]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -677,14 +677,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1840/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18175/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2965/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19637/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - bcf59cd6-aeaa-4968-b62b-eec3decbe4e7 + - e82bea0e-d00e-4cba-a7ba-5cf38c6c92e5 Atl-Traceid: - - bcf59cd6aeaa4968b62beec3decbe4e7 + - e82bea0ed00e4cbaa7ba5cf38c6c92e5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -694,7 +694,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:25 GMT + - Sat, 24 May 2025 10:31:25 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -704,7 +704,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="h9ovZ_dgBz0RTixcgLbVINKl4QAg0_Hu3sswm82J3_hmULlVoBSzRQ==",cdn-downstream-fbl;dur=330,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=61,cdn-upstream-fbl;dur=327,atl-edge;dur=243,atl-edge-internal;dur=17,atl-edge-upstream;dur=227,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=237,atl-edge;dur=229,atl-edge-internal;dur=15,atl-edge-upstream;dur=214,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="UGDmU_LKpWrHztatajIpOhSlh6i072BtZhmmLEMcS5I674_vM1NhLw==",cdn-downstream-fbl;dur=241 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -714,15 +714,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b1383a69c949c8987c982636bd26b4f2.cloudfront.net (CloudFront) + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - h9ovZ_dgBz0RTixcgLbVINKl4QAg0_Hu3sswm82J3_hmULlVoBSzRQ== + - UGDmU_LKpWrHztatajIpOhSlh6i072BtZhmmLEMcS5I674_vM1NhLw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 398d5988d15e26858991ea16f73ddddd + - 3a841df99289e098656fe733ae738ed5 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -733,7 +733,7 @@ interactions: code: 200 message: OK - request: - body: '{"issues": ["18175"]}' + body: '{"issues": ["19637"]}' headers: Accept: - application/json,*/*;q=0.9 @@ -750,15 +750,15 @@ interactions: User-Agent: - python-requests/2.32.3 method: POST - uri: https://defectdojo.atlassian.net/rest/agile/1.0/epic/18173/issue + uri: https://defectdojo.atlassian.net/rest/agile/1.0/epic/19636/issue response: body: string: '' headers: Atl-Request-Id: - - 51755e0b-aaa4-4a77-8a94-8fec20bc5c40 + - 8d882479-8c95-4653-9a65-38b91a5f7ffd Atl-Traceid: - - 51755e0baaa44a778a948fec20bc5c40 + - 8d8824798c9546539a6538b91a5f7ffd Cache-Control: - no-cache, no-store, no-transform Connection: @@ -766,7 +766,7 @@ interactions: Content-Type: - text/html;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:26 GMT + - Sat, 24 May 2025 10:31:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -776,7 +776,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="yUm08xc-DSCjKhOYW0xwkM3p4CFPGu3sK2RIzcDfti5IJYWbNa0YFA==",cdn-downstream-fbl;dur=559,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=55,cdn-upstream-fbl;dur=557,atl-edge;dur=481,atl-edge-internal;dur=16,atl-edge-upstream;dur=466,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=518,atl-edge;dur=489,atl-edge-internal;dur=17,atl-edge-upstream;dur=474,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="d4VqlE_4VNPEctIDmjJTgq7QbVPO--cxSvOQTHF7kluHT3yXHiLg4A==",cdn-downstream-fbl;dur=523 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -784,15 +784,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 087e16218fcf1ccb7472a2c9f6a4cbe2.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - yUm08xc-DSCjKhOYW0xwkM3p4CFPGu3sK2RIzcDfti5IJYWbNa0YFA== + - d4VqlE_4VNPEctIDmjJTgq7QbVPO--cxSvOQTHF7kluHT3yXHiLg4A== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 2b660ecc0576b31f20e735a5eb21d679 + - 018fff38b8eb7be767ebd3ae427e1bdb X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -821,12 +821,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:26.653+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:26.474+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 86b0ada6-4bae-4182-a934-8ffa6c933b77 + - 2f807db5-09bb-4b6a-9442-fe67ae95ca88 Atl-Traceid: - - 86b0ada64bae4182a9348ffa6c933b77 + - 2f807db509bb4b6a9442fe67ae95ca88 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -836,7 +836,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:26 GMT + - Sat, 24 May 2025 10:31:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -846,7 +846,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="DDJ_i95FgG_REM4FvOzgzvY6c5TZkyddikx-TC64VDjN8W-G7hsd5A==",cdn-downstream-fbl;dur=226,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=57,cdn-upstream-fbl;dur=223,atl-edge;dur=145,atl-edge-internal;dur=15,atl-edge-upstream;dur=131,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=132,atl-edge;dur=104,atl-edge-internal;dur=15,atl-edge-upstream;dur=90,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="iHS8vjsHRTKER_Ps0bmSaTUuLcncYE7xwoW1-qxt4nkULaXtNFXaCg==",cdn-downstream-fbl;dur=136 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -856,15 +856,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 471c951325b4c2c11c6c583a1d28e92a.cloudfront.net (CloudFront) + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - DDJ_i95FgG_REM4FvOzgzvY6c5TZkyddikx-TC64VDjN8W-G7hsd5A== + - iHS8vjsHRTKER_Ps0bmSaTUuLcncYE7xwoW1-qxt4nkULaXtNFXaCg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 3e2d7d62a2b6edd873157d27846019f5 + - 63f86dcb501d068eb9615d665d0729af X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -902,9 +902,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - af975a6d-fa5b-4fb9-8c75-ff50f78ab4b6 + - 088b971f-9919-4cb4-aeac-4fd0fc1bbf6f Atl-Traceid: - - af975a6dfa5b4fb98c75ff50f78ab4b6 + - 088b971f99194cb4aeac4fd0fc1bbf6f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -914,7 +914,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:27 GMT + - Sat, 24 May 2025 10:31:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -924,7 +924,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=335,atl-edge;dur=303,atl-edge-internal;dur=17,atl-edge-upstream;dur=285,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="lVRNXvjF5mmrqMAkN7wUHFSXPVMRDyJGaUfWOqH_3CgntPUvBNPjbw==",cdn-downstream-fbl;dur=339 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=293,atl-edge;dur=286,atl-edge-internal;dur=16,atl-edge-upstream;dur=270,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="AKzaXkvhQwfPenEWBj8me_xfB6GdYlcM-ml8bf4O_KN4vSjKF3CVww==",cdn-downstream-fbl;dur=297 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -934,18 +934,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 771067dca4682f83a6c9963c412d66cc.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - lVRNXvjF5mmrqMAkN7wUHFSXPVMRDyJGaUfWOqH_3CgntPUvBNPjbw== + - AKzaXkvhQwfPenEWBj8me_xfB6GdYlcM-ml8bf4O_KN4vSjKF3CVww== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 98a8c783a5a6907be2a7b9038b546aed + - 1b8adef3745841888570943faf87ae86 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -960,7 +960,7 @@ interactions: "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/243]\n\n*Defect Dojo link:* http://localhost:8080/finding/243 (243)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/93]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -980,7 +980,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1317' + - '1318' Content-Type: - application/json User-Agent: @@ -989,12 +989,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18177","key":"NTEST-1841","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18177"}' + string: '{"id":"19638","key":"NTEST-2966","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19638"}' headers: Atl-Request-Id: - - d5e4719b-f89d-4a43-874b-633a1cf15015 + - fe6b6658-25f4-4ee7-940c-14b3409186eb Atl-Traceid: - - d5e4719bf89d4a43874b633a1cf15015 + - fe6b665825f44ee7940c14b3409186eb Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1002,7 +1002,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:27 GMT + - Sat, 24 May 2025 10:31:27 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1012,7 +1012,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="A3jzDAVujahCROGSWXr83UGejnh0ixHpejJzsCEXFz3BI2wxgh8ciQ==",cdn-downstream-fbl;dur=795,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=95,cdn-upstream-fbl;dur=793,atl-edge;dur=665,atl-edge-internal;dur=15,atl-edge-upstream;dur=650,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=713,atl-edge;dur=706,atl-edge-internal;dur=17,atl-edge-upstream;dur=689,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="QOzLtThmrR1v1T2o7C1o15t6Ylc-HyoRR3RbN3DIcJcC_VCFybyO1A==",cdn-downstream-fbl;dur=716 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1022,15 +1022,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 edb5724c2fa0963fde9c6c5089b747ce.cloudfront.net (CloudFront) + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - A3jzDAVujahCROGSWXr83UGejnh0ixHpejJzsCEXFz3BI2wxgh8ciQ== + - QOzLtThmrR1v1T2o7C1o15t6Ylc-HyoRR3RbN3DIcJcC_VCFybyO1A== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 52f8e2bd1432d244620481d4c776e84e + - 7db021c113499c450c25dd19e4637693 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1056,17 +1056,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1841 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2966 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18177","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18177","key":"NTEST-1841","fields":{"statuscategorychangedate":"2025-04-30T18:24:27.900+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19638","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19638","key":"NTEST-2966","fields":{"statuscategorychangedate":"2025-05-24T12:31:27.580+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1841/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:27.607+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00szj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:27.693+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2966/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:27.251+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010a7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:27.336+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/243]\n\n*Defect Dojo link:* http://localhost:8080/finding/243 (243)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/93]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -1076,14 +1076,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1841/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18177/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2966/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19638/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 17d724ea-fc67-4132-ada5-c7481d5b2808 + - 61f1e6cd-8b98-49a7-ab95-98e181bdaddb Atl-Traceid: - - 17d724eafc674132ada5c7481d5b2808 + - 61f1e6cd8b9849a7ab9598e181bdaddb Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1093,7 +1093,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:28 GMT + - Sat, 24 May 2025 10:31:27 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1103,7 +1103,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=322,atl-edge;dur=289,atl-edge-internal;dur=18,atl-edge-upstream;dur=271,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="JeLpKEdBNF7wRraM9HSj-H8FemLZ-6WOGl8r3Rr4oQHZA3GYW337Bw==",cdn-downstream-fbl;dur=326 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=228,atl-edge;dur=220,atl-edge-internal;dur=17,atl-edge-upstream;dur=204,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="kk2hGda94OwwuxhRrg8nwtEKmhRdA3zb49sED7mTCU_KUpP_YZvhPQ==",cdn-downstream-fbl;dur=232 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1113,15 +1113,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 60b2b330807c6611e06e3923c8e315cc.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - JeLpKEdBNF7wRraM9HSj-H8FemLZ-6WOGl8r3Rr4oQHZA3GYW337Bw== + - kk2hGda94OwwuxhRrg8nwtEKmhRdA3zb49sED7mTCU_KUpP_YZvhPQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - eb0833743e7d9ebe88f64862319a7103 + - bd4bc3c3a6c9dc4db62a7e381d966083 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1147,17 +1147,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18177 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19638 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18177","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18177","key":"NTEST-1841","fields":{"statuscategorychangedate":"2025-04-30T18:24:27.900+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19638","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19638","key":"NTEST-2966","fields":{"statuscategorychangedate":"2025-05-24T12:31:27.580+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1841/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:27.607+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00szj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:27.693+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2966/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:27.251+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010a7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:27.336+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/243]\n\n*Defect Dojo link:* http://localhost:8080/finding/243 (243)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/93]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -1167,14 +1167,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1841/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18177/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2966/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19638/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 072d6799-cc4c-4d67-957f-3e861e16f690 + - aaf872f9-a5b8-4c9b-a1c4-063f13b95765 Atl-Traceid: - - 072d6799cc4c4d67957f3e861e16f690 + - aaf872f9a5b84c9ba1c4063f13b95765 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1184,7 +1184,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:28 GMT + - Sat, 24 May 2025 10:31:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1194,7 +1194,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="_q5OOeXVKn81MIgV3h4cp4BGSgKAa6BNBh9YNAG-lJZI0JYYOO4agg==",cdn-downstream-fbl;dur=344,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=58,cdn-upstream-fbl;dur=341,atl-edge;dur=262,atl-edge-internal;dur=16,atl-edge-upstream;dur=245,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=231,atl-edge;dur=223,atl-edge-internal;dur=16,atl-edge-upstream;dur=207,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="eWmaBOiBckxYUIP5RYwpXzpOmh4YrUtWT3VDXpk3b6PWW6S1K4EtPA==",cdn-downstream-fbl;dur=235 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1204,15 +1204,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0835ebd52ef8594cd8aa4dac9cfbd9a8.cloudfront.net (CloudFront) + - 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - _q5OOeXVKn81MIgV3h4cp4BGSgKAa6BNBh9YNAG-lJZI0JYYOO4agg== + - eWmaBOiBckxYUIP5RYwpXzpOmh4YrUtWT3VDXpk3b6PWW6S1K4EtPA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 246a91926239818147f9ee07920c41c7 + - 0c3b5afc9662d617d30721f369abca7b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1223,7 +1223,7 @@ interactions: code: 200 message: OK - request: - body: '{"issues": ["18177"]}' + body: '{"issues": ["19638"]}' headers: Accept: - application/json,*/*;q=0.9 @@ -1240,15 +1240,15 @@ interactions: User-Agent: - python-requests/2.32.3 method: POST - uri: https://defectdojo.atlassian.net/rest/agile/1.0/epic/18173/issue + uri: https://defectdojo.atlassian.net/rest/agile/1.0/epic/19636/issue response: body: string: '' headers: Atl-Request-Id: - - c329894a-a51d-4802-94bc-c2f385ae98fa + - 919fba56-0a74-4259-a3f3-68a975f351fd Atl-Traceid: - - c329894aa51d480294bcc2f385ae98fa + - 919fba560a744259a3f368a975f351fd Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1256,7 +1256,7 @@ interactions: Content-Type: - text/html;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:29 GMT + - Sat, 24 May 2025 10:31:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1266,7 +1266,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="QTXHtZCGejRsEG4UOsSCNHhoAezqkxDj5H9kzGzcbqDUOWCY4rSk8w==",cdn-downstream-fbl;dur=478,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=476,atl-edge;dur=390,atl-edge-internal;dur=16,atl-edge-upstream;dur=374,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=396,atl-edge;dur=388,atl-edge-internal;dur=15,atl-edge-upstream;dur=374,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="cS0upYh65VI65dARsdIGV1EiXBpl7FmT9acUSlVyCtyPpspxtA4icg==",cdn-downstream-fbl;dur=400 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1274,15 +1274,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 35f3ad5aa26e63a13ffedf420998e698.cloudfront.net (CloudFront) + - 1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - QTXHtZCGejRsEG4UOsSCNHhoAezqkxDj5H9kzGzcbqDUOWCY4rSk8w== + - cS0upYh65VI65dARsdIGV1EiXBpl7FmT9acUSlVyCtyPpspxtA4icg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 9417bedc97ff40d9458ea21c38078a3f + - ffc4c1cc59886031b0abd78316ca7b88 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1316,7 +1316,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -1330,9 +1330,9 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"828\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:55190\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:52690\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: weekly engagement: ZAP Scan\\\", \\\"user\\\": null, \\\"url_ui\\\": @@ -1368,7 +1368,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:24:29 GMT + - Sat, 24 May 2025 10:31:27 GMT Transfer-Encoding: - chunked status: @@ -1405,7 +1405,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -1419,9 +1419,9 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1300\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:55200\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:52704\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: weekly engagement: ZAP Scan\\\", \\\"user\\\": @@ -1472,7 +1472,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:24:29 GMT + - Sat, 24 May 2025 10:31:27 GMT Transfer-Encoding: - chunked status: @@ -1497,12 +1497,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:29.894+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:28.997+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - f4d1d2a1-f67d-41d3-848e-9094c845f57b + - 29107718-cc46-4c1f-aea4-ebd48c14e3a8 Atl-Traceid: - - f4d1d2a1f67d41d3848e9094c845f57b + - 29107718cc464c1faea4ebd48c14e3a8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1512,7 +1512,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:29 GMT + - Sat, 24 May 2025 10:31:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1522,7 +1522,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=193,atl-edge;dur=160,atl-edge-internal;dur=14,atl-edge-upstream;dur=146,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="xYUCneea-joioc43qnjgyhIVv7_WEkGZeHhR6O019v4ViEDiId4J7w==",cdn-downstream-fbl;dur=197 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=126,atl-edge;dur=118,atl-edge-internal;dur=13,atl-edge-upstream;dur=104,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="O0_IOozWhVQnOuk_uU18n9MSHT3f5BaR0ee73j8IE-t44BagRVk4Ag==",cdn-downstream-fbl;dur=130 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1532,15 +1532,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b3ac893abff0a2c3dda216fe4cd9157a.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - xYUCneea-joioc43qnjgyhIVv7_WEkGZeHhR6O019v4ViEDiId4J7w== + - O0_IOozWhVQnOuk_uU18n9MSHT3f5BaR0ee73j8IE-t44BagRVk4Ag== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c4710fa45092f2e4b0580f4144a02fde + - 52fddb89e045a1b0765d6fd7c27ee703 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1566,22 +1566,22 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/agile/1.0/epic/NTEST-1839/issue + uri: https://defectdojo.atlassian.net/rest/agile/1.0/epic/NTEST-2964/issue response: body: - string: '{"expand":"schema,names","startAt":0,"maxResults":50,"total":2,"issues":[{"expand":"operations,versionedRepresentations,editmeta,changelog,renderedFields","id":"18175","self":"https://defectdojo.atlassian.net/rest/agile/1.0/issue/18175","key":"NTEST-1840","fields":{"statuscategorychangedate":"2025-04-30T18:24:24.572+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"parent":{"id":"18173","key":"NTEST-1839","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18173","fields":{"summary":"weekly + string: '{"expand":"schema,names","startAt":0,"maxResults":50,"total":2,"issues":[{"expand":"operations,versionedRepresentations,editmeta,changelog,renderedFields","id":"19637","self":"https://defectdojo.atlassian.net/rest/agile/1.0/issue/19637","key":"NTEST-2965","fields":{"statuscategorychangedate":"2025-05-24T12:31:24.895+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"parent":{"id":"19636","key":"NTEST-2964","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19636","fields":{"summary":"weekly engagement","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10000","id":"10000","description":"A big user story that needs to be broken down. Created by Jira Software - do not edit or delete.","iconUrl":"https://defectdojo.atlassian.net/images/icons/issuetypes/epic.svg","name":"Epic","subtask":false,"hierarchyLevel":1}}},"timespent":null,"sprint":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"fixVersions":[],"customfield_10033":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1840/watchers","watchCount":1,"isWatching":true},"created":"2025-04-30T18:24:24.264+0200","customfield_10020":null,"customfield_10021":null,"epic":{"id":18173,"key":"NTEST-1839","self":"https://defectdojo.atlassian.net/rest/agile/1.0/epic/18173","name":"weekly - engagement","summary":"weekly engagement","color":{"key":"color_12"},"issueColor":{"key":"purple"},"done":false},"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"customfield_10023":null,"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00szb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:26.079+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"timeoriginalestimate":null,"customfield_10051":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2965/watchers","watchCount":1,"isWatching":true},"created":"2025-05-24T12:31:24.619+0200","customfield_10020":null,"customfield_10021":null,"epic":{"id":19636,"key":"NTEST-2964","self":"https://defectdojo.atlassian.net/rest/agile/1.0/epic/19636","name":"weekly + engagement","summary":"weekly engagement","color":{"key":"color_8"},"issueColor":{"key":"purple"},"done":false},"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"customfield_10023":null,"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0109z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:25.913+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"timeoriginalestimate":null,"customfield_10051":null,"description":"\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/242]\n\n*Defect Dojo link:* http://localhost:8080/finding/242 (242)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/93]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -1590,22 +1590,22 @@ interactions: contains sensitive information or is a session token, then\nit should always be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":"NTEST-1839","timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"security":null,"customfield_10007":null,"customfield_10008":null,"customfield_10009":null,"aggregatetimeestimate":null,"attachment":[],"flagged":false,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"customfield_10044":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1840/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18175/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}},{"expand":"operations,versionedRepresentations,editmeta,changelog,renderedFields","id":"18177","self":"https://defectdojo.atlassian.net/rest/agile/1.0/issue/18177","key":"NTEST-1841","fields":{"statuscategorychangedate":"2025-04-30T18:24:27.900+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"parent":{"id":"18173","key":"NTEST-1839","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18173","fields":{"summary":"weekly + [(admin) ()|mailto:]\n","customfield_10053":null,"customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":"NTEST-2964","timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"security":null,"customfield_10007":null,"customfield_10008":null,"customfield_10009":null,"aggregatetimeestimate":null,"attachment":[],"flagged":false,"summary":"Zap1: + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"customfield_10044":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2965/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19637/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}},{"expand":"operations,versionedRepresentations,editmeta,changelog,renderedFields","id":"19638","self":"https://defectdojo.atlassian.net/rest/agile/1.0/issue/19638","key":"NTEST-2966","fields":{"statuscategorychangedate":"2025-05-24T12:31:27.580+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"parent":{"id":"19636","key":"NTEST-2964","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19636","fields":{"summary":"weekly engagement","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10000","id":"10000","description":"A big user story that needs to be broken down. Created by Jira Software - do not edit or delete.","iconUrl":"https://defectdojo.atlassian.net/images/icons/issuetypes/epic.svg","name":"Epic","subtask":false,"hierarchyLevel":1}}},"timespent":null,"sprint":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"fixVersions":[],"customfield_10033":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1841/watchers","watchCount":1,"isWatching":true},"created":"2025-04-30T18:24:27.607+0200","customfield_10020":null,"customfield_10021":null,"epic":{"id":18173,"key":"NTEST-1839","self":"https://defectdojo.atlassian.net/rest/agile/1.0/epic/18173","name":"weekly - engagement","summary":"weekly engagement","color":{"key":"color_12"},"issueColor":{"key":"purple"},"done":false},"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"customfield_10023":null,"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00szj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:29.335+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2966/watchers","watchCount":1,"isWatching":true},"created":"2025-05-24T12:31:27.251+0200","customfield_10020":null,"customfield_10021":null,"epic":{"id":19636,"key":"NTEST-2964","self":"https://defectdojo.atlassian.net/rest/agile/1.0/epic/19636","name":"weekly + engagement","summary":"weekly engagement","color":{"key":"color_8"},"issueColor":{"key":"purple"},"done":false},"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"customfield_10023":null,"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010a7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:28.534+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"timeoriginalestimate":null,"customfield_10051":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/243]\n\n*Defect Dojo link:* http://localhost:8080/finding/243 (243)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/93]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -1614,15 +1614,15 @@ interactions: contains sensitive information or is a session token, then\nit should always be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":"NTEST-1839","timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"security":null,"customfield_10007":null,"customfield_10008":null,"customfield_10009":null,"aggregatetimeestimate":null,"attachment":[],"flagged":false,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"customfield_10044":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18177/comment","maxResults":0,"total":0,"startAt":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1841/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}]}' + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":"NTEST-2964","timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"security":null,"customfield_10007":null,"customfield_10008":null,"customfield_10009":null,"aggregatetimeestimate":null,"attachment":[],"flagged":false,"summary":"Zap2: + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"customfield_10044":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19638/comment","maxResults":0,"total":0,"startAt":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2966/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}]}' headers: Atl-Request-Id: - - e6cb1789-3b05-4a4f-b487-8debc05e5c51 + - 26ab0899-2264-49a8-a4f5-9311e139226a Atl-Traceid: - - e6cb17893b054a4fb4878debc05e5c51 + - 26ab0899226449a8a4f59311e139226a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1632,7 +1632,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:30 GMT + - Sat, 24 May 2025 10:31:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1642,7 +1642,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=488,atl-edge;dur=455,atl-edge-internal;dur=16,atl-edge-upstream;dur=439,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="6V1nbyPTc9N8A-I7m7P1T-uerPyqWKmFmxolT0vAH48R5BGVYvD1WQ==",cdn-downstream-fbl;dur=492 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=488,atl-edge;dur=481,atl-edge-internal;dur=17,atl-edge-upstream;dur=464,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="bHw3EoWcK1Z9V-IoE694rHBn_mxJVnwfHNnrfOmvsYzFrFUvef02ag==",cdn-downstream-fbl;dur=492 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1652,15 +1652,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5ea7f8bcbac3004590a821cdd0466e1c.cloudfront.net (CloudFront) + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 6V1nbyPTc9N8A-I7m7P1T-uerPyqWKmFmxolT0vAH48R5BGVYvD1WQ== + - bHw3EoWcK1Z9V-IoE694rHBn_mxJVnwfHNnrfOmvsYzFrFUvef02ag== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - e9cf62b32492074dd68e4f57d23c68c9 + - 0a1b0b6b7ec783d2301dbcff3f98837d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1689,12 +1689,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:30.760+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:29.745+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - e6bf17d6-aa16-4fe8-8c5e-fb8ffcb1d963 + - f55372a4-bd09-4621-be66-af358e07dd81 Atl-Traceid: - - e6bf17d6aa164fe88c5efb8ffcb1d963 + - f55372a4bd094621be66af358e07dd81 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1704,7 +1704,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:30 GMT + - Sat, 24 May 2025 10:31:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1714,7 +1714,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=196,atl-edge;dur=164,atl-edge-internal;dur=13,atl-edge-upstream;dur=151,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="BKtP-0kTsEvxCM0ryi1v0vhZUsT1CnzAyYG5Nbzm0BgYLPptpdXTCg==",cdn-downstream-fbl;dur=201 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=111,atl-edge;dur=104,atl-edge-internal;dur=13,atl-edge-upstream;dur=91,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="S_5VXFmYkzIZkv7yvYROVO7-j1Ib7Y5LUkf9Lnwi9qBNsraxW0BoJQ==",cdn-downstream-fbl;dur=116 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1724,15 +1724,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9dbecd95f02024b36225d6b521598db6.cloudfront.net (CloudFront) + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - BKtP-0kTsEvxCM0ryi1v0vhZUsT1CnzAyYG5Nbzm0BgYLPptpdXTCg== + - S_5VXFmYkzIZkv7yvYROVO7-j1Ib7Y5LUkf9Lnwi9qBNsraxW0BoJQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - e77b3415d3935b4e8d5c9730c41f57ad + - 95ca9d67052732ee960f03be8e0e5208 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1877,9 +1877,9 @@ interactions: date\",\"custom\":false,\"orderable\":true,\"navigable\":true,\"searchable\":true,\"clauseNames\":[\"due\",\"duedate\"],\"schema\":{\"type\":\"date\",\"system\":\"duedate\"}},{\"id\":\"comment\",\"key\":\"comment\",\"name\":\"Comment\",\"custom\":false,\"orderable\":true,\"navigable\":false,\"searchable\":true,\"clauseNames\":[\"comment\"],\"schema\":{\"type\":\"comments-page\",\"system\":\"comment\"}}]" headers: Atl-Request-Id: - - a415949e-5bb0-45fe-93c6-64a4e7a14d46 + - 743ea4c8-cc42-4a36-bd18-cc2364fd8891 Atl-Traceid: - - a415949e5bb045fe93c664a4e7a14d46 + - 743ea4c8cc424a36bd18cc2364fd8891 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1889,7 +1889,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:31 GMT + - Sat, 24 May 2025 10:31:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1899,7 +1899,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=18,cdn-upstream-fbl;dur=313,atl-edge;dur=239,atl-edge-internal;dur=18,atl-edge-upstream;dur=222,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="gHJLczD53NCDNH-n8EyHzBVVp36dkbAUggSCbtW5xhKQsrhtad32WQ==",cdn-downstream-fbl;dur=317 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=228,atl-edge;dur=220,atl-edge-internal;dur=14,atl-edge-upstream;dur=206,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="OpXJVzkSrE5sMThg6Xg4ImtrVEeMPhiyOmYTYWjSL3pp4cyQ2VQ6YQ==",cdn-downstream-fbl;dur=232 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1909,15 +1909,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 452324c4cfd54555e3a2d8c074edaf78.cloudfront.net (CloudFront) + - 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - gHJLczD53NCDNH-n8EyHzBVVp36dkbAUggSCbtW5xhKQsrhtad32WQ== + - OpXJVzkSrE5sMThg6Xg4ImtrVEeMPhiyOmYTYWjSL3pp4cyQ2VQ6YQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 067ea7c9e084501f4058b3d624d41bfb + - 0d77ab6960d496a59437c0e44c31da3d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1943,21 +1943,21 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-1840 + uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-2965 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18175","self":"https://defectdojo.atlassian.net/rest/api/latest/issue/18175","key":"NTEST-1840","fields":{"statuscategorychangedate":"2025-04-30T18:24:24.572+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"parent":{"id":"18173","key":"NTEST-1839","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18173","fields":{"summary":"weekly + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19637","self":"https://defectdojo.atlassian.net/rest/api/latest/issue/19637","key":"NTEST-2965","fields":{"statuscategorychangedate":"2025-05-24T12:31:24.895+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"parent":{"id":"19636","key":"NTEST-2964","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19636","fields":{"summary":"weekly engagement","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10000","id":"10000","description":"A big user story that needs to be broken down. Created by Jira Software - do not edit or delete.","iconUrl":"https://defectdojo.atlassian.net/images/icons/issuetypes/epic.svg","name":"Epic","subtask":false,"hierarchyLevel":1}}},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1840/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:24.264+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00szb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:26.079+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2965/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:24.619+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0109z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:25.913+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/242]\n\n*Defect Dojo link:* http://localhost:8080/finding/242 (242)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/93]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -1966,15 +1966,15 @@ interactions: contains sensitive information or is a session token, then\nit should always be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":"NTEST-1839","timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1840/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18175/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":"NTEST-2964","timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2965/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19637/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - f0f3413f-4ed7-4bac-958c-0f88c4b26d15 + - b792e6ab-4689-46b0-a4e6-054b334edcdb Atl-Traceid: - - f0f3413f4ed74bac958c0f88c4b26d15 + - b792e6ab468946b0a4e6054b334edcdb Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1984,7 +1984,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:31 GMT + - Sat, 24 May 2025 10:31:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1994,7 +1994,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=321,atl-edge;dur=288,atl-edge-internal;dur=15,atl-edge-upstream;dur=273,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="V3HDy13J7Li6R4hiLyawZyf2K7TOyokIpUw_sThNAswx4DM0zl2pew==",cdn-downstream-fbl;dur=324 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="3R82x-FTgpXleSrhwW-6H4ll6j6oCNKE9cXEkohZaMBZiSIXs5pr_w==",cdn-downstream-fbl;dur=277,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=275,atl-edge;dur=245,atl-edge-internal;dur=15,atl-edge-upstream;dur=230,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2004,15 +2004,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1b7fa09f50c08a88d619f90eef5ee94a.cloudfront.net (CloudFront) + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - V3HDy13J7Li6R4hiLyawZyf2K7TOyokIpUw_sThNAswx4DM0zl2pew== + - 3R82x-FTgpXleSrhwW-6H4ll6j6oCNKE9cXEkohZaMBZiSIXs5pr_w== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 2490bd8150b4255fe526320d6ef59121 + - 8ff472eb6b9d1bf34dd46f0d72b2ddbe X-Cache: - Miss from cloudfront X-Content-Type-Options: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_enabled_no_epic_and_push_findings.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_enabled_no_epic_and_push_findings.yaml index 29a68f766ba..6141f0ba3bf 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_enabled_no_epic_and_push_findings.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_engagement_epic_mapping_enabled_no_epic_and_push_findings.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:32.157+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:30.663+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 0eabb628-169c-4772-adbb-27c5651adeb6 + - 0f4ce19f-42ea-4fb5-92b0-46e4c3f38533 Atl-Traceid: - - 0eabb628169c4772adbb27c5651adeb6 + - 0f4ce19f42ea4fb592b046e4c3f38533 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:32 GMT + - Sat, 24 May 2025 10:31:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=189,atl-edge;dur=157,atl-edge-internal;dur=15,atl-edge-upstream;dur=143,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="JtmTv8z9anvfqf-huLNs3VdG4oGCpLXlv9AAVkaI2NEaTxvr-YUkPg==",cdn-downstream-fbl;dur=194 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=111,atl-edge;dur=103,atl-edge-internal;dur=15,atl-edge-upstream;dur=89,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="lzusMaQD4TzfpAvfKgVdKifTMvHawH3ZsaVqF_G5M-aXZJG98xYkqQ==",cdn-downstream-fbl;dur=114 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f9c7cdbfd821ee3522abb640c0e0a228.cloudfront.net (CloudFront) + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - JtmTv8z9anvfqf-huLNs3VdG4oGCpLXlv9AAVkaI2NEaTxvr-YUkPg== + - lzusMaQD4TzfpAvfKgVdKifTMvHawH3ZsaVqF_G5M-aXZJG98xYkqQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - e55afd2881afe3f291c2675b47b9dbe1 + - b72c1f3b37687362e4392f601f3200b5 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 3dcbaee4-3644-4be3-a68c-df3639aba4d6 + - 8d7bdea3-cf89-4a66-8d86-7d1f3e6e1f72 Atl-Traceid: - - 3dcbaee436444be3a68cdf3639aba4d6 + - 8d7bdea3cf894a668d867d1f3e6e1f72 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:32 GMT + - Sat, 24 May 2025 10:31:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="NyphyzrQ_zatLJtxKMxIVaBaL5dxUGsw-RBZBJH3zTcDje5opgLJQQ==",cdn-downstream-fbl;dur=383,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=381,atl-edge;dur=295,atl-edge-internal;dur=16,atl-edge-upstream;dur=279,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=243,atl-edge;dur=237,atl-edge-internal;dur=16,atl-edge-upstream;dur=221,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="-BohB2Yx090VIWszLp1hlaSuorviDOwLlzyXHlKm76WNQvceIHYe_A==",cdn-downstream-fbl;dur=247 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f6567fa2210130239a3a2c737c9517ac.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - NyphyzrQ_zatLJtxKMxIVaBaL5dxUGsw-RBZBJH3zTcDje5opgLJQQ== + - -BohB2Yx090VIWszLp1hlaSuorviDOwLlzyXHlKm76WNQvceIHYe_A== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - a75cddd7cce8c419f8afe3e068b05b30 + - fa9a0b3890633e01832dc65b8e56fe7c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -157,7 +157,7 @@ interactions: "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/244]\n\n*Defect Dojo link:* http://localhost:8080/finding/244 (244)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/94]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -177,7 +177,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1317' + - '1318' Content-Type: - application/json User-Agent: @@ -186,12 +186,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18179","key":"NTEST-1842","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18179"}' + string: '{"id":"19639","key":"NTEST-2967","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19639"}' headers: Atl-Request-Id: - - 4aa9e1ad-5284-4689-9b0e-29c95117f55f + - d8283e9d-ef8f-4949-9348-b606a40f60fb Atl-Traceid: - - 4aa9e1ad528446899b0e29c95117f55f + - d8283e9def8f49499348b606a40f60fb Cache-Control: - no-cache, no-store, no-transform Connection: @@ -199,7 +199,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:33 GMT + - Sat, 24 May 2025 10:31:31 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -209,7 +209,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="es53V5kXW031qAH73tq5CpX4-irKBHH5LRYKStywgY3zbHgczwrgDw==",cdn-downstream-fbl;dur=826,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=55,cdn-upstream-fbl;dur=824,atl-edge;dur=750,atl-edge-internal;dur=18,atl-edge-upstream;dur=731,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=864,atl-edge;dur=857,atl-edge-internal;dur=18,atl-edge-upstream;dur=839,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="lueRAmwRS0nClxpSGh2ZsOm-t4iauRGoj86WR-m4KHCmVelgO5-Fjg==",cdn-downstream-fbl;dur=868 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -219,15 +219,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5a3010bd9376613ba1249daca87b27a2.cloudfront.net (CloudFront) + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - es53V5kXW031qAH73tq5CpX4-irKBHH5LRYKStywgY3zbHgczwrgDw== + - lueRAmwRS0nClxpSGh2ZsOm-t4iauRGoj86WR-m4KHCmVelgO5-Fjg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - b1498f4688b2950048ba79013ded67ef + - 2d2963f4e4a5b691b5babbaf197ba609 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -253,17 +253,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1842 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2967 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18179","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18179","key":"NTEST-1842","fields":{"statuscategorychangedate":"2025-04-30T18:24:33.499+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19639","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19639","key":"NTEST-2967","fields":{"statuscategorychangedate":"2025-05-24T12:31:31.833+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1842/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:33.171+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00szr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:33.267+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2967/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:31.352+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010af:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:31.521+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/244]\n\n*Defect Dojo link:* http://localhost:8080/finding/244 (244)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/94]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -273,14 +273,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1842/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18179/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2967/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19639/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - c248f949-fa73-4a20-a3e8-ed8fa2a0783c + - a446b098-0584-469d-96f7-1083e00ac6c5 Atl-Traceid: - - c248f949fa734a20a3e8ed8fa2a0783c + - a446b0980584469d96f71083e00ac6c5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -290,7 +290,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:34 GMT + - Sat, 24 May 2025 10:31:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -300,7 +300,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=32,cdn-upstream-fbl;dur=401,atl-edge;dur=272,atl-edge-internal;dur=19,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="zN-NoGPBRSQ0WywjCE42QxdrpPkMlN0VOqtQYWZBsTfq3KMKcl-DWg==",cdn-downstream-fbl;dur=406 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=301,atl-edge;dur=293,atl-edge-internal;dur=16,atl-edge-upstream;dur=277,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="V4EvPVimVn2q6cB4eLPgQpAIRaI3aeEIJfw1vXmZuLBqM3y2mIFqPQ==",cdn-downstream-fbl;dur=304 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -310,15 +310,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 995d6494814d695ff2add6899f970080.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - zN-NoGPBRSQ0WywjCE42QxdrpPkMlN0VOqtQYWZBsTfq3KMKcl-DWg== + - V4EvPVimVn2q6cB4eLPgQpAIRaI3aeEIJfw1vXmZuLBqM3y2mIFqPQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 767906c7f44a16b6544f620bbfeccf50 + - bd615d21243b7b8dd992423c18545451 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -344,17 +344,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18179 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19639 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18179","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18179","key":"NTEST-1842","fields":{"statuscategorychangedate":"2025-04-30T18:24:33.499+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19639","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19639","key":"NTEST-2967","fields":{"statuscategorychangedate":"2025-05-24T12:31:31.833+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1842/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:33.171+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00szr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:33.267+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2967/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:31.352+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010af:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:31.521+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/244]\n\n*Defect Dojo link:* http://localhost:8080/finding/244 (244)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/94]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -364,14 +364,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1842/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18179/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2967/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19639/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - cf841099-e5c5-4456-b21a-eba0970716a6 + - d6a49fb5-6202-4421-9cb8-11970e523f4c Atl-Traceid: - - cf841099e5c54456b21aeba0970716a6 + - d6a49fb5620244219cb811970e523f4c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -381,7 +381,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:34 GMT + - Sat, 24 May 2025 10:31:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -391,7 +391,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=303,atl-edge;dur=269,atl-edge-internal;dur=19,atl-edge-upstream;dur=250,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="XY3AjGfr7uYnDbbZXQy8Y2fcbzsSHnuNp9_q8uE9ofWyeioO1-H4gw==",cdn-downstream-fbl;dur=307 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=229,atl-edge;dur=222,atl-edge-internal;dur=16,atl-edge-upstream;dur=207,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="NNucISwQNwMLmM5Xs2Wx0_M4O-FgFwjBg1FkGYzyNq1nl8GJOuUxeQ==",cdn-downstream-fbl;dur=233 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -401,15 +401,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c31337642f54c5bd34bb485701d02e8a.cloudfront.net (CloudFront) + - 1.1 4ab1227a56c7dfaf7a8f7750683df1be.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - XY3AjGfr7uYnDbbZXQy8Y2fcbzsSHnuNp9_q8uE9ofWyeioO1-H4gw== + - NNucISwQNwMLmM5Xs2Wx0_M4O-FgFwjBg1FkGYzyNq1nl8GJOuUxeQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - cf2e170882b87e02faf2ae81da0f4588 + - ba44bc8e3ead506a90b7e15d77ac2e45 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -438,12 +438,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:34.965+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:32.821+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - b36a13de-5ec3-479e-8fb4-245f69d5f314 + - ea1233ce-b158-4d5e-b695-9ffe196fbe6c Atl-Traceid: - - b36a13de5ec3479e8fb4245f69d5f314 + - ea1233ceb1584d5eb6959ffe196fbe6c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -453,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:35 GMT + - Sat, 24 May 2025 10:31:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -463,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="CTVTagMeCGyIPklg7YMeTn96HNNGKcy0Axik77_CxlpszfDMvP3WPw==",cdn-downstream-fbl;dur=250,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=58,cdn-upstream-fbl;dur=248,atl-edge;dur=170,atl-edge-internal;dur=15,atl-edge-upstream;dur=155,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=112,atl-edge;dur=105,atl-edge-internal;dur=16,atl-edge-upstream;dur=90,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="39GFOts-8p2r4-oM3CZnYaSBaakwAKBMYNSIQ8uJq5MgZoBAL6eCaA==",cdn-downstream-fbl;dur=116 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -473,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c80d7d73c19744418338fdf12216d306.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - CTVTagMeCGyIPklg7YMeTn96HNNGKcy0Axik77_CxlpszfDMvP3WPw== + - 39GFOts-8p2r4-oM3CZnYaSBaakwAKBMYNSIQ8uJq5MgZoBAL6eCaA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 8fe8df260dbc201bb93eabb2eefe7d75 + - f66a027da6131067386b7df07d4a239d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -519,9 +519,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 5ffff061-ce68-4c10-a6f3-9adb0acd624c + - 6bf18163-e2e2-4ea8-a6d1-99aa1de547ef Atl-Traceid: - - 5ffff061ce684c10a6f39adb0acd624c + - 6bf18163e2e24ea8a6d199aa1de547ef Cache-Control: - no-cache, no-store, no-transform Connection: @@ -531,7 +531,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:35 GMT + - Sat, 24 May 2025 10:31:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -541,7 +541,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="_8HNGv2DooXuFmsEJwnQu_QBNK_WFAIm93mI8mppgnLNDXCFpujAXw==",cdn-downstream-fbl;dur=367,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=364,atl-edge;dur=290,atl-edge-internal;dur=17,atl-edge-upstream;dur=273,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="hbRaMe-ifVpZ2GsUIz5XduBLm_EzmSPbnWb0cBYmPSX3RizWUXOiHg==",cdn-downstream-fbl;dur=272,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=19,cdn-upstream-fbl;dur=270,atl-edge;dur=244,atl-edge-internal;dur=15,atl-edge-upstream;dur=229,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -551,18 +551,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a4888bfa57444daa340ca8dc53629170.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - _8HNGv2DooXuFmsEJwnQu_QBNK_WFAIm93mI8mppgnLNDXCFpujAXw== + - hbRaMe-ifVpZ2GsUIz5XduBLm_EzmSPbnWb0cBYmPSX3RizWUXOiHg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 08329a0462432c54173176fe8089dcee + - 49f9c9151337341c8b6d97585750a56a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -577,7 +577,7 @@ interactions: "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/245]\n\n*Defect Dojo link:* http://localhost:8080/finding/245 (245)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/94]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -597,7 +597,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1317' + - '1318' Content-Type: - application/json User-Agent: @@ -606,12 +606,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18181","key":"NTEST-1843","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18181"}' + string: '{"id":"19640","key":"NTEST-2968","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19640"}' headers: Atl-Request-Id: - - 104448a0-ca1b-46ec-a8b3-17d2331dd7bb + - 14446753-7ee1-4e3c-9de9-b904a2994e9f Atl-Traceid: - - 104448a0ca1b46eca8b317d2331dd7bb + - 144467537ee14e3c9de9b904a2994e9f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -619,7 +619,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:36 GMT + - Sat, 24 May 2025 10:31:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -629,7 +629,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=31,cdn-upstream-fbl;dur=940,atl-edge;dur=813,atl-edge-internal;dur=19,atl-edge-upstream;dur=794,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="qyoMT6PLdH-MntELfOCPEww0nSqgcxJlgpo_nPtnhSAcDd7DHprq6Q==",cdn-downstream-fbl;dur=943 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="xr6CycXuGi1OcFE1aQNzZPCjIm60E5O_L-69u-wviCUbKrUEfsqJAg==",cdn-downstream-fbl;dur=704,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=701,atl-edge;dur=673,atl-edge-internal;dur=17,atl-edge-upstream;dur=656,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -639,15 +639,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c7697b9c4955dc41900ab918dddd33e0.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - qyoMT6PLdH-MntELfOCPEww0nSqgcxJlgpo_nPtnhSAcDd7DHprq6Q== + - xr6CycXuGi1OcFE1aQNzZPCjIm60E5O_L-69u-wviCUbKrUEfsqJAg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - f3bdc8e4ec90cc9fe426f74a299089c9 + - 22c7e4ac677a4cd7764cf99c1a6a637c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -673,17 +673,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1843 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2968 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18181","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18181","key":"NTEST-1843","fields":{"statuscategorychangedate":"2025-04-30T18:24:36.431+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19640","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19640","key":"NTEST-2968","fields":{"statuscategorychangedate":"2025-05-24T12:31:33.885+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1843/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:36.062+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00szz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:36.196+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2968/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:33.583+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010an:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:33.663+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/245]\n\n*Defect Dojo link:* http://localhost:8080/finding/245 (245)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/94]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -693,14 +693,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1843/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18181/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2968/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19640/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 03435e7c-e154-41d9-ae71-2241341c8d83 + - 6058b2d1-5975-4aa3-84f8-5efcab7e8cd1 Atl-Traceid: - - 03435e7ce15441d9ae712241341c8d83 + - 6058b2d159754aa384f85efcab7e8cd1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -710,7 +710,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:37 GMT + - Sat, 24 May 2025 10:31:34 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -720,7 +720,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="yuPelTiMWrU7Ws_KQEBxBizwJDwHNCf5P_6A_fU04XPtS9gD3vh4nA==",cdn-downstream-fbl;dur=354,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=352,atl-edge;dur=265,atl-edge-internal;dur=16,atl-edge-upstream;dur=249,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=239,atl-edge;dur=232,atl-edge-internal;dur=15,atl-edge-upstream;dur=217,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="W-I8CitD9JRLcjsfrjNeH__lLvfEav2sadwSmukIS0fgqsMW0WaI-g==",cdn-downstream-fbl;dur=243 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -730,15 +730,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 596b1ac54ac9ee415236dc72536ba33a.cloudfront.net (CloudFront) + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - yuPelTiMWrU7Ws_KQEBxBizwJDwHNCf5P_6A_fU04XPtS9gD3vh4nA== + - W-I8CitD9JRLcjsfrjNeH__lLvfEav2sadwSmukIS0fgqsMW0WaI-g== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 9454a0fcf1d15e9cf68e58e372dd0b54 + - 35f65996978f2eee7deafd42ac0f9567 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -764,17 +764,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18181 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19640 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18181","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18181","key":"NTEST-1843","fields":{"statuscategorychangedate":"2025-04-30T18:24:36.431+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19640","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19640","key":"NTEST-2968","fields":{"statuscategorychangedate":"2025-05-24T12:31:33.885+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1843/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:36.062+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00szz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:36.196+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2968/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:33.583+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010an:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:33.663+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/245]\n\n*Defect Dojo link:* http://localhost:8080/finding/245 (245)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/94]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -784,14 +784,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1843/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18181/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2968/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19640/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 343fe3af-8c43-4ffd-abca-411a8b3243f7 + - ae992cf2-e13e-4be0-891c-9628264de4a5 Atl-Traceid: - - 343fe3af8c434ffdabca411a8b3243f7 + - ae992cf2e13e4be0891c9628264de4a5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -801,7 +801,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:37 GMT + - Sat, 24 May 2025 10:31:35 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -811,7 +811,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=286,atl-edge;dur=253,atl-edge-internal;dur=18,atl-edge-upstream;dur=235,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="oqkpHMnVuduQe33BdyS4iUD_tZg_pGXmTcRV0AhjPcBLAou1PC881g==",cdn-downstream-fbl;dur=289 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=214,atl-edge;dur=206,atl-edge-internal;dur=18,atl-edge-upstream;dur=188,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="yp1_OaPfwS83Y3lAsW865DrO2lYlryq0oPY8cEkqMkQezIB7aMri3g==",cdn-downstream-fbl;dur=218 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -821,15 +821,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 771067dca4682f83a6c9963c412d66cc.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - oqkpHMnVuduQe33BdyS4iUD_tZg_pGXmTcRV0AhjPcBLAou1PC881g== + - yp1_OaPfwS83Y3lAsW865DrO2lYlryq0oPY8cEkqMkQezIB7aMri3g== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 3bb394f46cae0fa98c454532560add37 + - 3227c9c1394fd539b8d52e9b7d8872de X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -863,7 +863,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -877,9 +877,9 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"828\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:33122\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:48510\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: weekly engagement: ZAP Scan\\\", \\\"user\\\": null, \\\"url_ui\\\": @@ -915,7 +915,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:24:37 GMT + - Sat, 24 May 2025 10:31:33 GMT Transfer-Encoding: - chunked status: @@ -952,7 +952,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -966,9 +966,9 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1300\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:33136\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:48516\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: weekly engagement: ZAP Scan\\\", \\\"user\\\": @@ -1019,7 +1019,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:24:37 GMT + - Sat, 24 May 2025 10:31:33 GMT Transfer-Encoding: - chunked status: @@ -1044,12 +1044,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:37.859+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:35.911+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 82fdce1c-eb80-4423-84b0-3b5e0507a963 + - c622b92a-81d8-42fd-b37a-ca21adfab307 Atl-Traceid: - - 82fdce1ceb80442384b03b5e0507a963 + - c622b92a81d842fdb37aca21adfab307 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1059,7 +1059,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:37 GMT + - Sat, 24 May 2025 10:31:35 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1069,7 +1069,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=244,atl-edge;dur=159,atl-edge-internal;dur=16,atl-edge-upstream;dur=143,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="FRCTLwOAGOhGJ_JrNuNVikDqmrIibKDBh-0ugr8bWlazWerafQGwNQ==",cdn-downstream-fbl;dur=247 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=119,atl-edge;dur=111,atl-edge-internal;dur=14,atl-edge-upstream;dur=97,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="M3NDPy52VGQ7XGxGpkvWfozZ4TN4DshgFN8_bziHNpQvm5zx5SMPJw==",cdn-downstream-fbl;dur=122 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1079,15 +1079,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 05df0d22c8cc3d4b946b6f2dc43d6b9c.cloudfront.net (CloudFront) + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - FRCTLwOAGOhGJ_JrNuNVikDqmrIibKDBh-0ugr8bWlazWerafQGwNQ== + - M3NDPy52VGQ7XGxGpkvWfozZ4TN4DshgFN8_bziHNpQvm5zx5SMPJw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 72aca69352138814a51844cfdedc0317 + - a4fb56e326bcb69a67c5b15aa94716ad X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1116,12 +1116,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:24:38.259+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:31:36.104+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 2b149bb2-f614-4ea7-a755-c9b765940d20 + - 2c81958e-3212-43fa-9875-8d39b9b0917b Atl-Traceid: - - 2b149bb2f6144ea7a755c9b765940d20 + - 2c81958e321243fa98758d39b9b0917b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1131,7 +1131,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:38 GMT + - Sat, 24 May 2025 10:31:36 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1141,7 +1141,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="nAlEd-4T4pQYbyTpm7F1SBoltty7Wlg2QXaRL24uibu2HGoMUmsENQ==",cdn-downstream-fbl;dur=310,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=95,cdn-upstream-fbl;dur=308,atl-edge;dur=181,atl-edge-internal;dur=25,atl-edge-upstream;dur=155,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=110,atl-edge;dur=102,atl-edge-internal;dur=19,atl-edge-upstream;dur=83,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="p3DUQO7nPGf1gEB8gMstIyvBnH1sYbHhpHz-8ik_uciloDVPAakHYA==",cdn-downstream-fbl;dur=114 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1151,15 +1151,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1b7fa09f50c08a88d619f90eef5ee94a.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - nAlEd-4T4pQYbyTpm7F1SBoltty7Wlg2QXaRL24uibu2HGoMUmsENQ== + - p3DUQO7nPGf1gEB8gMstIyvBnH1sYbHhpHz-8ik_uciloDVPAakHYA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 1f89dd28f49216ded6a524994b009d8d + - 26dac0a2b18a127797554eda3eff5e13 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1304,9 +1304,9 @@ interactions: date\",\"custom\":false,\"orderable\":true,\"navigable\":true,\"searchable\":true,\"clauseNames\":[\"due\",\"duedate\"],\"schema\":{\"type\":\"date\",\"system\":\"duedate\"}},{\"id\":\"comment\",\"key\":\"comment\",\"name\":\"Comment\",\"custom\":false,\"orderable\":true,\"navigable\":false,\"searchable\":true,\"clauseNames\":[\"comment\"],\"schema\":{\"type\":\"comments-page\",\"system\":\"comment\"}}]" headers: Atl-Request-Id: - - 404dc26c-d5e5-40a9-b448-ec1033619f0d + - bf4302b6-a68d-4c64-82a5-87d243cf6dc6 Atl-Traceid: - - 404dc26cd5e540a9b448ec1033619f0d + - bf4302b6a68d4c6482a587d243cf6dc6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1316,7 +1316,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:38 GMT + - Sat, 24 May 2025 10:31:36 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1326,7 +1326,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="tSaisnRT0x2cp1unUmEhlHybhprZ7GHBDoLePmZclDUVtyUkXNZvrg==",cdn-downstream-fbl;dur=328,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=66,cdn-upstream-fbl;dur=325,atl-edge;dur=236,atl-edge-internal;dur=16,atl-edge-upstream;dur=220,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="AaQ8l41xSMI-tgrZdGTqsnd-EYqicy1gj07FiO9m_QmIQAfnOKeCFQ==",cdn-downstream-fbl;dur=208,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=205,atl-edge;dur=175,atl-edge-internal;dur=16,atl-edge-upstream;dur=159,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1336,15 +1336,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 87441111f0e4d414e651812e90f76e78.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - tSaisnRT0x2cp1unUmEhlHybhprZ7GHBDoLePmZclDUVtyUkXNZvrg== + - AaQ8l41xSMI-tgrZdGTqsnd-EYqicy1gj07FiO9m_QmIQAfnOKeCFQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 20ba89f6c7e9e0145d49c916c5d37874 + - 072e1995c098491bdafd0777e5e893d6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1370,17 +1370,17 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-1842 + uri: https://defectdojo.atlassian.net/rest/api/latest/issue/NTEST-2967 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18179","self":"https://defectdojo.atlassian.net/rest/api/latest/issue/18179","key":"NTEST-1842","fields":{"statuscategorychangedate":"2025-04-30T18:24:33.499+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19639","self":"https://defectdojo.atlassian.net/rest/api/latest/issue/19639","key":"NTEST-2967","fields":{"statuscategorychangedate":"2025-05-24T12:31:31.833+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1842/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:24:33.171+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00szr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:24:33.267+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2967/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:31:31.352+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010af:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:31:31.521+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/244]\n\n*Defect Dojo link:* http://localhost:8080/finding/244 (244)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [weekly engagement|http://localhost:8080/engagement/3] / [ZAP Scan|http://localhost:8080/test/94]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA @@ -1390,14 +1390,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1842/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18179/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2967/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19639/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 2b797552-0a5a-46bc-b6da-cdb4b5affbb2 + - 8e614554-2091-40e3-8bd8-e006a49362fd Atl-Traceid: - - 2b7975520a5a46bcb6dacdb4b5affbb2 + - 8e614554209140e38bd8e006a49362fd Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1407,7 +1407,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:24:39 GMT + - Sat, 24 May 2025 10:31:36 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1417,7 +1417,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="MA7wPKKTWI-Q3263uTozxBwpaDbasMaB11OSJxcOCA3kUh180tcB2Q==",cdn-downstream-fbl;dur=351,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=348,atl-edge;dur=260,atl-edge-internal;dur=18,atl-edge-upstream;dur=243,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=312,atl-edge;dur=304,atl-edge-internal;dur=16,atl-edge-upstream;dur=288,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="abdByVy6vVqF1OGYOzxTueSJQVTQT39BIMSlZSMIQ4L61-vk4dXyrg==",cdn-downstream-fbl;dur=316 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1427,15 +1427,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 04a2159f61dab28d4b7610df116a191a.cloudfront.net (CloudFront) + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - MA7wPKKTWI-Q3263uTozxBwpaDbasMaB11OSJxcOCA3kUh180tcB2Q== + - abdByVy6vVqF1OGYOzxTueSJQVTQT39BIMSlZSMIQ4L61-vk4dXyrg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 1bc171a043cc4108421648db8a25b5a7 + - c90b1d6517cb748778d48c7a82f9615b X-Cache: - Miss from cloudfront X-Content-Type-Options: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml index 7741f01b74d..cb9fe81284f 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml @@ -24,7 +24,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.47.1 + - DefectDojo-2.48.0-dev X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -38,10 +38,10 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"844\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.47.1\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.48.0-dev\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:39654\",\n - \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.8\",\n \"url\": + \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/90\\\", \\\"url_api\\\": @@ -76,7 +76,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Sun, 15 Jun 2025 08:53:48 GMT + - Sun, 22 Jun 2025 10:14:46 GMT Transfer-Encoding: - chunked status: @@ -93,24 +93,25 @@ interactions: Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": 90, "url_ui": "http://localhost:8080/test/90", "url_api": "http://localhost:8080/api/v2/tests/90/"}, - "finding_count": 5, "findings": {"new": [{"id": 232, "title": "Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/232", - "url_api": "http://localhost:8080/api/v2/findings/232/"}, {"id": 233, "title": - "2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": - "High", "url_ui": "http://localhost:8080/finding/233", "url_api": "http://localhost:8080/api/v2/findings/233/"}, - {"id": 234, "title": "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 - || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 - || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 - || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/234", - "url_api": "http://localhost:8080/api/v2/findings/234/"}, {"id": 235, "title": - "Regular Expression Denial of Service - (Fresh, < 0.5.2)", "severity": "High", - "url_ui": "http://localhost:8080/finding/235", "url_api": "http://localhost:8080/api/v2/findings/235/"}, - {"id": 236, "title": "2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 - < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 - < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/236", - "url_api": "http://localhost:8080/api/v2/findings/236/"}], "reactivated": [], - "mitigated": [], "untouched": []}}' + "finding_count": 5, "findings": {"new": [{"id": 233, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/233", + "url_api": "http://localhost:8080/api/v2/findings/233/"}, {"id": 234, "title": + "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 + || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "High", "url_ui": "http://localhost:8080/finding/234", "url_api": + "http://localhost:8080/api/v2/findings/234/"}, {"id": 232, "title": "Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", + "url_ui": "http://localhost:8080/finding/232", "url_api": "http://localhost:8080/api/v2/findings/232/"}, + {"id": 235, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/235", "url_api": + "http://localhost:8080/api/v2/findings/235/"}, {"id": 236, "title": "2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= + 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || + >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/236", "url_api": + "http://localhost:8080/api/v2/findings/236/"}], "reactivated": [], "mitigated": + [], "untouched": []}}' headers: Accept: - application/json @@ -121,11 +122,11 @@ interactions: Connection: - keep-alive Content-Length: - - '2367' + - '2373' Content-Type: - application/json User-Agent: - - DefectDojo-2.47.1 + - DefectDojo-2.48.0-dev X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -137,12 +138,12 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"2367\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"2373\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.47.1\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.48.0-dev\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:39662\",\n - \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.8\",\n \"url\": + \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/90\\\", @@ -155,54 +156,54 @@ interactions: \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 90, \\\"url_ui\\\": \\\"http://localhost:8080/test/90\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/90/\\\"}, \\\"finding_count\\\": - 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 232, \\\"title\\\": \\\"Regular + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 233, \\\"title\\\": \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/232\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/232/\\\"}, {\\\"id\\\": 233, \\\"title\\\": - \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", - \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/233\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/233/\\\"}, {\\\"id\\\": - 234, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/234\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/234/\\\"}, {\\\"id\\\": 235, \\\"title\\\": - \\\"Regular Expression Denial of Service - (Fresh, < 0.5.2)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/235\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/235/\\\"}, {\\\"id\\\": 236, \\\"title\\\": - \\\"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/233\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/233/\\\"}, {\\\"id\\\": 234, \\\"title\\\": + \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/236\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/236/\\\"}], - \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n - \ \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event - scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": - \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \\\"http://localhost:8080/finding/234\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/234/\\\"}, + {\\\"id\\\": 232, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/232\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/232/\\\"}, + {\\\"id\\\": 235, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/235\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/235/\\\"}, + {\\\"id\\\": 236, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/236\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/236/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 232,\n \"severity\": \"High\",\n \"title\": + \ \"id\": 233,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/233/\",\n \"url_ui\": \"http://localhost:8080/finding/233\"\n + \ },\n {\n \"id\": 234,\n \"severity\": \"High\",\n + \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < + 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 + < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/234/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/234\"\n },\n + \ {\n \"id\": 232,\n \"severity\": \"Medium\",\n \"title\": \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/232/\",\n \"url_ui\": \"http://localhost:8080/finding/232\"\n - \ },\n {\n \"id\": 233,\n \"severity\": \"High\",\n - \ \"title\": \"2222Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/233/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/233\"\n },\n - \ {\n \"id\": 234,\n \"severity\": \"High\",\n \"title\": - \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < - 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 - < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= - 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/234/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/234\"\n },\n - \ {\n \"id\": 235,\n \"severity\": \"High\",\n \"title\": - \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/235/\",\n \"url_ui\": \"http://localhost:8080/finding/235\"\n - \ },\n {\n \"id\": 236,\n \"severity\": \"High\",\n - \ \"title\": \"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/236/\",\n + \ },\n {\n \"id\": 235,\n \"severity\": \"Medium\",\n + \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/235/\",\n \"url_ui\": + \"http://localhost:8080/finding/235\"\n },\n {\n \"id\": + 236,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/236/\",\n \ \"url_ui\": \"http://localhost:8080/finding/236\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": @@ -223,7 +224,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Sun, 15 Jun 2025 08:53:48 GMT + - Sun, 22 Jun 2025 10:14:46 GMT Transfer-Encoding: - chunked status: @@ -248,12 +249,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:53:52.926+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:14:48.904+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 9b11ee74-c15c-430f-8411-39aa1ed4699b + - b5318bfb-6d96-4f12-a919-cf787ee7711c Atl-Traceid: - - 9b11ee74c15c430f841139aa1ed4699b + - b5318bfb6d964f12a919cf787ee7711c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -263,7 +264,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:53:53 GMT + - Sun, 22 Jun 2025 10:14:49 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -273,7 +274,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=1030,atl-edge;dur=1024,atl-edge-internal;dur=49,atl-edge-upstream;dur=969,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="cCn-oBnivBCuQCl4VzT6jUo9Wkah1zronU_rP5o9vioyW4UrnRNx-w==",cdn-downstream-fbl;dur=1034 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=505,atl-edge;dur=500,atl-edge-internal;dur=39,atl-edge-upstream;dur=457,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="GneO5iqNFEuZXULbDaJcgTjS1guS7H_J4wTHJ0s4WNoHDuF2RsuN8A==",cdn-downstream-fbl;dur=510 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -283,15 +284,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 60a3c74b395afbd3a50d71e59ea19eca.cloudfront.net (CloudFront) + - 1.1 909f00169c0be43b0eae99ab8e7a6126.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - cCn-oBnivBCuQCl4VzT6jUo9Wkah1zronU_rP5o9vioyW4UrnRNx-w== + - GneO5iqNFEuZXULbDaJcgTjS1guS7H_J4wTHJ0s4WNoHDuF2RsuN8A== X-Amz-Cf-Pop: - SYD62-P1 X-Arequestid: - - 4fee0b727ac69cc5b36a921b0fb2e2f7 + - 19e2ccc230d1a735b25a9704f9e6ca5b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -329,9 +330,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 35ad9517-4d0a-400d-af85-ae81e1cd6b28 + - 2f315a04-6189-4925-a09d-8b261b0c7ce1 Atl-Traceid: - - 35ad95174d0a400daf85ae81e1cd6b28 + - 2f315a0461894925a09d8b261b0c7ce1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -341,7 +342,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:53:54 GMT + - Sun, 22 Jun 2025 10:14:51 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -351,7 +352,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=1031,atl-edge;dur=1024,atl-edge-internal;dur=21,atl-edge-upstream;dur=1000,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="6cKRifFz8Zz3CM6gHypTUL8ySRVEwuD3TVd7_jLwVaTGQ_llDMPmTQ==",cdn-downstream-fbl;dur=1035 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=1444,atl-edge;dur=1438,atl-edge-internal;dur=21,atl-edge-upstream;dur=1413,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="pggo__FMKKlGfQIoOXfiexmMIjpf59qBeG70ZRm6zJfJMxRFN_no_g==",cdn-downstream-fbl;dur=1448 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -361,18 +362,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront) + - 1.1 de78b5b2f4bbd9bb1abd6bed27a85d78.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 6cKRifFz8Zz3CM6gHypTUL8ySRVEwuD3TVd7_jLwVaTGQ_llDMPmTQ== + - pggo__FMKKlGfQIoOXfiexmMIjpf59qBeG70ZRm6zJfJMxRFN_no_g== X-Amz-Cf-Pop: - - SYD62-P1 + - SYD3-P1 X-Arequestid: - - ea2163e16ff80a3689b7d1bb84f10c51 + - 5f454b3dfd610e1bc85b381f68674f09 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -386,19 +387,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified and + Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title + || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 - (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + (233)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -409,8 +411,8 @@ interactions: later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect - Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n *Due + Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -430,7 +432,7 @@ interactions: Connection: - keep-alive Content-Length: - - '3337' + - '3529' Content-Type: - application/json User-Agent: @@ -439,12 +441,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"20032","key":"NTEST-3052","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032"}' + string: '{"id":"20263","key":"NTEST-3055","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263"}' headers: Atl-Request-Id: - - 4c0eb36c-b0e2-4ef0-aefa-81f21cae20d3 + - a41b425b-ae1c-4e5c-8bd1-f8660cf502ae Atl-Traceid: - - 4c0eb36cb0e24ef0aefa81f21cae20d3 + - a41b425bae1c4e5c8bd1f8660cf502ae Cache-Control: - no-cache, no-store, no-transform Connection: @@ -452,7 +454,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:53:57 GMT + - Sun, 22 Jun 2025 10:14:54 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -462,7 +464,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=1902,atl-edge;dur=1896,atl-edge-internal;dur=19,atl-edge-upstream;dur=1874,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="y-1kcxlkH7HjvyTW4loYJw1quTUI1j5niEulX86PNV7fNf4n5-3rew==",cdn-downstream-fbl;dur=1906 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=1955,atl-edge;dur=1951,atl-edge-internal;dur=17,atl-edge-upstream;dur=1934,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="JEvh6Mb6Y6khyMRaqz0J0kirWcDyOU_0F2QPY070x1vo8VDoL8n_TA==",cdn-downstream-fbl;dur=1961 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -472,15 +474,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 26131a3cde08b60652129237128292a2.cloudfront.net (CloudFront) + - 1.1 ece2a231e09716eb97b51099bf5928fe.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - y-1kcxlkH7HjvyTW4loYJw1quTUI1j5niEulX86PNV7fNf4n5-3rew== + - JEvh6Mb6Y6khyMRaqz0J0kirWcDyOU_0F2QPY070x1vo8VDoL8n_TA== X-Amz-Cf-Pop: - - SYD3-P2 + - SYD62-P3 X-Arequestid: - - 59fa10cc38bfa430ebcb00b106cf822a + - f7409137134125927e3ce46d5d86b642 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -506,28 +508,29 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:53:57.122+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:14:53.528+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 - (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + (233)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -538,8 +541,8 @@ interactions: or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect - Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -551,12 +554,12 @@ interactions: [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - c315fad0-09a8-4961-882e-16e5174be28b + - 8077737e-3c5f-425f-9b8d-527491bac8ce Atl-Traceid: - - c315fad009a84961882e16e5174be28b + - 8077737e3c5f425f9b8d527491bac8ce Cache-Control: - no-cache, no-store, no-transform Connection: @@ -566,7 +569,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:53:59 GMT + - Sun, 22 Jun 2025 10:14:55 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -576,7 +579,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=665,atl-edge;dur=659,atl-edge-internal;dur=19,atl-edge-upstream;dur=638,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="cFMy573P74gpQqLCPvBlQV3V0iYygEJBKBwL705ojRzzg6tg6EtFjw==",cdn-downstream-fbl;dur=669 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=622,atl-edge;dur=614,atl-edge-internal;dur=20,atl-edge-upstream;dur=593,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="TvSKn6AApELoEw_b05Nb55LmzlBtWRyM5CgFDICw9_r6kr3TJiB1Bg==",cdn-downstream-fbl;dur=626 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -586,15 +589,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0b8c49517c533bb6e0c14033e0c899b0.cloudfront.net (CloudFront) + - 1.1 adb4605fb7528573053aec50d6f562c8.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - cFMy573P74gpQqLCPvBlQV3V0iYygEJBKBwL705ojRzzg6tg6EtFjw== + - TvSKn6AApELoEw_b05Nb55LmzlBtWRyM5CgFDICw9_r6kr3TJiB1Bg== X-Amz-Cf-Pop: - - SYD62-P3 + - SYD62-P1 X-Arequestid: - - 1e25789ec28b30781d47bb8d9b40fa4e + - c9acc6f94bb8bf277e9e27c59d3929da X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -620,28 +623,29 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:53:57.122+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:14:53.528+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 - (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + (233)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -652,8 +656,8 @@ interactions: or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect - Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -665,12 +669,12 @@ interactions: [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - ae5dd052-10be-40aa-bf01-f34b72badf0b + - 10e4d0c0-0a9f-4f23-b032-39b4bbef5a1c Atl-Traceid: - - ae5dd05210be40aabf01f34b72badf0b + - 10e4d0c00a9f4f23b03239b4bbef5a1c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -680,7 +684,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:01 GMT + - Sun, 22 Jun 2025 10:14:57 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -690,7 +694,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=976,atl-edge;dur=969,atl-edge-internal;dur=22,atl-edge-upstream;dur=945,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="9PxQraP-V8cg-BS8M_jjZLKbTvGaFJIMJcPo_QeyX268HzinAJJ7lg==",cdn-downstream-fbl;dur=979 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=998,atl-edge;dur=992,atl-edge-internal;dur=21,atl-edge-upstream;dur=969,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="wjfVruRbRFf4ljcVKzp9WJ6_15cTpFnYHkWbxO0VGFqFfhdjO_H4Ag==",cdn-downstream-fbl;dur=1002 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -700,15 +704,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 dc5b7b7a6895b629c6cb8eef5910309e.cloudfront.net (CloudFront) + - 1.1 6d9ff63cdcc93ca8f7c1714fbd746b66.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 9PxQraP-V8cg-BS8M_jjZLKbTvGaFJIMJcPo_QeyX268HzinAJJ7lg== + - wjfVruRbRFf4ljcVKzp9WJ6_15cTpFnYHkWbxO0VGFqFfhdjO_H4Ag== X-Amz-Cf-Pop: - SYD3-P2 X-Arequestid: - - 3d0cfb1587189c49572adbd91227ab0e + - 91645d7e50b8403754cb965ff2e69671 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -737,12 +741,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:54:03.007+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:14:58.888+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - d43e4b67-6f3e-44b3-a24c-59c43487c90b + - 292469aa-9950-495d-a906-1a20aeef407a Atl-Traceid: - - d43e4b676f3e44b3a24c59c43487c90b + - 292469aa9950495da9061a20aeef407a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -752,7 +756,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:03 GMT + - Sun, 22 Jun 2025 10:14:59 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -762,7 +766,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=873,atl-edge;dur=867,atl-edge-internal;dur=17,atl-edge-upstream;dur=848,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="rqzUiAVTlA-SvAHHN-aydS9LePELbZCRr-GEYaSkE1KsFcO4bUl6UA==",cdn-downstream-fbl;dur=878 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=332,atl-edge;dur=327,atl-edge-internal;dur=16,atl-edge-upstream;dur=312,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="mmMi6Y5ZwaEAJlE5nTPDG-q7P5PMMabjSIwnMyxweuH1uay_MKBijQ==",cdn-downstream-fbl;dur=337 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -772,15 +776,202 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8ccca629f0b1ca48e2e69a056f61f9a6.cloudfront.net (CloudFront) + - 1.1 3468af8a053b0ff241626aed87444af8.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - mmMi6Y5ZwaEAJlE5nTPDG-q7P5PMMabjSIwnMyxweuH1uay_MKBijQ== + X-Amz-Cf-Pop: + - SYD62-P2 + X-Arequestid: + - f3cdd11a3ec448cdebc84cc993758401 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:14:53.528+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - c83d503f-2cfe-45c8-a171-f0458a3c3770 + Atl-Traceid: + - c83d503f2cfe45c8a171f0458a3c3770 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:00 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=978,atl-edge;dur=975,atl-edge-internal;dur=16,atl-edge-upstream;dur=959,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="tlW370Gp8gMeulFLLd85E-c7TXK0y0aSGCZ73xmpYTdONpoUWmR7dQ==",cdn-downstream-fbl;dur=981 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 c2fff340a6d5f4b9c17041a88b37f0f4.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - tlW370Gp8gMeulFLLd85E-c7TXK0y0aSGCZ73xmpYTdONpoUWmR7dQ== + X-Amz-Cf-Pop: + - SYD62-P1 + X-Arequestid: + - f6efdeb2fca226e35531e7ebfab9aace + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:15:02.051+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - f4bc2c5c-ac0a-4517-9697-7d52936a2fad + Atl-Traceid: + - f4bc2c5cac0a451796977d52936a2fad + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:02 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=349,atl-edge;dur=342,atl-edge-internal;dur=21,atl-edge-upstream;dur=318,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="8RqiR5sHEtAf-Vsn3hnfJ57GQQ5NMr_z0F_8W7UBHVqR1TV1EDZPWg==",cdn-downstream-fbl;dur=352 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 7b00ea054b97b0dfdfa184981c492f10.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - rqzUiAVTlA-SvAHHN-aydS9LePELbZCRr-GEYaSkE1KsFcO4bUl6UA== + - 8RqiR5sHEtAf-Vsn3hnfJ57GQQ5NMr_z0F_8W7UBHVqR1TV1EDZPWg== X-Amz-Cf-Pop: - SYD62-P3 X-Arequestid: - - 2c859b18678e5ee34c6be5189a385cf2 + - 93354461d9979f6e896055231c490a7a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -806,28 +997,29 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:53:57.122+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:14:53.528+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 - (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + (233)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -838,8 +1030,8 @@ interactions: or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect - Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -851,12 +1043,12 @@ interactions: [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 6adaa3c6-9053-4222-8cd8-a4389cf3140f + - 618fb0d1-d809-40da-b567-6e65f7851057 Atl-Traceid: - - 6adaa3c6905342228cd8a4389cf3140f + - 618fb0d1d80940dab5676e65f7851057 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -866,7 +1058,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:04 GMT + - Sun, 22 Jun 2025 10:15:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -876,7 +1068,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=469,atl-edge;dur=462,atl-edge-internal;dur=19,atl-edge-upstream;dur=445,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="vreVDaZqC5bscsHB61xGgOYzYoCgLbuj6OMHd_KAUzU3eAq_jCnZ8w==",cdn-downstream-fbl;dur=474 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=971,atl-edge;dur=968,atl-edge-internal;dur=17,atl-edge-upstream;dur=952,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="PZh0kUFtP455Dl3muhE2OEgEXtDtYKRZVVPMJnR15nm6XDCGHWAAwA==",cdn-downstream-fbl;dur=976 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -886,15 +1078,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 505047c0efc37a1900f1288c6f749f90.cloudfront.net (CloudFront) + - 1.1 19f48f8a678ef4e5c0ca07e0cf91cbc6.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - vreVDaZqC5bscsHB61xGgOYzYoCgLbuj6OMHd_KAUzU3eAq_jCnZ8w== + - PZh0kUFtP455Dl3muhE2OEgEXtDtYKRZVVPMJnR15nm6XDCGHWAAwA== X-Amz-Cf-Pop: - SYD62-P3 X-Arequestid: - - 3f37495d84bf741d9364558efafc452d + - 0207d74a1f51e2bab40d583b554e22a4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -932,9 +1124,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 22354fc2-0e9b-4aa0-a302-2bba425db318 + - 8dddc675-b09d-4c24-9370-14a3ede0d0e4 Atl-Traceid: - - 22354fc20e9b4aa0a3022bba425db318 + - 8dddc675b09d4c24937014a3ede0d0e4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -944,7 +1136,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:05 GMT + - Sun, 22 Jun 2025 10:15:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -954,7 +1146,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="3izIxD0kaPVqSQox5sDbgBhOoij1vcwL2kYyi4RS1bFImCQOYOQOSw==",cdn-downstream-fbl;dur=537,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=4,cdn-upstream-fbl;dur=534,atl-edge;dur=526,atl-edge-internal;dur=17,atl-edge-upstream;dur=510,atl-edge-pop;desc="aws-ap-southeast-2" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=553,atl-edge;dur=548,atl-edge-internal;dur=19,atl-edge-upstream;dur=528,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="tdIGUq6AkCLmTqZ2jsfxx5g77ierJUnsB_KuGR5tFTTrh1Jjup98qQ==",cdn-downstream-fbl;dur=558 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -964,18 +1156,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 59b0eb2f33939f549a18868a652690fe.cloudfront.net (CloudFront) + - 1.1 d9766b9925771288ecfcf1392328f114.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 3izIxD0kaPVqSQox5sDbgBhOoij1vcwL2kYyi4RS1bFImCQOYOQOSw== + - tdIGUq6AkCLmTqZ2jsfxx5g77ierJUnsB_KuGR5tFTTrh1Jjup98qQ== X-Amz-Cf-Pop: - - SYD3-P1 + - SYD62-P1 X-Arequestid: - - 32b1c5c52c61ed8d3809923d46136feb + - cde3a13fe0c5b419acb96798f524d0a2 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -989,19 +1181,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified and + Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title + || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 - (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + (233)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1012,8 +1205,8 @@ interactions: later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect - Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n *Due + Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1022,7 +1215,7 @@ interactions: Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -1033,21 +1226,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3321' + - '3543' Content-Type: - application/json User-Agent: - python-requests/2.32.4 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 response: body: string: '' headers: Atl-Request-Id: - - aa6b2a25-1051-4101-81c5-e353c5152197 + - cbecc42c-7f40-478e-80ce-414d10f6f7ff Atl-Traceid: - - aa6b2a251051410181c5e353c5152197 + - cbecc42c7f40478e80ce414d10f6f7ff Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1055,7 +1248,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:07 GMT + - Sun, 22 Jun 2025 10:15:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1065,7 +1258,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=994,atl-edge;dur=986,atl-edge-internal;dur=17,atl-edge-upstream;dur=969,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="v78Ai8ZS2f6CW2XFxA3lhUWs5W__FQ_7T-7Gt0C7Wz4hvLiWTzkACQ==",cdn-downstream-fbl;dur=999 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=522,atl-edge;dur=515,atl-edge-internal;dur=22,atl-edge-upstream;dur=491,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="ui6UEP0wBgUfhuHPRSydwQqc9Bs81qYpYPKAz-S7jALcq0DTSxTjXg==",cdn-downstream-fbl;dur=527 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1073,15 +1266,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 80221b5cb6d99c6010a1a445f2ea0f30.cloudfront.net (CloudFront) + - 1.1 a97b28e298ec5907aa1d86d22bc232a0.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - v78Ai8ZS2f6CW2XFxA3lhUWs5W__FQ_7T-7Gt0C7Wz4hvLiWTzkACQ== + - ui6UEP0wBgUfhuHPRSydwQqc9Bs81qYpYPKAz-S7jALcq0DTSxTjXg== X-Amz-Cf-Pop: - - SYD62-P2 + - SYD62-P3 X-Arequestid: - - 18cbdadcb3db05bcae3121b4dbdab328 + - 9cd55f37ffb42231ccdbdd322dfe7bf7 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1107,28 +1300,29 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:53:57.122+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:14:53.528+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 - (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + (233)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1139,8 +1333,8 @@ interactions: or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect - Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1152,12 +1346,12 @@ interactions: [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - a08e8f19-9b98-44f7-b52c-59bee3e7d841 + - 1356b048-d59c-4e21-83a8-f8f061356a20 Atl-Traceid: - - a08e8f199b9844f7b52c59bee3e7d841 + - 1356b048d59c4e2183a8f8f061356a20 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1167,7 +1361,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:09 GMT + - Sun, 22 Jun 2025 10:15:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1177,7 +1371,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=469,atl-edge;dur=465,atl-edge-internal;dur=18,atl-edge-upstream;dur=445,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="cigcWQGPxkPzCZzMtThCWIv6hCN8EUw-urQSlI8lSeuvBp9Cikmxwg==",cdn-downstream-fbl;dur=474 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=496,atl-edge;dur=492,atl-edge-internal;dur=15,atl-edge-upstream;dur=475,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="vn6-16mXhGQDiBJPIbT6m93C4yH2zejXQ3KNp9d7IWLs1wHJcHo0qQ==",cdn-downstream-fbl;dur=502 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1187,15 +1381,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8bec138951dfffa4e8e0ac983bb30e76.cloudfront.net (CloudFront) + - 1.1 7fe70ef74e6a71dc6fcd4b1b62861ffc.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - cigcWQGPxkPzCZzMtThCWIv6hCN8EUw-urQSlI8lSeuvBp9Cikmxwg== + - vn6-16mXhGQDiBJPIbT6m93C4yH2zejXQ3KNp9d7IWLs1wHJcHo0qQ== X-Amz-Cf-Pop: - - SYD62-P1 + - SYD62-P2 X-Arequestid: - - 3e1fddae0068609e0b15209b4d8d286c + - e486b0b235b8550889955183ab0e22a9 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1224,12 +1418,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:54:10.928+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:15:09.540+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - e51cf66b-c077-4539-918e-b11e864e08fc + - 60c8a705-6c5d-46a4-9020-d20eaf75461b Atl-Traceid: - - e51cf66bc0774539918eb11e864e08fc + - 60c8a7056c5d46a49020d20eaf75461b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1239,7 +1433,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:11 GMT + - Sun, 22 Jun 2025 10:15:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1249,7 +1443,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=857,atl-edge;dur=853,atl-edge-internal;dur=19,atl-edge-upstream;dur=832,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="Avu01MHByAGgtsDmpwDKZQOfwT8hF520bzQ0OCSOzLAjBZsGoUDQKg==",cdn-downstream-fbl;dur=862 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=334,atl-edge;dur=327,atl-edge-internal;dur=15,atl-edge-upstream;dur=313,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="j7w7DcJ6wdRDaMNnEI5phRODA9J5sFv7l6ec8iegvBEIKHuj5xGNFA==",cdn-downstream-fbl;dur=339 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1259,15 +1453,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2e05fb1b0c75f8ef4c701fadb0b27fd8.cloudfront.net (CloudFront) + - 1.1 b96ad58427ffff8b9d3959350f8c9f16.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Avu01MHByAGgtsDmpwDKZQOfwT8hF520bzQ0OCSOzLAjBZsGoUDQKg== + - j7w7DcJ6wdRDaMNnEI5phRODA9J5sFv7l6ec8iegvBEIKHuj5xGNFA== X-Amz-Cf-Pop: - - SYD62-P1 + - SYD62-P2 X-Arequestid: - - 46dc76adca71b86492568fa9e3d59232 + - dc6e807501bd17fad440e2650d9644bb X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1293,28 +1487,29 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:53:57.122+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:14:53.528+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 - (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + (233)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1325,8 +1520,8 @@ interactions: or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect - Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1338,12 +1533,12 @@ interactions: [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 3bafb78a-a8a4-4008-962f-62d6c8943c24 + - 1c7b649b-3539-416e-b444-cdd4d5fdf71f Atl-Traceid: - - 3bafb78aa8a44008962f62d6c8943c24 + - 1c7b649b3539416eb444cdd4d5fdf71f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1353,7 +1548,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:12 GMT + - Sun, 22 Jun 2025 10:15:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1363,7 +1558,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=470,atl-edge;dur=463,atl-edge-internal;dur=16,atl-edge-upstream;dur=446,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="ovGRLweS4KHHOhdilRDhvmYlzne9blkPqD-iPCMPDqZcyi8ARhKslQ==",cdn-downstream-fbl;dur=475 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=481,atl-edge;dur=473,atl-edge-internal;dur=18,atl-edge-upstream;dur=452,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="uj0SU-zYRhV21j_HN0r8E1BZj4H7RteTtvNlWG20keRJ3_NAnxscWw==",cdn-downstream-fbl;dur=485 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1373,15 +1568,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 bafb3fcfb450000b354db6fbbd3d2828.cloudfront.net (CloudFront) + - 1.1 de78b5b2f4bbd9bb1abd6bed27a85d78.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ovGRLweS4KHHOhdilRDhvmYlzne9blkPqD-iPCMPDqZcyi8ARhKslQ== + - uj0SU-zYRhV21j_HN0r8E1BZj4H7RteTtvNlWG20keRJ3_NAnxscWw== X-Amz-Cf-Pop: - SYD3-P1 X-Arequestid: - - 7b542a86bdce837e5a3e9c447c766196 + - 8f000c250729e9fad4daba4ef4ea8090 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1410,12 +1605,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:54:13.587+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:15:12.145+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - e651a964-27aa-4496-8552-44d5c0a95998 + - e718e1cc-2826-4aa6-b571-b08c93287537 Atl-Traceid: - - e651a96427aa4496855244d5c0a95998 + - e718e1cc28264aa6b571b08c93287537 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1425,7 +1620,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:13 GMT + - Sun, 22 Jun 2025 10:15:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1435,7 +1630,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=364,atl-edge;dur=356,atl-edge-internal;dur=14,atl-edge-upstream;dur=343,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="WUhVYXhCkfhBOJUYmUC2z3T7HWu0oDBuQ0yuFY70P1YDOJDzkjDyHw==",cdn-downstream-fbl;dur=368 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=342,atl-edge;dur=333,atl-edge-internal;dur=15,atl-edge-upstream;dur=316,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="LtZG9VBL0vy8n8qJ45eMqvS7unwIu-lgFKlRmezTracMWOSX0MsCog==",cdn-downstream-fbl;dur=346 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1445,15 +1640,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0cf8dd8ff8bb60665199a3fb2c2f8e9e.cloudfront.net (CloudFront) + - 1.1 00f0469d54a973389150a36c64065326.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - WUhVYXhCkfhBOJUYmUC2z3T7HWu0oDBuQ0yuFY70P1YDOJDzkjDyHw== + - LtZG9VBL0vy8n8qJ45eMqvS7unwIu-lgFKlRmezTracMWOSX0MsCog== X-Amz-Cf-Pop: - SYD62-P1 X-Arequestid: - - 7ee6ff7bbdaf3a5eaebb7dc272fa25b9 + - a6913640a912193d0791f3168e235c20 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1479,28 +1674,29 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:53:57.122+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:14:53.528+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 - (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + (233)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1511,8 +1707,8 @@ interactions: or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect - Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1524,12 +1720,12 @@ interactions: [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 1fe42b44-6651-4511-bb93-40a5302922d7 + - 083746ad-f61e-41fa-9c57-a510ff238199 Atl-Traceid: - - 1fe42b4466514511bb9340a5302922d7 + - 083746adf61e41fa9c57a510ff238199 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1539,7 +1735,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:15 GMT + - Sun, 22 Jun 2025 10:15:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1549,7 +1745,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=477,atl-edge;dur=476,atl-edge-internal;dur=18,atl-edge-upstream;dur=457,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="ntWLgVA017V84fIOGu8e8ykPkiWiyjqxkPON_7DYFRX0LeQPIqJG7g==",cdn-downstream-fbl;dur=482 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=466,atl-edge;dur=460,atl-edge-internal;dur=18,atl-edge-upstream;dur=442,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="J21LRBcm0cqS-cHEqgXyKqXNEaluBPj6HlKTOssdenzB-f8_YYgYfQ==",cdn-downstream-fbl;dur=475 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1559,15 +1755,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 701510d744831cda18c48da0cb099172.cloudfront.net (CloudFront) + - 1.1 dc7f2062b70b5b710c1b09d21b43f900.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ntWLgVA017V84fIOGu8e8ykPkiWiyjqxkPON_7DYFRX0LeQPIqJG7g== + - J21LRBcm0cqS-cHEqgXyKqXNEaluBPj6HlKTOssdenzB-f8_YYgYfQ== X-Amz-Cf-Pop: - - SYD62-P1 + - SYD62-P2 X-Arequestid: - - 463bbc8b7e660591a70399a958a73d13 + - ef5ad8784c83ef15c482db687095c438 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1593,21 +1789,15 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue - Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix - versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic - Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked - Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:15:14.786+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - b594862b-7d9e-441d-bd08-a1e41ae4b06e + - bce43efa-6945-4342-9dce-cab2e056e447 Atl-Traceid: - - b594862b7d9e441dbd08a1e41ae4b06e + - bce43efa694543429dcecab2e056e447 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1617,7 +1807,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:16 GMT + - Sun, 22 Jun 2025 10:15:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1627,7 +1817,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=545,atl-edge;dur=540,atl-edge-internal;dur=15,atl-edge-upstream;dur=526,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="0ZL1kEyRFUYItHwIDUrBLaZVOZ8V5Yb8anrNc9Ff7oCZaz8Zt9i6gQ==",cdn-downstream-fbl;dur=549 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=345,atl-edge;dur=339,atl-edge-internal;dur=21,atl-edge-upstream;dur=315,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="Ova2DGf5Ex8ChpqhtM28B2Py_m5BoeUItyg_BmkJzm6MMi-FnIWMRw==",cdn-downstream-fbl;dur=348 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1637,18 +1827,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 948c1c49e6b4d8c0c9b0fdb0a41022ec.cloudfront.net (CloudFront) - Warning: - - 'The issue create meta endpoint has been deprecated. (Deprecation start date: - June 03, 2024)' + - 1.1 d5a7b4f0ce5b27d5b6750a1a5f7fd024.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 0ZL1kEyRFUYItHwIDUrBLaZVOZ8V5Yb8anrNc9Ff7oCZaz8Zt9i6gQ== + - Ova2DGf5Ex8ChpqhtM28B2Py_m5BoeUItyg_BmkJzm6MMi-FnIWMRw== X-Amz-Cf-Pop: - - SYD62-P2 + - SYD3-P2 X-Arequestid: - - 288982607fe490a83815458d6c1151dd + - 7e749e46b98e8e135d03cbd512bdec9a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1659,44 +1846,7 @@ interactions: code: 200 message: OK - request: - body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, - "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA - group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] - in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] - | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* July 15, - 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect - Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] - \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source - File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` header - value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n - Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or - later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect - Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source - File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` header - value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n - Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or - later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + body: null headers: Accept: - application/json,*/*;q=0.9 @@ -1706,56 +1856,4486 @@ interactions: - no-cache Connection: - keep-alive - Content-Length: - - '3334' Content-Type: - application/json User-Agent: - python-requests/2.32.4 - method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 response: body: - string: '' - headers: - Atl-Request-Id: - - 798ff1ba-700e-4656-8b72-a0360dc9843e - Atl-Traceid: - - 798ff1ba700e46568b72a0360dc9843e - Cache-Control: - - no-cache, no-store, no-transform - Connection: - - keep-alive - Content-Type: - - application/json;charset=UTF-8 - Date: - - Sun, 15 Jun 2025 08:54:18 GMT - Nel: - - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": - "endpoint-1"}' - Report-To: - - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": - "endpoint-1", "include_subdomains": true, "max_age": 600}' - Server: - - AtlassianEdge - Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=841,atl-edge;dur=833,atl-edge-internal;dur=16,atl-edge-upstream;dur=818,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="3QyKwzLWSwF8NERX6g-an4si7j9Yaojg3h1kVgXh2K_Zn0r1WqW6pA==",cdn-downstream-fbl;dur=845 - Strict-Transport-Security: - - max-age=63072000; includeSubDomains; preload - Timing-Allow-Origin: - - '*' + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:14:53.528+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 24e4608d-0098-408a-84b8-c5ef543f36d1 + Atl-Traceid: + - 24e4608d0098408a84b8c5ef543f36d1 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:16 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=463,atl-edge;dur=461,atl-edge-internal;dur=16,atl-edge-upstream;dur=445,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="ffDYZgCPUdwytiwjiPCzvr0q0ZCSjQmz-qCGBl2qRXY9K8lznh6vaA==",cdn-downstream-fbl;dur=467 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 fd52efac0e72eb0d0b1148d8f877dd9e.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - ffDYZgCPUdwytiwjiPCzvr0q0ZCSjQmz-qCGBl2qRXY9K8lznh6vaA== + X-Amz-Cf-Pop: + - SYD62-P3 + X-Arequestid: + - 91073da8e8f18f760e3efee0f43c97b0 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - b8961c83-0024-438c-9df3-5ac68131bfae + Atl-Traceid: + - b8961c830024438c9df35ac68131bfae + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:17 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=532,atl-edge;dur=525,atl-edge-internal;dur=17,atl-edge-upstream;dur=508,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="6V9GGSYEk6l1A0a1GMw4rluBZNT6_D5LOVsi2TcUO4RHhPnFJ8yXww==",cdn-downstream-fbl;dur=537 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 0c5c9092233f69156c68308fd823bd58.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 6V9GGSYEk6l1A0a1GMw4rluBZNT6_D5LOVsi2TcUO4RHhPnFJ8yXww== + X-Amz-Cf-Pop: + - SYD62-P1 + X-Arequestid: + - 8b7dc65340612388fda607441a6355a3 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified and + Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title + || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n *Due + Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '3543' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '' + headers: + Atl-Request-Id: + - 01eec8aa-d4f7-42ca-990f-32fe4c92b304 + Atl-Traceid: + - 01eec8aad4f742ca990f32fe4c92b304 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:19 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=995,atl-edge;dur=986,atl-edge-internal;dur=16,atl-edge-upstream;dur=970,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="paCWHf83mBwiKOUwYuIZiZUzr5omw6imKmGWNbVG4alc4kid4f90Xg==",cdn-downstream-fbl;dur=1001 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + Via: + - 1.1 0e61cdf08a154ac7d647c2dc742467a6.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - paCWHf83mBwiKOUwYuIZiZUzr5omw6imKmGWNbVG4alc4kid4f90Xg== + X-Amz-Cf-Pop: + - SYD62-P2 + X-Arequestid: + - 5dda7e717d4b9a8028834227fef68b71 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:14:53.528+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - b7ea748d-2f7f-49ca-9c21-68ccb19da379 + Atl-Traceid: + - b7ea748d2f7f49ca9c2168ccb19da379 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:21 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=463,atl-edge;dur=461,atl-edge-internal;dur=19,atl-edge-upstream;dur=441,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="679sA3C1yZm4fV4AFMYPoUE_l25P1NMkNBVXu31eDPaQ_653If8mDQ==",cdn-downstream-fbl;dur=471 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 9ce11977697b826548974c991c092622.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 679sA3C1yZm4fV4AFMYPoUE_l25P1NMkNBVXu31eDPaQ_653If8mDQ== + X-Amz-Cf-Pop: + - SYD62-P2 + X-Arequestid: + - 4c1b9279d9196d75d906b5faf9c75de8 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:15:22.767+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 0746efa1-32f7-4875-bbe9-b4bd694d184f + Atl-Traceid: + - 0746efa132f74875bbe9b4bd694d184f + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:22 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=838,atl-edge;dur=831,atl-edge-internal;dur=16,atl-edge-upstream;dur=815,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="WURRTVONUZPihYa6X4qtGwcwd5-Mkxk3GTIjyKPRqSRTtfaybjbC8g==",cdn-downstream-fbl;dur=843 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 7f1eebb2ab7fd9ddd5ae296bfe0194d2.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - WURRTVONUZPihYa6X4qtGwcwd5-Mkxk3GTIjyKPRqSRTtfaybjbC8g== + X-Amz-Cf-Pop: + - SYD62-P3 + X-Arequestid: + - c83820ed49afd7d5a6d40536c4095e6a + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:14:53.528+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 2bedd56c-1154-47c5-8278-b8a23dbd24e7 + Atl-Traceid: + - 2bedd56c115447c58278b8a23dbd24e7 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:24 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=479,atl-edge;dur=468,atl-edge-internal;dur=19,atl-edge-upstream;dur=448,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="nnSKjrU2pI3NKUL9crWb0a85UDupLShTvJBfRasMd8fKnltKteIC0Q==",cdn-downstream-fbl;dur=484 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 a8d63eee2fd456f0e1e6772e38461220.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - nnSKjrU2pI3NKUL9crWb0a85UDupLShTvJBfRasMd8fKnltKteIC0Q== + X-Amz-Cf-Pop: + - SYD62-P1 + X-Arequestid: + - 912f920c5bc34973a82f6f0947314bdd + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:15:25.501+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 1449c0c3-9660-4252-8e45-11498791f411 + Atl-Traceid: + - 1449c0c3966042528e4511498791f411 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:25 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=340,atl-edge;dur=338,atl-edge-internal;dur=15,atl-edge-upstream;dur=323,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="BjwJTL38yIRFurVzsbVWQr132VrC1w2_ZT16RxIrAFFx2ZFHIXh0Mg==",cdn-downstream-fbl;dur=344 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 d9766b9925771288ecfcf1392328f114.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - BjwJTL38yIRFurVzsbVWQr132VrC1w2_ZT16RxIrAFFx2ZFHIXh0Mg== + X-Amz-Cf-Pop: + - SYD62-P1 + X-Arequestid: + - 055644e1fb5b1d0565e447491851a121 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:14:53.528+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - b8b1132c-fdd2-44f6-aedf-2596795c0e91 + Atl-Traceid: + - b8b1132cfdd244f6aedf2596795c0e91 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:27 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=494,atl-edge;dur=488,atl-edge-internal;dur=16,atl-edge-upstream;dur=472,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="RAmx3HKIRwrbm3BnWksrzu3gFjeVCfTfN1L0HQoBUqu5SkdAwcFT3g==",cdn-downstream-fbl;dur=500 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 cc5461804f39ae1b3956b0f75ed048ce.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - RAmx3HKIRwrbm3BnWksrzu3gFjeVCfTfN1L0HQoBUqu5SkdAwcFT3g== + X-Amz-Cf-Pop: + - SYD3-P1 + X-Arequestid: + - 02eb0989938acd72eba8007e66d59f52 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - d86eae35-63bc-49e9-8297-bb96b151905f + Atl-Traceid: + - d86eae3563bc49e98297bb96b151905f + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:28 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=550,atl-edge;dur=543,atl-edge-internal;dur=17,atl-edge-upstream;dur=527,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="pqQAmSgluwPF6vXwSO2p9NWggdLz0LxpWuOx5JTZ9xX1JyjXqlH1EQ==",cdn-downstream-fbl;dur=556 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 30d965dd3bd4ca28c3aa1ccfc6be7c36.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - pqQAmSgluwPF6vXwSO2p9NWggdLz0LxpWuOx5JTZ9xX1JyjXqlH1EQ== + X-Amz-Cf-Pop: + - SYD3-P1 + X-Arequestid: + - 41b4ec0fb8a74c7c902b7b197e51efa8 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Sept. 20, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || + Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* Medium\n *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n *Due + Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '3553' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '' + headers: + Atl-Request-Id: + - 585a0a0b-e47f-497c-93cf-235973980c9b + Atl-Traceid: + - 585a0a0be47f497c93cf235973980c9b + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:30 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=1300,atl-edge;dur=1297,atl-edge-internal;dur=17,atl-edge-upstream;dur=1281,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="Exb6Fetf_cgEEYG3fVlwLCwXyczi-DTyWaHfewRx5GRtabxDnEgx1w==",cdn-downstream-fbl;dur=1304 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + Via: + - 1.1 9f543b41d91998db89601c7fae0f18c2.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - Exb6Fetf_cgEEYG3fVlwLCwXyczi-DTyWaHfewRx5GRtabxDnEgx1w== + X-Amz-Cf-Pop: + - SYD62-P3 + X-Arequestid: + - b0bfef3775d688e02930930ecf034c63 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:15:30.248+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Sept. 20, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* Medium\n *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 62710790-1846-46b2-a823-62880d86143c + Atl-Traceid: + - 62710790184646b2a82362880d86143c + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:32 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=553,atl-edge;dur=547,atl-edge-internal;dur=21,atl-edge-upstream;dur=527,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="oq1BIw4wJpi_7m_fIVE7Ep1aEHOd1tCsXVwyIFN0tbLDKnwJ46IAfw==",cdn-downstream-fbl;dur=558 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 35202ecfee8e63e178de36be1b541f0e.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - oq1BIw4wJpi_7m_fIVE7Ep1aEHOd1tCsXVwyIFN0tbLDKnwJ46IAfw== + X-Amz-Cf-Pop: + - SYD62-P2 + X-Arequestid: + - fb5375fb3a6009436f39ca400a5b07f6 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:15:33.766+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 8c849339-7a7a-43df-b6ec-4bddc4d1d799 + Atl-Traceid: + - 8c8493397a7a43dfb6ec4bddc4d1d799 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:33 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=838,atl-edge;dur=832,atl-edge-internal;dur=14,atl-edge-upstream;dur=818,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="ZPLWL9Fdrcnti1ZB_MM8BX9RWcx9HQM8RHTMuS1ulgKcy1EpoDTcpQ==",cdn-downstream-fbl;dur=843 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 55d9a4fa548a24d777eff07223b71680.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - ZPLWL9Fdrcnti1ZB_MM8BX9RWcx9HQM8RHTMuS1ulgKcy1EpoDTcpQ== + X-Amz-Cf-Pop: + - SYD3-P1 + X-Arequestid: + - bdc4361269b4ba28d8a01a0d7ae59900 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:15:30.248+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Sept. 20, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* Medium\n *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - bf39e205-8867-4cdc-a187-82adfde7de75 + Atl-Traceid: + - bf39e20588674cdca18782adfde7de75 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:35 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=463,atl-edge;dur=461,atl-edge-internal;dur=15,atl-edge-upstream;dur=445,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="0cXeZooK203Z81VG2jPiUg9ewa_vjRehtvZT7wJVGiZUusVvF8g43A==",cdn-downstream-fbl;dur=467 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 bc177ce25ddc555a7d303bc4d290a6ec.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 0cXeZooK203Z81VG2jPiUg9ewa_vjRehtvZT7wJVGiZUusVvF8g43A== + X-Amz-Cf-Pop: + - SYD62-P2 + X-Arequestid: + - 96631737e53efb33a7c12850fdd6d04f + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:15:36.903+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 7bf82114-3385-4c15-9397-579e075ce9fe + Atl-Traceid: + - 7bf8211433854c159397579e075ce9fe + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:37 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=834,atl-edge;dur=827,atl-edge-internal;dur=16,atl-edge-upstream;dur=812,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="JxljbSSTXmhMU9M2CuTnk9Kp-KcAkz69IvZDnRWd0Y2XGFhY8D6QeQ==",cdn-downstream-fbl;dur=839 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 14ad4e3e12857f3153259ccd2089a180.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - JxljbSSTXmhMU9M2CuTnk9Kp-KcAkz69IvZDnRWd0Y2XGFhY8D6QeQ== + X-Amz-Cf-Pop: + - SYD3-P2 + X-Arequestid: + - 2c13b6f637e0d4a73039f4e87522dbac + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:15:30.248+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Sept. 20, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* Medium\n *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - f0075172-a417-4eb3-9a93-88d804ceb892 + Atl-Traceid: + - f0075172a4174eb39a9388d804ceb892 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:38 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=964,atl-edge;dur=962,atl-edge-internal;dur=15,atl-edge-upstream;dur=947,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="IOmUObByio0MhXl-__tECph59pHYllT-oSCZ1-CY8Ey6_we-Ye7hig==",cdn-downstream-fbl;dur=969 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 5e473a5e64c6a2f7bc916721cc188252.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - IOmUObByio0MhXl-__tECph59pHYllT-oSCZ1-CY8Ey6_we-Ye7hig== + X-Amz-Cf-Pop: + - SYD62-P2 + X-Arequestid: + - 107fb30c43409a7e0aeb5a5671e76b30 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 62be8a1f-0a8f-46b5-a065-b202329530ed + Atl-Traceid: + - 62be8a1f0a8f46b5a065b202329530ed + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:40 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="vxQt-VvaL1MjGlSYqGYGnR-2Xo9nBBx27F5u2r3zhI2_BhG5YVwJPw==",cdn-downstream-fbl;dur=534,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=4,cdn-upstream-fbl;dur=531,atl-edge;dur=525,atl-edge-internal;dur=19,atl-edge-upstream;dur=506,atl-edge-pop;desc="aws-ap-southeast-2" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 a7a7ee092ee4b4df82064022cbdb7e94.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - vxQt-VvaL1MjGlSYqGYGnR-2Xo9nBBx27F5u2r3zhI2_BhG5YVwJPw== + X-Amz-Cf-Pop: + - SYD3-P1 + X-Arequestid: + - 6bb50c5bd8112d64a9b6eb6404e4285c + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified and + Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title + || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n *Due + Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '3543' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '' + headers: + Atl-Request-Id: + - bc9a6aad-5282-4208-9679-f472f7640181 + Atl-Traceid: + - bc9a6aad528242089679f472f7640181 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:42 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=744,atl-edge;dur=740,atl-edge-internal;dur=14,atl-edge-upstream;dur=726,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="NQhxU9SrWzBDaMZezwL_4WFLxvuIsIk2wDsHlWPFH15QMQlXeNEKDA==",cdn-downstream-fbl;dur=749 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + Via: + - 1.1 c44c600db483eb2098670fa47c16d840.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - NQhxU9SrWzBDaMZezwL_4WFLxvuIsIk2wDsHlWPFH15QMQlXeNEKDA== + X-Amz-Cf-Pop: + - SYD3-P1 + X-Arequestid: + - 23e54b12a567ba6a7b7bbf254f3af005 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:15:41.722+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/232]\n*Defect Dojo link:* http://localhost:8080/finding/232 + (232)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 04e8d06c-357b-4d4a-99d8-4ecd2783cfbe + Atl-Traceid: + - 04e8d06c357b4d4a99d84ecd2783cfbe + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:43 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=474,atl-edge;dur=469,atl-edge-internal;dur=17,atl-edge-upstream;dur=451,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="qrD3ivQ491wU30kbQwhz2UPXyXh7-DKwO3piJDRQZ_zvLOCFKxF9ag==",cdn-downstream-fbl;dur=478 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 2bff6bbbee7da79c98259baccec11e2c.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - qrD3ivQ491wU30kbQwhz2UPXyXh7-DKwO3piJDRQZ_zvLOCFKxF9ag== + X-Amz-Cf-Pop: + - SYD3-P2 + X-Arequestid: + - a0bb473738eae05521393a76411b8ad0 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:15:45.097+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 7d7a1c65-4c5e-47ba-b3d1-9ccf822a4f01 + Atl-Traceid: + - 7d7a1c654c5e47bab3d19ccf822a4f01 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:45 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=844,atl-edge;dur=838,atl-edge-internal;dur=15,atl-edge-upstream;dur=822,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="6aleSSsR1DmSzlTKdixjb3qbdVmr8JWMlmAxJ15sgprBcqdvYG1V8w==",cdn-downstream-fbl;dur=847 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 853f4fb2226327c7e93e1af35b3e6c8c.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 6aleSSsR1DmSzlTKdixjb3qbdVmr8JWMlmAxJ15sgprBcqdvYG1V8w== + X-Amz-Cf-Pop: + - SYD3-P2 + X-Arequestid: + - ad661f0400510f242ee0d643fbca05e8 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:15:41.722+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/232]\n*Defect Dojo link:* http://localhost:8080/finding/232 + (232)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 5e46378c-2e97-4e70-a479-9a476e73341b + Atl-Traceid: + - 5e46378c2e974e70a4799a476e73341b + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:46 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=475,atl-edge;dur=469,atl-edge-internal;dur=19,atl-edge-upstream;dur=450,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="qge4EPUpthbXfW4NQwGxzgD6HF-5x3ST4uozE9GjAWiYNfvlgO__kA==",cdn-downstream-fbl;dur=479 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 1b68da67ecd8210b43b9ded7550536ca.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - qge4EPUpthbXfW4NQwGxzgD6HF-5x3ST4uozE9GjAWiYNfvlgO__kA== + X-Amz-Cf-Pop: + - SYD62-P3 + X-Arequestid: + - 3c17a1800bade05541496313be8c54b2 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:15:47.713+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 8c73639a-0f56-4c0e-96b1-d5022f5d661b + Atl-Traceid: + - 8c73639a0f564c0e96b1d5022f5d661b + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:47 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=378,atl-edge;dur=375,atl-edge-internal;dur=14,atl-edge-upstream;dur=361,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="eP-eu9KeWg52ae-USc5Fi7ZR6kiNhFSrK7Js2OKeEJU3S1PqvDpXYA==",cdn-downstream-fbl;dur=382 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 8bec138951dfffa4e8e0ac983bb30e76.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - eP-eu9KeWg52ae-USc5Fi7ZR6kiNhFSrK7Js2OKeEJU3S1PqvDpXYA== + X-Amz-Cf-Pop: + - SYD62-P1 + X-Arequestid: + - 821f971ee5295f8cd021891a526ebf31 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:15:41.722+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/232]\n*Defect Dojo link:* http://localhost:8080/finding/232 + (232)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - b153f118-1d32-4126-a1d1-b91a3f2ee6e4 + Atl-Traceid: + - b153f1181d324126a1d1b91a3f2ee6e4 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:49 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=445,atl-edge;dur=439,atl-edge-internal;dur=16,atl-edge-upstream;dur=423,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="607tnAf2WK-0kwefa1pybvGHQLS6MZLCi5UMmkhgZMBM6jfLWb9lsw==",cdn-downstream-fbl;dur=448 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 7f1eebb2ab7fd9ddd5ae296bfe0194d2.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 607tnAf2WK-0kwefa1pybvGHQLS6MZLCi5UMmkhgZMBM6jfLWb9lsw== + X-Amz-Cf-Pop: + - SYD62-P3 + X-Arequestid: + - 1070daeef14a590fb4e1aa851b395556 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:15:50.329+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - d154ac76-b038-4b20-906c-138370ed8273 + Atl-Traceid: + - d154ac76b0384b20906c138370ed8273 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:50 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=378,atl-edge;dur=376,atl-edge-internal;dur=16,atl-edge-upstream;dur=360,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="M23w1RArksRM6-tm0yoC_8EZFjL8KZU7qycpmt1bZCNK8dgmfLzqiA==",cdn-downstream-fbl;dur=381 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 f2132080e9d6401d1cc8e856e53672f6.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - M23w1RArksRM6-tm0yoC_8EZFjL8KZU7qycpmt1bZCNK8dgmfLzqiA== + X-Amz-Cf-Pop: + - SYD62-P3 + X-Arequestid: + - 552d26b7bbddbe2ec2c31bbcef09490b + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:15:41.722+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/232]\n*Defect Dojo link:* http://localhost:8080/finding/232 + (232)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 6ed74644-66b0-496c-b2b2-823185e9ce1b + Atl-Traceid: + - 6ed7464466b0496cb2b2823185e9ce1b + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:52 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=968,atl-edge;dur=962,atl-edge-internal;dur=15,atl-edge-upstream;dur=946,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="WYq04UAvGe3RM7mc8z8BorNPIEWSOPdZW9vCdniQDuaqG6AuOXfbMw==",cdn-downstream-fbl;dur=974 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 35202ecfee8e63e178de36be1b541f0e.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - WYq04UAvGe3RM7mc8z8BorNPIEWSOPdZW9vCdniQDuaqG6AuOXfbMw== + X-Amz-Cf-Pop: + - SYD62-P2 + X-Arequestid: + - ef8d4e92f8b807d87a9ce6822243c611 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:15:53.480+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 2481fa0d-23fd-4e2e-aafa-43025c025fd2 + Atl-Traceid: + - 2481fa0d23fd4e2eaafa43025c025fd2 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:53 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=345,atl-edge;dur=340,atl-edge-internal;dur=15,atl-edge-upstream;dur=325,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="zmgy1HYE77cwQFBalihiIhuSMW1ZAVU6fH5OW4aA_gJoRWGeyRivcQ==",cdn-downstream-fbl;dur=349 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 adb4605fb7528573053aec50d6f562c8.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - zmgy1HYE77cwQFBalihiIhuSMW1ZAVU6fH5OW4aA_gJoRWGeyRivcQ== + X-Amz-Cf-Pop: + - SYD62-P1 + X-Arequestid: + - 38f1dd2abcd01ea7687a0ef74c6b76d4 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:15:41.722+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/232]\n*Defect Dojo link:* http://localhost:8080/finding/232 + (232)\n*Severity:* High\n *Due Date:* July 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - cfaa5c6f-a704-47a7-a480-0445bd700c98 + Atl-Traceid: + - cfaa5c6fa70447a7a4800445bd700c98 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:54 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=474,atl-edge;dur=472,atl-edge-internal;dur=17,atl-edge-upstream;dur=456,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="61KRp4o90neyz7LQTKmwtKsV0Pr6Abp_4AQkyOeN7DpJ--rFfLp7-g==",cdn-downstream-fbl;dur=479 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 e3b6a2cc8a3456f4a2dc3bfd506c4344.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 61KRp4o90neyz7LQTKmwtKsV0Pr6Abp_4AQkyOeN7DpJ--rFfLp7-g== + X-Amz-Cf-Pop: + - SYD62-P3 + X-Arequestid: + - 2e1e101190de81da87d54bf011ed090e + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 33fd4ece-3b50-4469-9f96-a99582827a13 + Atl-Traceid: + - 33fd4ece3b5044699f96a99582827a13 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:56 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=567,atl-edge;dur=565,atl-edge-internal;dur=18,atl-edge-upstream;dur=547,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="K0FKZadkF0hj6CrdcGAvmPDHoyTGX_PDqXk0y9rmSGr6s87VMJ4TaA==",cdn-downstream-fbl;dur=575 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 da84bd533f95bc21581ad9f33da5b73a.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - K0FKZadkF0hj6CrdcGAvmPDHoyTGX_PDqXk0y9rmSGr6s87VMJ4TaA== + X-Amz-Cf-Pop: + - SYD62-P3 + X-Arequestid: + - e10b7d5c78d029faa55058dc2af9e7dc + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* Sept. 20, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || + Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Inactive, + Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n *Due + Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '3559' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '' + headers: + Atl-Request-Id: + - ea75fd32-fbcb-4c3d-8d38-4b688c248f68 + Atl-Traceid: + - ea75fd32fbcb4c3d8d384b688c248f68 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:15:58 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=1382,atl-edge;dur=1376,atl-edge-internal;dur=15,atl-edge-upstream;dur=1361,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="zR3-mNO4ZNx6WW-e5yijHbjRXtbBMP8GnSSP7AKvWjmBHkN0NUvS7w==",cdn-downstream-fbl;dur=1386 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + Via: + - 1.1 0cf8dd8ff8bb60665199a3fb2c2f8e9e.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - zR3-mNO4ZNx6WW-e5yijHbjRXtbBMP8GnSSP7AKvWjmBHkN0NUvS7w== + X-Amz-Cf-Pop: + - SYD62-P1 + X-Arequestid: + - 7cbfef90ab5568271ea4dbeeca53d34a + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:15:58.239+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* Sept. 20, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Inactive, + Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - aad0ecef-bf61-4808-90d8-25b3ddbf944b + Atl-Traceid: + - aad0ecefbf61480890d825b3ddbf944b + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:00 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=442,atl-edge;dur=440,atl-edge-internal;dur=17,atl-edge-upstream;dur=422,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="vDSt_qQhHY4Ucz3PRsi2loXRvO4s229d1Mw50OysXbf2RL0A8Urheg==",cdn-downstream-fbl;dur=447 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 c44c600db483eb2098670fa47c16d840.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - vDSt_qQhHY4Ucz3PRsi2loXRvO4s229d1Mw50OysXbf2RL0A8Urheg== + X-Amz-Cf-Pop: + - SYD3-P1 + X-Arequestid: + - 04edacc1804e094516af64cf922d2766 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:16:01.742+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 2e77f1f7-5480-4874-82c5-f9df5ac85633 + Atl-Traceid: + - 2e77f1f75480487482c5f9df5ac85633 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:01 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=843,atl-edge;dur=841,atl-edge-internal;dur=15,atl-edge-upstream;dur=826,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="K3CF3_ZPihO8PVfL8uNAW_P2wpepqhT0wKV_MK93Dr2_bFuIpLlISA==",cdn-downstream-fbl;dur=848 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 4445030cc387fae2e8f01664465bd4fc.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - K3CF3_ZPihO8PVfL8uNAW_P2wpepqhT0wKV_MK93Dr2_bFuIpLlISA== + X-Amz-Cf-Pop: + - SYD3-P2 + X-Arequestid: + - a4ae32468701b42709f9bee13c66024d + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:15:58.239+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* Sept. 20, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Inactive, + Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 6c3febac-1e9f-46a2-bc6c-7b8f30e62476 + Atl-Traceid: + - 6c3febac1e9f46a2bc6c7b8f30e62476 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:03 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=495,atl-edge;dur=488,atl-edge-internal;dur=16,atl-edge-upstream;dur=472,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="3yknwnqL87xrZkdIgsik-GEPSWc9DZhSuiTa9acxW7mEQSttbBbLJA==",cdn-downstream-fbl;dur=501 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 352b1001018ea123117ef28ad154f522.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 3yknwnqL87xrZkdIgsik-GEPSWc9DZhSuiTa9acxW7mEQSttbBbLJA== + X-Amz-Cf-Pop: + - SYD3-P2 + X-Arequestid: + - 6ebdaa6c7addd4ac918baff081e9e6d7 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 34135a94-c97b-4d51-94e6-b8fd4ab7f6ae + Atl-Traceid: + - 34135a94c97b4d5194e6b8fd4ab7f6ae + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:04 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=512,atl-edge;dur=510,atl-edge-internal;dur=15,atl-edge-upstream;dur=494,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="XixCj03vaxDYbmwRBjzFTGqexEogOBQRvrGVxr1m6OauguYENxTtRA==",cdn-downstream-fbl;dur=517 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 6e1c6646ddd7c3d29e8d895186891110.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - XixCj03vaxDYbmwRBjzFTGqexEogOBQRvrGVxr1m6OauguYENxTtRA== + X-Amz-Cf-Pop: + - SYD3-P2 + X-Arequestid: + - 11dc739e54bd315a468ef784f730d6e6 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, Verified and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Inactive, + Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Inactive, + Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n *Due + Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Lowest"}}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '3562' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '' + headers: + Atl-Request-Id: + - 03165c42-5c15-40db-9951-70ae14dc9de9 + Atl-Traceid: + - 03165c425c1540db995170ae14dc9de9 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:06 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=832,atl-edge;dur=825,atl-edge-internal;dur=15,atl-edge-upstream;dur=807,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="ReFjHJJuG9_YUB0FQecWXFUY8UHuFD514Dqhf5l9Gm6rg_Tyf1mhsA==",cdn-downstream-fbl;dur=837 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + Via: + - 1.1 00625c2aa02f6876cd9570486ac98924.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - ReFjHJJuG9_YUB0FQecWXFUY8UHuFD514Dqhf5l9Gm6rg_Tyf1mhsA== + X-Amz-Cf-Pop: + - SYD3-P2 + X-Arequestid: + - 5db90ecf9b823be409b5d8450c12a3ee + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:14:54.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:16:06.102+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, Verified and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Inactive, + Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Inactive, + Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 237ba56e-c80f-4521-a5fa-0176c9ba7d0f + Atl-Traceid: + - 237ba56ec80f4521a5fa0176c9ba7d0f + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:07 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=526,atl-edge;dur=513,atl-edge-internal;dur=20,atl-edge-upstream;dur=497,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="2wOIZiLtgSF4sTWhTwseS4GplsgZZDcqf8VC6mPLovHFWGGaTVIBMQ==",cdn-downstream-fbl;dur=530 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 6eb4925a459e5104745cfd7f77596766.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 2wOIZiLtgSF4sTWhTwseS4GplsgZZDcqf8VC6mPLovHFWGGaTVIBMQ== + X-Amz-Cf-Pop: + - SYD62-P3 + X-Arequestid: + - 853afc00b5e4f848bee1397792356add + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"transition": {"id": 41}, "fields": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '40' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/transitions + response: + body: + string: '' + headers: + Atl-Request-Id: + - 9b98b223-65e2-425e-a157-f58204b1ed11 + Atl-Traceid: + - 9b98b22365e2425ea157f58204b1ed11 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - text/html;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:09 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=758,atl-edge;dur=754,atl-edge-internal;dur=15,atl-edge-upstream;dur=739,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="mruRqnEWC_yBCVMiF9AtKXa1PvPDOWKSq1RrAmrXQhrIRDC0QUqUow==",cdn-downstream-fbl;dur=762 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + Via: + - 1.1 dc5b7b7a6895b629c6cb8eef5910309e.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - mruRqnEWC_yBCVMiF9AtKXa1PvPDOWKSq1RrAmrXQhrIRDC0QUqUow== + X-Amz-Cf-Pop: + - SYD3-P2 + X-Arequestid: + - 4b37a10bc99cfa3fa427b7d77e979c8e + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:16:10.712+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 40bbdd69-18fd-47b6-a097-a77322eb03a6 + Atl-Traceid: + - 40bbdd6918fd47b6a097a77322eb03a6 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:10 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=333,atl-edge;dur=331,atl-edge-internal;dur=15,atl-edge-upstream;dur=316,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="zDnDxOMOqc6rhBdko8npfa7_DDj5Tgfvi8S-YOSafPvDsPCsnsCwFQ==",cdn-downstream-fbl;dur=339 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 5e473a5e64c6a2f7bc916721cc188252.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - zDnDxOMOqc6rhBdko8npfa7_DDj5Tgfvi8S-YOSafPvDsPCsnsCwFQ== + X-Amz-Cf-Pop: + - SYD62-P2 + X-Arequestid: + - 31f87624efdf8f42c397b18394aab710 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:16:09.149+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-06-22T12:16:09.135+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_75982_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:16:09.148+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, Verified and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Inactive, + Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Inactive, + Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 353f9b02-c5c3-4007-9bf3-b6ee0a5af78a + Atl-Traceid: + - 353f9b02c5c340079bf3b6ee0a5af78a + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:12 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=532,atl-edge;dur=524,atl-edge-internal;dur=20,atl-edge-upstream;dur=509,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="1Vi6WTubz0HQyjqU1O8Q1EJvIj7gQKN5Iw71mRQbntb3kMOiQJmwoA==",cdn-downstream-fbl;dur=537 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 c8a7df1b4956aa390fe495730eb3c9f4.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 1Vi6WTubz0HQyjqU1O8Q1EJvIj7gQKN5Iw71mRQbntb3kMOiQJmwoA== + X-Amz-Cf-Pop: + - SYD62-P2 + X-Arequestid: + - 1bf0c3275c8656989e30f84414a5ec30 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:16:13.333+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - e433f413-28af-4883-9ac8-cb514fac8f2c + Atl-Traceid: + - e433f41328af48839ac8cb514fac8f2c + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:13 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=332,atl-edge;dur=328,atl-edge-internal;dur=16,atl-edge-upstream;dur=312,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="gtbvfqd6wwVU2vdCugna2IqIFYiUfpzuZmvT2H34t1BSec096Hd0gA==",cdn-downstream-fbl;dur=343 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 8ccca629f0b1ca48e2e69a056f61f9a6.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - gtbvfqd6wwVU2vdCugna2IqIFYiUfpzuZmvT2H34t1BSec096Hd0gA== + X-Amz-Cf-Pop: + - SYD62-P3 + X-Arequestid: + - 66561cdf67258fec83603882cccd1555 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:16:09.149+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-06-22T12:16:09.135+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_75982_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:16:09.148+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, Verified and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Inactive, + Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Inactive, + Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 273537fb-6514-424e-bbcc-be3f27fe0e33 + Atl-Traceid: + - 273537fb6514424ebbccbe3f27fe0e33 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:14 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=490,atl-edge;dur=477,atl-edge-internal;dur=19,atl-edge-upstream;dur=462,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="BsQTTqNSGQrwwhywTG-3MMn1AJ41wMMf9p__8_MsbyBn4LU4q8Zmyg==",cdn-downstream-fbl;dur=495 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 59b0eb2f33939f549a18868a652690fe.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - BsQTTqNSGQrwwhywTG-3MMn1AJ41wMMf9p__8_MsbyBn4LU4q8Zmyg== + X-Amz-Cf-Pop: + - SYD3-P1 + X-Arequestid: + - b5b898542b58ec3f9b5aa7fdc3c25abb + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:16:16.118+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 50b4e157-b246-4761-9a41-5278d0ba1819 + Atl-Traceid: + - 50b4e157b24647619a415278d0ba1819 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:16 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=335,atl-edge;dur=333,atl-edge-internal;dur=16,atl-edge-upstream;dur=317,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="M7-mG-U5NPFyoj__yWb79sWgWe7o6A6Kel9V9TUFSnUXHEU4iy0Wug==",cdn-downstream-fbl;dur=341 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 7fe70ef74e6a71dc6fcd4b1b62861ffc.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - M7-mG-U5NPFyoj__yWb79sWgWe7o6A6Kel9V9TUFSnUXHEU4iy0Wug== + X-Amz-Cf-Pop: + - SYD62-P2 + X-Arequestid: + - fdab14067817aba4e38de6a8cc8127d7 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:16:09.149+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-06-22T12:16:09.135+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_75982_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:16:09.148+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, Verified and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Inactive, + Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Inactive, + Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* July 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 05be8e1f-4070-4f41-8f2c-9bcaeaed9daf + Atl-Traceid: + - 05be8e1f40704f418f2c9bcaeaed9daf + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:18 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=956,atl-edge;dur=954,atl-edge-internal;dur=14,atl-edge-upstream;dur=939,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="vsNZ0IFCIeuydiWm5jp0mAPn27Vb_WJVgmJwZcp9DMrEVSE0kcy8sQ==",cdn-downstream-fbl;dur=961 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 a492a754c99951a31a41d1c031185610.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - vsNZ0IFCIeuydiWm5jp0mAPn27Vb_WJVgmJwZcp9DMrEVSE0kcy8sQ== + X-Amz-Cf-Pop: + - SYD3-P1 + X-Arequestid: + - b0aac6bc28313b5cd75bc1197863dc71 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 2fdf7ab2-267d-4033-835e-16f188436bfb + Atl-Traceid: + - 2fdf7ab2267d4033835e16f188436bfb + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:20 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=1000,atl-edge;dur=998,atl-edge-internal;dur=16,atl-edge-upstream;dur=982,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="g7em0x3HG2hohjBa2QPhfc0KS-RztiEDHAwOhwNhVFojufqINa_aJw==",cdn-downstream-fbl;dur=1005 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 1d3e75fe2262e8a6f4a318b2bf3e6570.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - g7em0x3HG2hohjBa2QPhfc0KS-RztiEDHAwOhwNhVFojufqINa_aJw== + X-Amz-Cf-Pop: + - SYD62-P1 + X-Arequestid: + - 7be0c30b2ba59f7d7717824b9b9e0524 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Inactive, + Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n *Due + Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Info\n\n *CWE:* + [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Lowest"}}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '3524' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '' + headers: + Atl-Request-Id: + - 970650bb-aff7-43b4-9792-8c7efbda47ce + Atl-Traceid: + - 970650bbaff743b497928c7efbda47ce + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:21 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=738,atl-edge;dur=736,atl-edge-internal;dur=16,atl-edge-upstream;dur=718,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="1zpUTwXgNvUa_lJRm0xz5D-GY8TsHi6NFUy5yXtrsQBIy08NB5OdZg==",cdn-downstream-fbl;dur=743 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + Via: + - 1.1 e80732d7ef726bed77c3f67a8339cc96.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 1zpUTwXgNvUa_lJRm0xz5D-GY8TsHi6NFUy5yXtrsQBIy08NB5OdZg== + X-Amz-Cf-Pop: + - SYD3-P2 + X-Arequestid: + - 56f8f69e41c9b0f415548caca8d80a1e + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:16:09.149+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-06-22T12:16:09.135+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_75982_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:16:21.377+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Inactive, + Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Info\n\n + *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 7b511068-2598-40f2-aed4-6b96d7c54aed + Atl-Traceid: + - 7b511068259840f2aed46b96d7c54aed + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:23 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=450,atl-edge;dur=441,atl-edge-internal;dur=19,atl-edge-upstream;dur=423,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="LNMdEXpz86O9p8TVUwJ4729ZxXdFXSSXYwMr9o48J2QTEyAqLmbYXQ==",cdn-downstream-fbl;dur=456 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 d3f1182213e75f053a9e7404f079d540.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - LNMdEXpz86O9p8TVUwJ4729ZxXdFXSSXYwMr9o48J2QTEyAqLmbYXQ== + X-Amz-Cf-Pop: + - SYD62-P2 + X-Arequestid: + - f10d52f820fb466ba596868a0f784041 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:16:24.438+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - dd071914-f61f-4bed-80d3-4b8509b79116 + Atl-Traceid: + - dd071914f61f4bed80d34b8509b79116 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:24 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=325,atl-edge;dur=323,atl-edge-internal;dur=16,atl-edge-upstream;dur=307,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="-Sk4npjfAFHOE05jex7_VzGvT9_BdsLfjT76YjMgQyop3Jh0O7QoZw==",cdn-downstream-fbl;dur=329 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 db487bbf70af29af96ef50a3f5b469d4.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - -Sk4npjfAFHOE05jex7_VzGvT9_BdsLfjT76YjMgQyop3Jh0O7QoZw== + X-Amz-Cf-Pop: + - SYD3-P2 + X-Arequestid: + - cf721aa7e618d2bc019a2ee86dd113fc + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:16:09.149+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-06-22T12:16:09.135+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_75982_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:16:21.377+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Inactive, + Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Info\n\n + *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - fb9fac8e-9d15-4eb2-a554-fb3d6443da2b + Atl-Traceid: + - fb9fac8e9d154eb2a554fb3d6443da2b + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:26 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=471,atl-edge;dur=469,atl-edge-internal;dur=15,atl-edge-upstream;dur=454,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="vYVg1NL2ENqil-awlFNDQsmp9Npv6njT9YsqWOdOb0bzHvYfxLz55w==",cdn-downstream-fbl;dur=474 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked Vary: - Accept-Encoding Via: - - 1.1 7b00ea054b97b0dfdfa184981c492f10.cloudfront.net (CloudFront) + - 1.1 2bff6bbbee7da79c98259baccec11e2c.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - vYVg1NL2ENqil-awlFNDQsmp9Npv6njT9YsqWOdOb0bzHvYfxLz55w== + X-Amz-Cf-Pop: + - SYD3-P2 + X-Arequestid: + - 679589b60006d30a961c7c4277f2c1cb + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:16:27.167+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - e37fc732-94f4-4795-9150-c67bce3094bf + Atl-Traceid: + - e37fc73294f447959150c67bce3094bf + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:27 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=332,atl-edge;dur=331,atl-edge-internal;dur=15,atl-edge-upstream;dur=316,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="B3pQ1YKLClJRxJ3HJLywrkuUwTiCxTSvBIowRiJOU4QjXeRH1y4Beg==",cdn-downstream-fbl;dur=344 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 7f1eebb2ab7fd9ddd5ae296bfe0194d2.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 3QyKwzLWSwF8NERX6g-an4si7j9Yaojg3h1kVgXh2K_Zn0r1WqW6pA== + - B3pQ1YKLClJRxJ3HJLywrkuUwTiCxTSvBIowRiJOU4QjXeRH1y4Beg== X-Amz-Cf-Pop: - SYD62-P3 X-Arequestid: - - 0f088f9d65f6918a11c5a16383d1d31f + - c92221547f4c7dbb4a5c663b99ff1c32 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1763,8 +6343,8 @@ interactions: X-Xss-Protection: - 1; mode=block status: - code: 204 - message: No Content + code: 200 + message: OK - request: body: null headers: @@ -1781,29 +6361,28 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:17.849+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:16:09.149+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-06-22T12:16:09.135+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_75982_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:16:21.377+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] - | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* July - 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Inactive, + Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect - Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1814,9 +6393,9 @@ interactions: or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect - Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Info\n\n + *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` @@ -1827,12 +6406,12 @@ interactions: [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 76dca9fe-68b9-464b-b8c7-e2ec3cf88dc9 + - 0ba78117-441b-4b0f-a235-596165593392 Atl-Traceid: - - 76dca9fe68b9464bb8c7e2ec3cf88dc9 + - 0ba78117441b4b0fa235596165593392 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1842,7 +6421,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:19 GMT + - Sun, 22 Jun 2025 10:16:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1852,7 +6431,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=450,atl-edge;dur=442,atl-edge-internal;dur=15,atl-edge-upstream;dur=427,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="hMnX9HOg5mPiv7NwQTeyldUo9U6FEhDm4Ssd5XNteHv43dLvbOBi9g==",cdn-downstream-fbl;dur=454 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=480,atl-edge;dur=478,atl-edge-internal;dur=17,atl-edge-upstream;dur=461,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="EBRQZlIQLk-L5MrGTQDqvKRtLVAVmbOVO7wTte5iw8ustsh3901Ngg==",cdn-downstream-fbl;dur=484 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1862,15 +6441,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 bac8af6ab43417aff0768ef23a8c05de.cloudfront.net (CloudFront) + - 1.1 4ab519b4cd27a1b8a4b258d7f39bbc7e.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - hMnX9HOg5mPiv7NwQTeyldUo9U6FEhDm4Ssd5XNteHv43dLvbOBi9g== + - EBRQZlIQLk-L5MrGTQDqvKRtLVAVmbOVO7wTte5iw8ustsh3901Ngg== X-Amz-Cf-Pop: - - SYD62-P1 + - SYD62-P2 X-Arequestid: - - 9a6b3986c70a84684057f42d4e90c469 + - 21a823223d7cde91d7ccd832fc2fa63d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1899,12 +6478,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:54:20.975+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:16:30.301+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - d044bd7c-8760-4d44-87cd-87dcbfedbb2c + - c473db46-0c11-41b6-a172-2cdda4e0c8b1 Atl-Traceid: - - d044bd7c87604d4487cd87dcbfedbb2c + - c473db460c1141b6a1722cdda4e0c8b1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1914,7 +6493,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:21 GMT + - Sun, 22 Jun 2025 10:16:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1924,7 +6503,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=352,atl-edge;dur=345,atl-edge-internal;dur=20,atl-edge-upstream;dur=322,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="-ye6iM0Dh-0gfMUcJC8fwqI49hadPrpJ84w2qMJMGGn5Bq4aEPMi9g==",cdn-downstream-fbl;dur=356 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=843,atl-edge;dur=841,atl-edge-internal;dur=14,atl-edge-upstream;dur=827,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="VWszDbjN4LdlSZyts0W3ndagx8tRpOAEWrxXHoii89A11SX_8cbSDg==",cdn-downstream-fbl;dur=849 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1934,15 +6513,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 db487bbf70af29af96ef50a3f5b469d4.cloudfront.net (CloudFront) + - 1.1 237cbfb8cde372b8f33bda5565e9b52c.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - -ye6iM0Dh-0gfMUcJC8fwqI49hadPrpJ84w2qMJMGGn5Bq4aEPMi9g== + - VWszDbjN4LdlSZyts0W3ndagx8tRpOAEWrxXHoii89A11SX_8cbSDg== X-Amz-Cf-Pop: - - SYD3-P2 + - SYD62-P3 X-Arequestid: - - 81ca0f0b32c070f5883ec71659eac6a3 + - 39310a170571433850373152a66299e8 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1968,29 +6547,28 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:17.849+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:16:09.149+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-06-22T12:16:09.135+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_75982_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:16:21.377+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] - | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* July - 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Inactive, + Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect - Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2001,9 +6579,9 @@ interactions: or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect - Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Info\n\n + *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` @@ -2014,12 +6592,12 @@ interactions: [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 84d007a1-d2b2-4875-aa52-22688d9bc119 + - 4e8a4285-96a5-4bdc-9075-3ee91179679b Atl-Traceid: - - 84d007a1d2b24875aa5222688d9bc119 + - 4e8a428596a54bdc90753ee91179679b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2029,7 +6607,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:22 GMT + - Sun, 22 Jun 2025 10:16:31 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2039,7 +6617,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=491,atl-edge;dur=485,atl-edge-internal;dur=18,atl-edge-upstream;dur=466,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="urI-eNpruh8zOAKWmaTF1eUN_ShjWm_lcUMfsiTjY8J2a2mUmGvVFg==",cdn-downstream-fbl;dur=494 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=496,atl-edge;dur=494,atl-edge-internal;dur=15,atl-edge-upstream;dur=479,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="9RQsaUCaxR1HHXkg-m-5Yi9Sx2hOY09fBpVglJrTlf_ibjJRi-OcLg==",cdn-downstream-fbl;dur=500 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2049,15 +6627,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5bbd11939e03577f970787e60c8f7b4e.cloudfront.net (CloudFront) + - 1.1 4ec881b9cff95ab6b1f20a72ee8404c4.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - urI-eNpruh8zOAKWmaTF1eUN_ShjWm_lcUMfsiTjY8J2a2mUmGvVFg== + - 9RQsaUCaxR1HHXkg-m-5Yi9Sx2hOY09fBpVglJrTlf_ibjJRi-OcLg== X-Amz-Cf-Pop: - - SYD3-P1 + - SYD3-P2 X-Arequestid: - - 760befb8ee05aca238cefb46c18e2831 + - 6623ff3b20f7d4987bbc456e05098f49 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2095,9 +6673,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 89aeaa4e-c49d-4596-8389-061a53995ef4 + - 6f878691-5acd-4784-a834-2075b6cf5b8c Atl-Traceid: - - 89aeaa4ec49d45968389061a53995ef4 + - 6f8786915acd4784a8342075b6cf5b8c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2107,7 +6685,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:24 GMT + - Sun, 22 Jun 2025 10:16:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2117,7 +6695,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=1014,atl-edge;dur=1007,atl-edge-internal;dur=15,atl-edge-upstream;dur=992,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="yh22paQBwbNSHMtaW8CPfK8WKFMYW5KQBrbEcCMcqlnTnOqFZiPB5w==",cdn-downstream-fbl;dur=1018 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=540,atl-edge;dur=539,atl-edge-internal;dur=19,atl-edge-upstream;dur=519,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="od0b10guNycsLMx93T6CqtwqcYZ5-Mtr-MOtqO_7odfZHfapntb4kA==",cdn-downstream-fbl;dur=546 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2127,18 +6705,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b862c6b18a44c823dd40d8d760097ee2.cloudfront.net (CloudFront) + - 1.1 c055c3339c284980acc0cc86a72891de.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - yh22paQBwbNSHMtaW8CPfK8WKFMYW5KQBrbEcCMcqlnTnOqFZiPB5w== + - od0b10guNycsLMx93T6CqtwqcYZ5-Mtr-MOtqO_7odfZHfapntb4kA== X-Amz-Cf-Pop: - SYD3-P2 X-Arequestid: - - 290bbba63f76127b98ba40b7eb725f62 + - 83358e8bafb098c3e021c5c22506aa16 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2152,20 +6730,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] - | Inactive, Verified, Mitigated |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] - | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* July 15, - 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Sept. 20, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || + Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect - Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n *Due + Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2176,9 +6754,8 @@ interactions: later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect - Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Info\n\n *CWE:* + [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header @@ -2186,7 +6763,7 @@ interactions: Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -2197,21 +6774,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3347' + - '3521' Content-Type: - application/json User-Agent: - python-requests/2.32.4 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 response: body: string: '' headers: Atl-Request-Id: - - 84e29507-fac2-49e3-a2eb-64a806fe6236 + - 3e234180-15fa-4698-9bff-399dbb065cdf Atl-Traceid: - - 84e29507fac249e3a2eb64a806fe6236 + - 3e23418015fa46989bff399dbb065cdf Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2219,7 +6796,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:26 GMT + - Sun, 22 Jun 2025 10:16:35 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2229,7 +6806,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=926,atl-edge;dur=923,atl-edge-internal;dur=17,atl-edge-upstream;dur=906,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="8cOouBK8u1VoZldMwCfxqR0bMpgb0YqlG44Zj_1CMHjwBcXBcMFx2Q==",cdn-downstream-fbl;dur=930 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=1206,atl-edge;dur=1202,atl-edge-internal;dur=14,atl-edge-upstream;dur=1188,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="SOsvR4QYNl5XOCGmb1weaVI-EBGrU-_A_wY5q9Fi_HjkEXGF_YTE4Q==",cdn-downstream-fbl;dur=1210 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2237,15 +6814,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 6eb4925a459e5104745cfd7f77596766.cloudfront.net (CloudFront) + - 1.1 9fbddde4165412a5f9426c247ca005c0.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 8cOouBK8u1VoZldMwCfxqR0bMpgb0YqlG44Zj_1CMHjwBcXBcMFx2Q== + - SOsvR4QYNl5XOCGmb1weaVI-EBGrU-_A_wY5q9Fi_HjkEXGF_YTE4Q== X-Amz-Cf-Pop: - - SYD62-P3 + - SYD3-P1 X-Arequestid: - - b79a63e309047a4edcd3d3c65e38df38 + - 7b1fe97052da3a67a6609b4dd0c49484 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2271,29 +6848,28 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:53:57.644+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:25.683+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:16:09.149+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-06-22T12:16:09.135+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_75982_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:16:35.025+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] - | Inactive, Verified, Mitigated |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] - | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* July - 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Sept. 20, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect - Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2304,9 +6880,9 @@ interactions: or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect - Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Info\n\n + *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` @@ -2317,12 +6893,12 @@ interactions: [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - c8abf41a-c988-4ec4-984b-aad50ad1d3ba + - f160d836-0584-4541-a641-9e30cde894c6 Atl-Traceid: - - c8abf41ac9884ec4984baad50ad1d3ba + - f160d83605844541a6419e30cde894c6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2332,7 +6908,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:27 GMT + - Sun, 22 Jun 2025 10:16:36 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2342,7 +6918,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=442,atl-edge;dur=440,atl-edge-internal;dur=16,atl-edge-upstream;dur=424,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="IfVF2mA8cEO6EOQBeORKcKa3rdcI1_YX3g_N5xtCSGdkqsUepR6cFA==",cdn-downstream-fbl;dur=446 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=481,atl-edge;dur=479,atl-edge-internal;dur=19,atl-edge-upstream;dur=460,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="PCX6NO7QOzLWVWviB0gI-ZtnfJzQ1R7BT-4LJrAox5t4PbLVtGLQTQ==",cdn-downstream-fbl;dur=485 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2352,15 +6928,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 03b68196a4924b2e14289edfecca0cae.cloudfront.net (CloudFront) + - 1.1 7b00ea054b97b0dfdfa184981c492f10.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - IfVF2mA8cEO6EOQBeORKcKa3rdcI1_YX3g_N5xtCSGdkqsUepR6cFA== + - PCX6NO7QOzLWVWviB0gI-ZtnfJzQ1R7BT-4LJrAox5t4PbLVtGLQTQ== X-Amz-Cf-Pop: - - SYD3-P1 + - SYD62-P3 X-Arequestid: - - 88bf8441ac9c3b930764b28cf140c13f + - c529d15be90e7d03c1b5cc80896995be X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2371,7 +6947,149 @@ interactions: code: 200 message: OK - request: - body: '{"transition": {"id": 41}, "fields": {}}' + body: '{"transition": {"id": 11}, "fields": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '40' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/transitions + response: + body: + string: '' + headers: + Atl-Request-Id: + - 77d9b89e-c323-4b6b-9421-440c6e1de82d + Atl-Traceid: + - 77d9b89ec3234b6b9421440c6e1de82d + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - text/html;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:38 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=689,atl-edge;dur=687,atl-edge-internal;dur=21,atl-edge-upstream;dur=666,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="Hd1l-OaxU6JNzS1k2sThbZE9auxHVznZ7JjcicycOfbzCg87i7ukuQ==",cdn-downstream-fbl;dur=694 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + Via: + - 1.1 6d9ff63cdcc93ca8f7c1714fbd746b66.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - Hd1l-OaxU6JNzS1k2sThbZE9auxHVznZ7JjcicycOfbzCg87i7ukuQ== + X-Amz-Cf-Pop: + - SYD3-P2 + X-Arequestid: + - ec57a111183f084ebf5e2b5e3a4b8825 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.4 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:16:39.474+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - f627f5e4-155c-4836-a6e3-c060c3d1308f + Atl-Traceid: + - f627f5e4155c4836a6e3c060c3d1308f + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sun, 22 Jun 2025 10:16:39 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=334,atl-edge;dur=332,atl-edge-internal;dur=15,atl-edge-upstream;dur=316,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="AQZnXvtxNDq2kGQDMin2gbqH5TddbDpoHfed0d9V-Z3DeptJM5rv8g==",cdn-downstream-fbl;dur=338 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 9fe9a459a2b2b8935dc7f533182681dc.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - AQZnXvtxNDq2kGQDMin2gbqH5TddbDpoHfed0d9V-Z3DeptJM5rv8g== + X-Amz-Cf-Pop: + - SYD3-P2 + X-Arequestid: + - 9793972b72b415aedc9f46815c6eac70 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null headers: Accept: - application/json,*/*;q=0.9 @@ -2381,30 +7099,73 @@ interactions: - no-cache Connection: - keep-alive - Content-Length: - - '40' Content-Type: - application/json User-Agent: - python-requests/2.32.4 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/transitions + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 response: body: - string: '' + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:16:38.011+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:16:38.010+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Sept. 20, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Info\n\n + *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - a93fe4ba-2a26-443d-b590-2131c1f53b58 + - 4189d73c-b866-4bf9-8a94-1027aa33e8ed Atl-Traceid: - - a93fe4ba2a26443db5902131c1f53b58 + - 4189d73cb8664bf98a941027aa33e8ed Cache-Control: - no-cache, no-store, no-transform Connection: - keep-alive + Content-Encoding: + - gzip Content-Type: - - text/html;charset=UTF-8 + - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:29 GMT + - Sun, 22 Jun 2025 10:16:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2414,23 +7175,25 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=989,atl-edge;dur=985,atl-edge-internal;dur=15,atl-edge-upstream;dur=971,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="psUR1sL1LZSNBKG0pR9hefB5RrBUwmOZzHQgttp1wLz0y5uDdZO5Vw==",cdn-downstream-fbl;dur=994 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=450,atl-edge;dur=448,atl-edge-internal;dur=15,atl-edge-upstream;dur=432,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="wkcQyfsbaJlbQMbW7q4m7ncuRREXOkGGScALNdlLXCjb0dTCo-p82Q==",cdn-downstream-fbl;dur=453 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: - '*' + Transfer-Encoding: + - chunked Vary: - Accept-Encoding Via: - - 1.1 909f00169c0be43b0eae99ab8e7a6126.cloudfront.net (CloudFront) + - 1.1 237cbfb8cde372b8f33bda5565e9b52c.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - psUR1sL1LZSNBKG0pR9hefB5RrBUwmOZzHQgttp1wLz0y5uDdZO5Vw== + - wkcQyfsbaJlbQMbW7q4m7ncuRREXOkGGScALNdlLXCjb0dTCo-p82Q== X-Amz-Cf-Pop: - - SYD62-P1 + - SYD62-P3 X-Arequestid: - - 3d1e53c4e6048c19dea275c9ecc65dfd + - 7184e0a4534f8d0a4b2528fdc657a38b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2438,8 +7201,8 @@ interactions: X-Xss-Protection: - 1; mode=block status: - code: 204 - message: No Content + code: 200 + message: OK - request: body: null headers: @@ -2459,12 +7222,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:54:30.705+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:16:42.526+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - cd3df579-12ba-4034-a29f-f3b4d0898ab7 + - 7274c747-ab57-48c6-9e3a-0582b781b2de Atl-Traceid: - - cd3df57912ba4034a29ff3b4d0898ab7 + - 7274c747ab5748c69e3a0582b781b2de Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2474,7 +7237,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:30 GMT + - Sun, 22 Jun 2025 10:16:42 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2484,7 +7247,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=342,atl-edge;dur=338,atl-edge-internal;dur=14,atl-edge-upstream;dur=324,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="Vn_IDplkiayyKC4jx_OqmgYAqf8FajgZ6gVDfUK03fwY-1A1H1s6kQ==",cdn-downstream-fbl;dur=346 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=838,atl-edge;dur=837,atl-edge-internal;dur=14,atl-edge-upstream;dur=823,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="1JJ2vxg1LmqtJ6r1ko4MKzjSQ1gTfQWXM1RDeJmTQ40W9jYVCAU4Ug==",cdn-downstream-fbl;dur=843 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2494,15 +7257,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 d6156d803088bd5b7d72dddf2e03745c.cloudfront.net (CloudFront) + - 1.1 701510d744831cda18c48da0cb099172.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Vn_IDplkiayyKC4jx_OqmgYAqf8FajgZ6gVDfUK03fwY-1A1H1s6kQ== + - 1JJ2vxg1LmqtJ6r1ko4MKzjSQ1gTfQWXM1RDeJmTQ40W9jYVCAU4Ug== X-Amz-Cf-Pop: - - SYD62-P3 + - SYD62-P1 X-Arequestid: - - 7668f168cc50c6ffd301b98e571d374c + - d46d3b7618865fce3e6eb3af3922a660 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2528,28 +7291,29 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:54:29.018+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-06-15T10:54:28.984+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_32285_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:29.017+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:16:38.011+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:16:38.010+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] - | Inactive, Verified, Mitigated |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] - | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* July - 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Sept. 20, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect - Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2560,9 +7324,9 @@ interactions: or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect - Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Info\n\n + *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` @@ -2573,12 +7337,12 @@ interactions: [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 92f3c59c-6ded-415f-8d43-3e2cb5e27f74 + - 18ae3e95-631a-4af7-b090-345a23924b8f Atl-Traceid: - - 92f3c59c6ded415f8d433e2cb5e27f74 + - 18ae3e95631a4af7b090345a23924b8f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2588,7 +7352,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:32 GMT + - Sun, 22 Jun 2025 10:16:43 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2598,7 +7362,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=508,atl-edge;dur=506,atl-edge-internal;dur=17,atl-edge-upstream;dur=489,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="1pz3Hurr_5DG8GnQDa3yykE9iPR36DAdVP-jploxYLhfOrzAsJvowA==",cdn-downstream-fbl;dur=512 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=468,atl-edge;dur=466,atl-edge-internal;dur=16,atl-edge-upstream;dur=451,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="M_9Vkl_EwBUBP36jFvCXgNriXY9r3EuUcnyMVl4NwvRoOhck4Wqncg==",cdn-downstream-fbl;dur=472 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2608,15 +7372,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2232887ba0422bbe2b2a9f1ebf020f00.cloudfront.net (CloudFront) + - 1.1 03b68196a4924b2e14289edfecca0cae.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 1pz3Hurr_5DG8GnQDa3yykE9iPR36DAdVP-jploxYLhfOrzAsJvowA== + - M_9Vkl_EwBUBP36jFvCXgNriXY9r3EuUcnyMVl4NwvRoOhck4Wqncg== X-Amz-Cf-Pop: - - SYD62-P1 + - SYD3-P1 X-Arequestid: - - 4224b938cfe86f756e844fac753f8cfc + - 80b87d940d5352a7a420240255d2ea7a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2645,12 +7409,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:54:33.505+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:16:45.191+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 89d32558-8b87-4332-8e18-271bc618b505 + - 3387fbde-0c87-4e35-b99d-3f40133af3bb Atl-Traceid: - - 89d325588b8743328e18271bc618b505 + - 3387fbde0c874e35b99d3f40133af3bb Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2660,7 +7424,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:33 GMT + - Sun, 22 Jun 2025 10:16:45 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2670,7 +7434,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=338,atl-edge;dur=335,atl-edge-internal;dur=13,atl-edge-upstream;dur=322,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="y7nWExTWaOxJjC3zQKcpqWPoObI4w2khTASI0NRNnIMGDR3gmiP7UA==",cdn-downstream-fbl;dur=342 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=336,atl-edge;dur=333,atl-edge-internal;dur=17,atl-edge-upstream;dur=317,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="A5hRMnXCWiddr5BTGbpWjlVi4zv7LLzYxKZ84RmVUOTk5SLQnecUXg==",cdn-downstream-fbl;dur=341 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2680,15 +7444,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 eeaafdd5e22d1448912c6cf3e1e5bd58.cloudfront.net (CloudFront) + - 1.1 612d6e38ca8a5e65776b064d65f27d36.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - y7nWExTWaOxJjC3zQKcpqWPoObI4w2khTASI0NRNnIMGDR3gmiP7UA== + - A5hRMnXCWiddr5BTGbpWjlVi4zv7LLzYxKZ84RmVUOTk5SLQnecUXg== X-Amz-Cf-Pop: - SYD3-P1 X-Arequestid: - - c952cc49ab64d498925660424fcf5d8b + - 535b02564937ad0e57977d01c6c41b7e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2726,9 +7490,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 46c91a67-f007-4f22-b8cd-af05d936f43d + - b402b16c-a4df-4e91-b5fa-7e08bce57e94 Atl-Traceid: - - 46c91a67f0074f22b8cdaf05d936f43d + - b402b16ca4df4e91b5fa7e08bce57e94 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2738,7 +7502,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:35 GMT + - Sun, 22 Jun 2025 10:16:46 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2748,7 +7512,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=551,atl-edge;dur=546,atl-edge-internal;dur=15,atl-edge-upstream;dur=531,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="rcldnTE61M2PoLH1CgAsQiasmOQaCsNpiKq1NN7zkDFotQK5COlkDA==",cdn-downstream-fbl;dur=557 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=558,atl-edge;dur=556,atl-edge-internal;dur=27,atl-edge-upstream;dur=529,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="3OgzU6HLHXXnfRzzhfnMVRrnTGQiWvf8hIthFIvYG-0Inuq63O9tsw==",cdn-downstream-fbl;dur=564 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2758,18 +7522,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3d26345933183b6a437e0f8ba3c37df8.cloudfront.net (CloudFront) + - 1.1 aebce22763fb7e32a807cd494884a9b4.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - rcldnTE61M2PoLH1CgAsQiasmOQaCsNpiKq1NN7zkDFotQK5COlkDA== + - 3OgzU6HLHXXnfRzzhfnMVRrnTGQiWvf8hIthFIvYG-0Inuq63O9tsw== X-Amz-Cf-Pop: - SYD3-P1 X-Arequestid: - - 2bf59249f56ea93f845b2558eddf7912 + - 005a6cb22a363c6a988a530848b9c8c7 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2783,7 +7547,7 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Jira Api Test 2", "description": "\n\n\n\n\n\n*Title*: [Jira Api Test 2|http://localhost:8080/finding/238]\n\n*Defect Dojo link:* http://localhost:8080/finding/238 - (238)\n\n*Severity:* High\n\n\n*Due Date:* July 15, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + (238)\n\n*Severity:* Medium\n\n\n*Due Date:* Sept. 20, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable @@ -2794,7 +7558,7 @@ interactions: Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* - [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' headers: Accept: - application/json,*/*;q=0.9 @@ -2805,7 +7569,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1431' + - '1436' Content-Type: - application/json User-Agent: @@ -2814,12 +7578,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"20033","key":"NTEST-3053","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20033"}' + string: '{"id":"20264","key":"NTEST-3056","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20264"}' headers: Atl-Request-Id: - - e0cc5878-9fc7-477d-931a-406c1ce9e5e6 + - 0868ea44-8be9-4b0c-8e01-d4bf09246665 Atl-Traceid: - - e0cc58789fc7477d931a406c1ce9e5e6 + - 0868ea448be94b0c8e01d4bf09246665 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2827,7 +7591,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:37 GMT + - Sun, 22 Jun 2025 10:16:48 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2837,7 +7601,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=1013,atl-edge;dur=1011,atl-edge-internal;dur=14,atl-edge-upstream;dur=997,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="6h8T0gQqQ83OEsy4afTkmnR5bOXK9bIWYmxpkFUEyuj75m_C2Qqrvw==",cdn-downstream-fbl;dur=1018 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=971,atl-edge;dur=969,atl-edge-internal;dur=17,atl-edge-upstream;dur=951,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="cS8z0i5gTJKk6k5roKlganNhutGMpUI9R-GWZa_jLGfV9fbFZ6M95g==",cdn-downstream-fbl;dur=985 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2847,15 +7611,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4279a60193243ca3cf62feedc7fe581e.cloudfront.net (CloudFront) + - 1.1 f10eedb52fc0d82204e85d20112deafa.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 6h8T0gQqQ83OEsy4afTkmnR5bOXK9bIWYmxpkFUEyuj75m_C2Qqrvw== + - cS8z0i5gTJKk6k5roKlganNhutGMpUI9R-GWZa_jLGfV9fbFZ6M95g== X-Amz-Cf-Pop: - - SYD62-P1 + - SYD62-P2 X-Arequestid: - - b07248ac3e747c1a406d13a801960f13 + - b5cf018818cbbde5579cb12dfec338e1 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2881,17 +7645,17 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3053 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3056 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20033","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20033","key":"NTEST-3053","fields":{"statuscategorychangedate":"2025-06-15T10:54:36.842+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20264","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20264","key":"NTEST-3056","fields":{"statuscategorychangedate":"2025-06-22T12:16:48.449+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3053/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:54:36.467+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:36.577+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3056/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:16:48.100+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011f3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:16:48.215+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Jira Api Test 2|http://localhost:8080/finding/238]\n\n*Defect Dojo link:* - http://localhost:8080/finding/238 (238)\n\n*Severity:* High\n\n\n*Due Date:* - July 15, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + http://localhost:8080/finding/238 (238)\n\n*Severity:* Medium\n\n\n*Due Date:* + Sept. 20, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable @@ -2905,12 +7669,12 @@ interactions: [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira Api Test 2","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3053/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20033/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3056/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20264/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 58c99c20-a996-42e8-82f2-d6e395d80220 + - 36dcd50f-08c4-470c-b8f0-04456b1a88a6 Atl-Traceid: - - 58c99c20a99642e882f2d6e395d80220 + - 36dcd50f08c4470cb8f004456b1a88a6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2920,7 +7684,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:38 GMT + - Sun, 22 Jun 2025 10:16:50 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2930,7 +7694,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=456,atl-edge;dur=454,atl-edge-internal;dur=15,atl-edge-upstream;dur=437,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="isXydxb3DgPmP04RR7iw1m6a_Z4Mmb3uVU_-_4FVuJLZ8vo_HBExIA==",cdn-downstream-fbl;dur=461 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=478,atl-edge;dur=476,atl-edge-internal;dur=18,atl-edge-upstream;dur=458,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="YKEMGp9ezdqSRX_ZBsTrMro66SN5uCZxe0an-ws6YEcx6jxkjqIW2Q==",cdn-downstream-fbl;dur=482 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2940,15 +7704,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 dff94781894736c12dbb6eb4e456a898.cloudfront.net (CloudFront) + - 1.1 1febefb7e39b5395820bafc78730e954.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - isXydxb3DgPmP04RR7iw1m6a_Z4Mmb3uVU_-_4FVuJLZ8vo_HBExIA== + - YKEMGp9ezdqSRX_ZBsTrMro66SN5uCZxe0an-ws6YEcx6jxkjqIW2Q== X-Amz-Cf-Pop: - - SYD3-P1 + - SYD62-P3 X-Arequestid: - - 7571ba138dafaaf057e7a4312f8cf0b3 + - dc2f52b6e8e8f0fb3877a5bc62002cb1 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2974,17 +7738,17 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/20033 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20264 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20033","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20033","key":"NTEST-3053","fields":{"statuscategorychangedate":"2025-06-15T10:54:36.842+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20264","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20264","key":"NTEST-3056","fields":{"statuscategorychangedate":"2025-06-22T12:16:48.449+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3053/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:54:36.467+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:36.577+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3056/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:16:48.100+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011f3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:16:48.215+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: [Jira Api Test 2|http://localhost:8080/finding/238]\n\n*Defect Dojo link:* - http://localhost:8080/finding/238 (238)\n\n*Severity:* High\n\n\n*Due Date:* - July 15, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + http://localhost:8080/finding/238 (238)\n\n*Severity:* Medium\n\n\n*Due Date:* + Sept. 20, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable @@ -2998,12 +7762,12 @@ interactions: [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Jira Api Test 2","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3053/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20033/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3056/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20264/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 133a98d1-af52-468b-aebf-71df22a35943 + - cf05e1da-8b38-4ed4-b156-05bc42a59c7f Atl-Traceid: - - 133a98d1af52468baebf71df22a35943 + - cf05e1da8b384ed4b15605bc42a59c7f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3013,7 +7777,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:40 GMT + - Sun, 22 Jun 2025 10:16:51 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3023,7 +7787,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=922,atl-edge;dur=916,atl-edge-internal;dur=16,atl-edge-upstream;dur=901,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="2P3iZbqcJJy69dfzv8_98KiHS9HTt6lUrYwXjOMBdoLwH4qqWJdAYA==",cdn-downstream-fbl;dur=927 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=967,atl-edge;dur=959,atl-edge-internal;dur=14,atl-edge-upstream;dur=945,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="U2mvS-7LugkNlhLki7fo5HskEHbrNSm0PN8pRjEDT1izPoXWQe08xg==",cdn-downstream-fbl;dur=972 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3033,15 +7797,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8e52b0323db9e9f5baf300137747fffe.cloudfront.net (CloudFront) + - 1.1 9fe9a459a2b2b8935dc7f533182681dc.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 2P3iZbqcJJy69dfzv8_98KiHS9HTt6lUrYwXjOMBdoLwH4qqWJdAYA== + - U2mvS-7LugkNlhLki7fo5HskEHbrNSm0PN8pRjEDT1izPoXWQe08xg== X-Amz-Cf-Pop: - SYD3-P2 X-Arequestid: - - bade033a29f1012b72804950b4602390 + - 307b9cab567e55af963ca1f60b2460ec X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3070,12 +7834,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:54:41.357+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:16:53.656+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 03274dbc-ff44-4697-aa54-1e8585bd48fd + - f034513e-9ece-4f39-8991-bc5a3913a392 Atl-Traceid: - - 03274dbcff444697aa541e8585bd48fd + - f034513e9ece4f398991bc5a3913a392 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3085,7 +7849,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:41 GMT + - Sun, 22 Jun 2025 10:16:53 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3095,7 +7859,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=338,atl-edge;dur=332,atl-edge-internal;dur=15,atl-edge-upstream;dur=317,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="iqVAOWtJBY9-SOs2uzNlE0-DTXe-BjKneYxjrT7_eKVJj00Kklm8iA==",cdn-downstream-fbl;dur=344 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=887,atl-edge;dur=885,atl-edge-internal;dur=17,atl-edge-upstream;dur=869,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="9GheQquyZF4BRXOoCO1MNRboUAWMNbLd-MHhXLQgQXQnBEMzgA6HJg==",cdn-downstream-fbl;dur=891 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3105,15 +7869,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 fd8b250e4ee7cd8e5de453d78708baee.cloudfront.net (CloudFront) + - 1.1 d6156d803088bd5b7d72dddf2e03745c.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - iqVAOWtJBY9-SOs2uzNlE0-DTXe-BjKneYxjrT7_eKVJj00Kklm8iA== + - 9GheQquyZF4BRXOoCO1MNRboUAWMNbLd-MHhXLQgQXQnBEMzgA6HJg== X-Amz-Cf-Pop: - - SYD3-P1 + - SYD62-P3 X-Arequestid: - - 8df2d1efe1522493caaf1360acc0c1a9 + - b2b7ac7597d127caa13134c24a61d0ca X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3139,28 +7903,29 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:54:29.018+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-06-15T10:54:28.984+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_32285_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:29.017+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:16:38.011+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:16:38.010+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] - | Inactive, Verified, Mitigated |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] - | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* July - 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Sept. 20, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect - Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3171,9 +7936,9 @@ interactions: or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect - Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Info\n\n + *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` @@ -3184,12 +7949,12 @@ interactions: [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 2dc24bb4-c286-476b-b979-145db8d50d41 + - eb501f29-8bbf-420d-aed2-5ee580d318a4 Atl-Traceid: - - 2dc24bb4c286476bb979145db8d50d41 + - eb501f298bbf420daed25ee580d318a4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3199,7 +7964,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:43 GMT + - Sun, 22 Jun 2025 10:16:55 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3209,7 +7974,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=962,atl-edge;dur=960,atl-edge-internal;dur=15,atl-edge-upstream;dur=945,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="C9lPviikLboeHMbvuhM8s4B4IGlSKXguHDakYjAbktL6hE_XrrT4WA==",cdn-downstream-fbl;dur=967 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=1022,atl-edge;dur=1021,atl-edge-internal;dur=17,atl-edge-upstream;dur=1004,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="CoTwO25N7hLzQH9LRWj6vidWPwB954pTdhADfaS0j_qzU3WVVK15-Q==",cdn-downstream-fbl;dur=1028 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3219,15 +7984,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8e52b0323db9e9f5baf300137747fffe.cloudfront.net (CloudFront) + - 1.1 a8d63eee2fd456f0e1e6772e38461220.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - C9lPviikLboeHMbvuhM8s4B4IGlSKXguHDakYjAbktL6hE_XrrT4WA== + - CoTwO25N7hLzQH9LRWj6vidWPwB954pTdhADfaS0j_qzU3WVVK15-Q== X-Amz-Cf-Pop: - - SYD3-P2 + - SYD62-P1 X-Arequestid: - - 03fbb2788392a10cc03207e38bdb9f03 + - 6a0d97b5d6b16e695477ef9fca379e35 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3265,9 +8030,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - dba13385-ae26-490b-922d-137089486a7b + - c8af7415-063f-4c7e-8c2c-ca7023b56f9c Atl-Traceid: - - dba13385ae26490b922d137089486a7b + - c8af7415063f4c7e8c2cca7023b56f9c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3277,7 +8042,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:45 GMT + - Sun, 22 Jun 2025 10:16:57 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3287,7 +8052,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=1067,atl-edge;dur=1065,atl-edge-internal;dur=17,atl-edge-upstream;dur=1048,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="jugifE7EvLDxOumPcfOJ-E7-7qvP6mCboUNb54XL5wt37OUQVGyY_Q==",cdn-downstream-fbl;dur=1072 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=1047,atl-edge;dur=1045,atl-edge-internal;dur=15,atl-edge-upstream;dur=1030,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="S8W_LCEoPC7J3WbNVh86MniKblA1nZS9g1Z1JUsKfX1VMPPQhNzasA==",cdn-downstream-fbl;dur=1052 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3297,18 +8062,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 adb4605fb7528573053aec50d6f562c8.cloudfront.net (CloudFront) + - 1.1 3fb6aad2d0d4eb57ef667ceeeeca901a.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - jugifE7EvLDxOumPcfOJ-E7-7qvP6mCboUNb54XL5wt37OUQVGyY_Q== + - S8W_LCEoPC7J3WbNVh86MniKblA1nZS9g1Z1JUsKfX1VMPPQhNzasA== X-Amz-Cf-Pop: - - SYD62-P1 + - SYD62-P2 X-Arequestid: - - 2ed7e88614137b619d1b96db0a2158f6 + - 28f9b432e2d07e1fd5e64b95cd6f619a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3322,22 +8087,22 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] - | Inactive, Verified, Mitigated |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Jira Api Test 2|http://localhost:8080/finding/238] | Active, Verified |\n| - High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | [400|https://cwe.mitre.org/data/definitions/400.html] - | negotiator | 0.5.3 | [Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)|http://localhost:8080/finding/232] | Inactive, Verified, Mitigated - |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 - (233)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Sept. 20, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || + Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Jira + Api Test 2|http://localhost:8080/finding/238]|Active, Verified|\n\nFindings + *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE + || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n *Due + Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3347,8 +8112,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 2|http://localhost:8080/finding/238]\n*Defect - Dojo link:* http://localhost:8080/finding/238 (238)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Dojo link:* http://localhost:8080/finding/238 (238)\n*Severity:* Medium\n *Due + Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3359,9 +8124,8 @@ interactions: later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect - Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Info\n\n *CWE:* + [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header @@ -3369,7 +8133,7 @@ interactions: Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -3380,21 +8144,21 @@ interactions: Connection: - keep-alive Content-Length: - - '4586' + - '4751' Content-Type: - application/json User-Agent: - python-requests/2.32.4 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 response: body: string: '' headers: Atl-Request-Id: - - 8841eb1e-7b1c-40c0-9b48-d3f4086a5951 + - efa9d481-545b-40c3-8cfc-a90ed35b4ff4 Atl-Traceid: - - 8841eb1e7b1c40c09b48d3f4086a5951 + - efa9d481545b40c38cfca90ed35b4ff4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3402,7 +8166,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:47 GMT + - Sun, 22 Jun 2025 10:16:59 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3412,7 +8176,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=1202,atl-edge;dur=1198,atl-edge-internal;dur=18,atl-edge-upstream;dur=1181,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="AB56kLVRIualwGKFQ2mmlRUwcANoaCeHr8wbK7SXLKvfh2Am4EnCbA==",cdn-downstream-fbl;dur=1209 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=768,atl-edge;dur=764,atl-edge-internal;dur=15,atl-edge-upstream;dur=749,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="8EvWAJPFQEAp6X--o0RX5kB3eK0wF5mfafPIjPu3RUHXd854ZP_bWg==",cdn-downstream-fbl;dur=773 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3420,15 +8184,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 eeaafdd5e22d1448912c6cf3e1e5bd58.cloudfront.net (CloudFront) + - 1.1 237cbfb8cde372b8f33bda5565e9b52c.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - AB56kLVRIualwGKFQ2mmlRUwcANoaCeHr8wbK7SXLKvfh2Am4EnCbA== + - 8EvWAJPFQEAp6X--o0RX5kB3eK0wF5mfafPIjPu3RUHXd854ZP_bWg== X-Amz-Cf-Pop: - - SYD3-P1 + - SYD62-P3 X-Arequestid: - - cfeafbaa5f981a57342125b2ce967134 + - b62b66115cb5c0f7fdd1e12ef96a54e9 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3454,31 +8218,31 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/20032 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20263 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032","key":"NTEST-3052","fields":{"statuscategorychangedate":"2025-06-15T10:54:29.018+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-06-15T10:54:28.984+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:53:56.732+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_32285_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i0116n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:47.081+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263","key":"NTEST-3055","fields":{"statuscategorychangedate":"2025-06-22T12:16:38.011+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:14:53.166+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:16:58.993+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/162] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/255] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] - | Inactive, Verified, Mitigated |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Jira Api Test 2|http://localhost:8080/finding/238] | Active, Verified |\n| - High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] | - [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] - | Inactive, Verified, Mitigated |\n\n*Severity:* High\n\n *Due Date:* July - 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Sept. 20, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Jira + Api Test 2|http://localhost:8080/finding/238]|Active, Verified|\n\nFindings + *not* matching the Active, Verified and Severity criteria:\n|| Severity || + CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect - Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3488,8 +8252,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 2|http://localhost:8080/finding/238]\n*Defect - Dojo link:* http://localhost:8080/finding/238 (238)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Dojo link:* http://localhost:8080/finding/238 (238)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3500,9 +8264,9 @@ interactions: or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect - Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* Info\n\n + *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` @@ -3513,12 +8277,12 @@ interactions: [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20032/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3055/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 574bc729-35e5-4d55-8d7c-4959f97a00d7 + - 16e2dd8a-7d70-4b92-b42e-5df0dff07f08 Atl-Traceid: - - 574bc72935e54d558d7c4959f97a00d7 + - 16e2dd8a7d704b92b42e5df0dff07f08 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3528,7 +8292,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:48 GMT + - Sun, 22 Jun 2025 10:17:00 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3538,7 +8302,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=451,atl-edge;dur=448,atl-edge-internal;dur=16,atl-edge-upstream;dur=433,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="KjIJugDZUhzUbBO-8L1R54trmogtDrD4jG-YHKiNNTwmeOn_zcalBw==",cdn-downstream-fbl;dur=455 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=474,atl-edge;dur=468,atl-edge-internal;dur=16,atl-edge-upstream;dur=452,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="sv62Kw94UzfW3xtByRgB4JzMsU0iqUM0LqSxREjw-I5y3SxFg9u8ZQ==",cdn-downstream-fbl;dur=478 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3548,15 +8312,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4bfeb1eae9544366893e37b97eee8e6e.cloudfront.net (CloudFront) + - 1.1 db987b94354bedc3a16788229c0e652c.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - KjIJugDZUhzUbBO-8L1R54trmogtDrD4jG-YHKiNNTwmeOn_zcalBw== + - sv62Kw94UzfW3xtByRgB4JzMsU0iqUM0LqSxREjw-I5y3SxFg9u8ZQ== X-Amz-Cf-Pop: - - SYD62-P1 + - SYD3-P1 X-Arequestid: - - 93fed74e2f033334f7a48ae709533eac + - 2a5754eac888d76610ca6d4b6e4ad059 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3566,76 +8330,6 @@ interactions: status: code: 200 message: OK -- request: - body: '{"transition": {"id": 11}, "fields": {}}' - headers: - Accept: - - application/json,*/*;q=0.9 - Accept-Encoding: - - gzip, deflate - Cache-Control: - - no-cache - Connection: - - keep-alive - Content-Length: - - '40' - Content-Type: - - application/json - User-Agent: - - python-requests/2.32.4 - method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3052/transitions - response: - body: - string: '' - headers: - Atl-Request-Id: - - 3e20c8cc-4d00-492d-8dfd-6b768ea576f8 - Atl-Traceid: - - 3e20c8cc4d00492d8dfd6b768ea576f8 - Cache-Control: - - no-cache, no-store, no-transform - Connection: - - keep-alive - Content-Type: - - text/html;charset=UTF-8 - Date: - - Sun, 15 Jun 2025 08:54:50 GMT - Nel: - - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": - "endpoint-1"}' - Report-To: - - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": - "endpoint-1", "include_subdomains": true, "max_age": 600}' - Server: - - AtlassianEdge - Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=886,atl-edge;dur=879,atl-edge-internal;dur=19,atl-edge-upstream;dur=860,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="9-fK1GMrMVwALzAA4wSyzOKwGY_C0r-M6zLRXSofFKyYpu0QYZfpHQ==",cdn-downstream-fbl;dur=890 - Strict-Transport-Security: - - max-age=63072000; includeSubDomains; preload - Timing-Allow-Origin: - - '*' - Vary: - - Accept-Encoding - Via: - - 1.1 43b4a9a8792e30ac49642ef84dd35fc8.cloudfront.net (CloudFront) - X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 - X-Amz-Cf-Id: - - 9-fK1GMrMVwALzAA4wSyzOKwGY_C0r-M6zLRXSofFKyYpu0QYZfpHQ== - X-Amz-Cf-Pop: - - SYD3-P1 - X-Arequestid: - - 7b18ec6fb9fca418e0487c85f9af52f7 - X-Cache: - - Miss from cloudfront - X-Content-Type-Options: - - nosniff - X-Xss-Protection: - - 1; mode=block - status: - code: 204 - message: No Content - request: body: null headers: @@ -3655,12 +8349,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-06-12T13:14:20.000+0200","serverTime":"2025-06-15T10:54:51.881+0200","scmInfo":"6fa229d2fa3e2d6a8c6255d341c61c2906efbf35","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100284,"buildDate":"2025-06-20T02:36:21.000+0200","serverTime":"2025-06-22T12:17:01.998+0200","scmInfo":"b3dbf37240d0d2ff039305f9c9ba62354daa9cdf","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 50e0239b-6093-4f98-a2f4-ed2f5be57b31 + - 6494c2a7-dd3d-439d-9d41-3d8a07964cfa Atl-Traceid: - - 50e0239b60934f98a2f4ed2f5be57b31 + - 6494c2a7dd3d439d9d413d8a07964cfa Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3670,7 +8364,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:52 GMT + - Sun, 22 Jun 2025 10:17:02 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3680,7 +8374,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=330,atl-edge;dur=329,atl-edge-internal;dur=15,atl-edge-upstream;dur=314,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="0Gwu7XW1j_nuAFjrFD3XPlAOOC4SUqK7Xca8hc5VYpt_Szc9Uj4oyA==",cdn-downstream-fbl;dur=339 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=332,atl-edge;dur=327,atl-edge-internal;dur=15,atl-edge-upstream;dur=312,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="5y8JDiGX3Qjfhs8seJdRRoScZ3GKpZu4xsGX3HXCpSMhcS7r6DpQrw==",cdn-downstream-fbl;dur=337 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3690,15 +8384,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0cd8fe15d9bdb168de9cd5f22954d220.cloudfront.net (CloudFront) + - 1.1 6e1c6646ddd7c3d29e8d895186891110.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 0Gwu7XW1j_nuAFjrFD3XPlAOOC4SUqK7Xca8hc5VYpt_Szc9Uj4oyA== + - 5y8JDiGX3Qjfhs8seJdRRoScZ3GKpZu4xsGX3HXCpSMhcS7r6DpQrw== X-Amz-Cf-Pop: - - SYD62-P2 + - SYD3-P2 X-Arequestid: - - 5a7b5b222fd69da622cc65e3e1c5286d + - 70868be4dad3549c13e2b649af9835b8 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3736,9 +8430,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - ebba9636-ca9f-445c-abcd-3c38234c3fa5 + - 4946daff-6360-45b6-84ff-bc19fb286cd1 Atl-Traceid: - - ebba9636ca9f445cabcd3c38234c3fa5 + - 4946daff636045b684ffbc19fb286cd1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3748,7 +8442,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:53 GMT + - Sun, 22 Jun 2025 10:17:03 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3758,7 +8452,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=574,atl-edge;dur=572,atl-edge-internal;dur=17,atl-edge-upstream;dur=554,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="_zrbLCo9ByAcFzzdyT1sLs9QJ9dXB6YLNICnKL7DGT8P9LOs8LQr_A==",cdn-downstream-fbl;dur=578 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=551,atl-edge;dur=549,atl-edge-internal;dur=19,atl-edge-upstream;dur=530,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="q4xo1PgB0lyPvca79mZuXIu4QD8CUsjiDr49VuYGz3DO_T71YYS5hw==",cdn-downstream-fbl;dur=555 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3768,18 +8462,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 26131a3cde08b60652129237128292a2.cloudfront.net (CloudFront) + - 1.1 9fe9a459a2b2b8935dc7f533182681dc.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - _zrbLCo9ByAcFzzdyT1sLs9QJ9dXB6YLNICnKL7DGT8P9LOs8LQr_A== + - q4xo1PgB0lyPvca79mZuXIu4QD8CUsjiDr49VuYGz3DO_T71YYS5hw== X-Amz-Cf-Pop: - SYD3-P2 X-Arequestid: - - b9babe0235ff39eaa623f6864d3037de + - 25c499b77e65a7cc1fb987ccb1ca4f41 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3793,32 +8487,33 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/163] in [Security + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/256] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified and + Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title + || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/234]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236] | Active, - Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | pg | 0.5.3 | [Jira - Api Test 3|http://localhost:8080/finding/239] | Active, Verified |\n| High | - [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] - | pg | 5.1.0 | [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= - 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 - < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < - 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/234] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|pg|0.5.3|[Jira + Api Test 3|http://localhost:8080/finding/239]|Active, Verified|\n\nFindings + *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE + || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect - Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* July 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -3841,26 +8536,15 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/239]\n*Defect - Dojo link:* http://localhost:8080/finding/239 (239)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source - File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` header - value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n - Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or - later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 - (234)\n*Severity:* High\n *Due Date:* July 15, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect Dojo link:* http://localhost:8080/finding/236 + (236)\n*Severity:* Medium\n *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -3883,7 +8567,18 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/239]\n*Defect + Dojo link:* http://localhost:8080/finding/239 (239)\n*Severity:* Medium\n *Due + Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' headers: Accept: @@ -3895,7 +8590,7 @@ interactions: Connection: - keep-alive Content-Length: - - '8038' + - '8221' Content-Type: - application/json User-Agent: @@ -3904,12 +8599,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"20034","key":"NTEST-3054","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20034"}' + string: '{"id":"20265","key":"NTEST-3057","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20265"}' headers: Atl-Request-Id: - - 3bfe994c-6c40-4122-af38-c8cf3c9ac7d7 + - a6064efb-3679-4972-8b1a-48e697c79229 Atl-Traceid: - - 3bfe994c6c404122af38c8cf3c9ac7d7 + - a6064efb367949728b1a48e697c79229 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3917,7 +8612,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:55 GMT + - Sun, 22 Jun 2025 10:17:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3927,7 +8622,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=968,atl-edge;dur=965,atl-edge-internal;dur=16,atl-edge-upstream;dur=949,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="x_UD9EwKoCia2PPqxAZjrHQrR_y14dY4ZoQklg5UHHkYBkZhZbHBfA==",cdn-downstream-fbl;dur=973 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=1040,atl-edge;dur=1038,atl-edge-internal;dur=18,atl-edge-upstream;dur=1019,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="q-yj95aSEWlNfI1ZkoxZOrXECW4QhRMojs87PS0AfcoZ-u2R2g-5OA==",cdn-downstream-fbl;dur=1046 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3937,15 +8632,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 482a1ea4dd283bc043aa76fee74514f6.cloudfront.net (CloudFront) + - 1.1 053b1a4cfd9215b4abb8a58ea35b06aa.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - x_UD9EwKoCia2PPqxAZjrHQrR_y14dY4ZoQklg5UHHkYBkZhZbHBfA== + - q-yj95aSEWlNfI1ZkoxZOrXECW4QhRMojs87PS0AfcoZ-u2R2g-5OA== X-Amz-Cf-Pop: - - SYD62-P1 + - SYD3-P1 X-Arequestid: - - 920a7598a5648ff39ced4ec8fbbff626 + - 487f2a4451c162477dbc895cccd0c2c4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3971,41 +8666,42 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3054 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3057 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20034","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20034","key":"NTEST-3054","fields":{"statuscategorychangedate":"2025-06-15T10:54:55.221+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20265","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20265","key":"NTEST-3057","fields":{"statuscategorychangedate":"2025-06-22T12:17:05.353+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3054/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:54:54.900+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i01173:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:55.021+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3057/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:17:05.010+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011fb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:17:05.130+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/163] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/256] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/234]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236] | Active, - Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | pg | 0.5.3 | [Jira - Api Test 3|http://localhost:8080/finding/239] | Active, Verified |\n| High - | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] - | pg | 5.1.0 | [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|pg|0.5.3|[Jira + Api Test 3|http://localhost:8080/finding/239]|Active, Verified|\n\nFindings + *not* matching the Active, Verified and Severity criteria:\n|| Severity || + CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/234] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect - Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* July 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -4028,27 +8724,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/239]\n*Defect - Dojo link:* http://localhost:8080/finding/239 (239)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source - File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` - header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= - 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 - or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/234]\n*Defect Dojo link:* - http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due Date:* July - 15, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect + Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -4071,16 +8756,27 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/239]\n*Defect + Dojo link:* http://localhost:8080/finding/239 (239)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3054/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20034/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3057/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20265/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 8ab96ee9-f06d-4d99-9759-cd553088ef4a + - a34e23d1-5c25-46ce-82f7-2181992a6de0 Atl-Traceid: - - 8ab96ee9f06d4d999759cd553088ef4a + - a34e23d15c2546ce82f72181992a6de0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4090,7 +8786,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:56 GMT + - Sun, 22 Jun 2025 10:17:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4100,7 +8796,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=508,atl-edge;dur=504,atl-edge-internal;dur=16,atl-edge-upstream;dur=488,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="jfQU4tsfsFKyODH8FhuCi-sz9qRIW-d7-ZXplfW_HUwlJazv-9zaew==",cdn-downstream-fbl;dur=512 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=459,atl-edge;dur=457,atl-edge-internal;dur=16,atl-edge-upstream;dur=440,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="MSzxbpnAd25tx1s2ko8bbyQpB1eD2CnmKiBcStt6E_7D_NgDVET7XA==",cdn-downstream-fbl;dur=463 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4110,15 +8806,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8dadf490fcfee4214b49a3509dc76616.cloudfront.net (CloudFront) + - 1.1 e575582c24a1bc95cd06311c3837a63a.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - jfQU4tsfsFKyODH8FhuCi-sz9qRIW-d7-ZXplfW_HUwlJazv-9zaew== + - MSzxbpnAd25tx1s2ko8bbyQpB1eD2CnmKiBcStt6E_7D_NgDVET7XA== X-Amz-Cf-Pop: - - SYD62-P3 + - SYD62-P1 X-Arequestid: - - 242f0a0e765e584c2ab444e098e87973 + - 028e71e3db39098bc561baad97c52122 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4144,41 +8840,42 @@ interactions: User-Agent: - python-requests/2.32.4 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/20034 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/20265 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20034","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20034","key":"NTEST-3054","fields":{"statuscategorychangedate":"2025-06-15T10:54:55.221+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"20265","self":"https://defectdojo.atlassian.net/rest/api/2/issue/20265","key":"NTEST-3057","fields":{"statuscategorychangedate":"2025-06-22T12:17:05.353+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3054/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-15T10:54:54.900+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i01173:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-15T10:54:55.021+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3057/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-06-22T12:17:05.010+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i011fb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-06-22T12:17:05.130+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/163] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/256] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/90]\n\nh2. Summary\n*Severity:* + High *Due Date:* July 22, 2025 \n\nFindings matching the Active, Verified + and Severity criteria:\n|| Severity || CVE || CWE || Component || Version + || Title || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/234]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236] | Active, - Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | pg | 0.5.3 | [Jira - Api Test 3|http://localhost:8080/finding/239] | Active, Verified |\n| High - | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] - | pg | 5.1.0 | [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|pg|0.5.3|[Jira + Api Test 3|http://localhost:8080/finding/239]|Active, Verified|\n\nFindings + *not* matching the Active, Verified and Severity criteria:\n|| Severity || + CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/234] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* July 15, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect - Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* July 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -4201,27 +8898,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/239]\n*Defect - Dojo link:* http://localhost:8080/finding/239 (239)\n*Severity:* High\n *Due - Date:* July 15, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source - File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` - header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= - 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 - or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/234]\n*Defect Dojo link:* - http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due Date:* July - 15, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect + Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -4244,16 +8930,27 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/239]\n*Defect + Dojo link:* http://localhost:8080/finding/239 (239)\n*Severity:* Medium\n + *Due Date:* Sept. 20, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3054/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20034/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3057/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/20265/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 4ad56585-ac0b-4a12-b3b0-960cb66c5d50 + - b1f5f6ee-1582-4199-bd67-60411994fc7d Atl-Traceid: - - 4ad56585ac0b4a12b3b0960cb66c5d50 + - b1f5f6ee15824199bd6760411994fc7d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4263,7 +8960,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Sun, 15 Jun 2025 08:54:58 GMT + - Sun, 22 Jun 2025 10:17:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4273,7 +8970,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=433,atl-edge;dur=427,atl-edge-internal;dur=16,atl-edge-upstream;dur=411,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="UlYHuwNqPW4NejUURPK2dwnz7qUrSAcxrVJACOk1x_0hbIfe_oaOJA==",cdn-downstream-fbl;dur=438 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=433,atl-edge;dur=427,atl-edge-internal;dur=18,atl-edge-upstream;dur=409,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="Mk_UhtzQTbfjfSV-pjFKJKfNvvwLD75pAIfrUgPAIXkrprCScfYowQ==",cdn-downstream-fbl;dur=439 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4283,15 +8980,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront) + - 1.1 900141041f08038f9452e4f1a092ecd2.cloudfront.net (CloudFront) X-Aaccountid: - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - UlYHuwNqPW4NejUURPK2dwnz7qUrSAcxrVJACOk1x_0hbIfe_oaOJA== + - Mk_UhtzQTbfjfSV-pjFKJKfNvvwLD75pAIfrUgPAIXkrprCScfYowQ== X-Amz-Cf-Pop: - - SYD62-P1 + - SYD3-P1 X-Arequestid: - - 3f88a36c7a7d25c445c46656cb554120 + - 787dafba4f412a4a605dbdd807ce3252 X-Cache: - Miss from cloudfront X-Content-Type-Options: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_false.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_false.yaml new file mode 100644 index 00000000000..3d1522b9a90 --- /dev/null +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_false.yaml @@ -0,0 +1,1801 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:09.386+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - fb44406a-d0e3-4ea6-9fc0-cba9b92e0817 + Atl-Traceid: + - fb44406ad0e34ea69fc0cba9b92e0817 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:09 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="baJr9s8bAoplf1ejgTlbj5qd3CvRfuMT0Y2aOS9V9JYjXRlkvb2zUQ==",cdn-downstream-fbl;dur=146,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=143,atl-edge;dur=114,atl-edge-internal;dur=18,atl-edge-upstream;dur=97,atl-edge-pop;desc="aws-eu-central-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - baJr9s8bAoplf1ejgTlbj5qd3CvRfuMT0Y2aOS9V9JYjXRlkvb2zUQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 84c0c2c923115e77d41ce859a929667a + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 997d00b8-6752-4ea6-8251-e04abe273f5f + Atl-Traceid: + - 997d00b867524ea68251e04abe273f5f + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:09 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=255,atl-edge;dur=248,atl-edge-internal;dur=14,atl-edge-upstream;dur=234,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="7GESAzAlu7Q8teO82lo674HomyeVlkYWPNFiqnc-XbEVvh3kWBJQhA==",cdn-downstream-fbl;dur=260 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 7GESAzAlu7Q8teO82lo674HomyeVlkYWPNFiqnc-XbEVvh3kWBJQhA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - a57d0977df97cc0c4124aa82883b195b + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/910] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/96]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/255]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/254]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/255]\n*Defect Dojo link:* http://localhost:8080/finding/255 + (255)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/254]\n*Defect + Dojo link:* http://localhost:8080/finding/254 (254)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '3510' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19644","key":"NTEST-2972","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19644"}' + headers: + Atl-Request-Id: + - 7c1aa047-fbe8-4127-9d68-a149017c706b + Atl-Traceid: + - 7c1aa047fbe841279d68a149017c706b + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:10 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=786,atl-edge;dur=778,atl-edge-internal;dur=17,atl-edge-upstream;dur=761,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="mUR41BrMcWeBL0YXDwrHMmLoUWaH-boFem0kmwZpRIVUI4-HWR2DrA==",cdn-downstream-fbl;dur=790 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - mUR41BrMcWeBL0YXDwrHMmLoUWaH-boFem0kmwZpRIVUI4-HWR2DrA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - ab8c7f54dfa109404e0f2a4760311ab9 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2972 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19644","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19644","key":"NTEST-2972","fields":{"statuscategorychangedate":"2025-05-24T12:32:10.539+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2972/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:10.191+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010bj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:10.289+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/910] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/96]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/255]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/254]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/255]\n*Defect Dojo link:* http://localhost:8080/finding/255 + (255)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/254]\n*Defect + Dojo link:* http://localhost:8080/finding/254 (254)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2972/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19644/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 1eff93e0-e879-47d6-ba0a-04646fe9bbe6 + Atl-Traceid: + - 1eff93e0e87947d6ba0a04646fe9bbe6 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:10 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=238,atl-edge;dur=231,atl-edge-internal;dur=19,atl-edge-upstream;dur=212,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="nm64oSlUzNuT81yyZAs2E3yh50j3tKUqm5RnKZ_k7MhiL1QiBZVeYA==",cdn-downstream-fbl;dur=243 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - nm64oSlUzNuT81yyZAs2E3yh50j3tKUqm5RnKZ_k7MhiL1QiBZVeYA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 73d1c4684021dd60b2ff27b552771fe1 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19644 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19644","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19644","key":"NTEST-2972","fields":{"statuscategorychangedate":"2025-05-24T12:32:10.539+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2972/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:10.191+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010bj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:10.289+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/910] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/96]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/255]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/254]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/255]\n*Defect Dojo link:* http://localhost:8080/finding/255 + (255)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/254]\n*Defect + Dojo link:* http://localhost:8080/finding/254 (254)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2972/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19644/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - e910fdc9-6557-41be-b536-caed519b17fd + Atl-Traceid: + - e910fdc9655741beb536caed519b17fd + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:11 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=248,atl-edge;dur=240,atl-edge-internal;dur=18,atl-edge-upstream;dur=223,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="7DiCd9uoyJrzdlax5dI5S4jsR-hT8HJTDsm_Kr4SeK2EWZJLQufazA==",cdn-downstream-fbl;dur=252 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 7DiCd9uoyJrzdlax5dI5S4jsR-hT8HJTDsm_Kr4SeK2EWZJLQufazA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 387be0c3b4d871036ba3a99fb7efc925 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:12.625+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 67ef75b1-b926-4b08-9e1d-a30fa1ce4320 + Atl-Traceid: + - 67ef75b1b9264b089e1da30fa1ce4320 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:12 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=122,atl-edge;dur=114,atl-edge-internal;dur=17,atl-edge-upstream;dur=97,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="VyFWnGsBBj8IidO66mAypsmHIkRmE0ByHYYdQ1MK0X2u5aF_ns0FUA==",cdn-downstream-fbl;dur=126 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 b0062bb33b961b53be87d688f2bdd9f8.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - VyFWnGsBBj8IidO66mAypsmHIkRmE0ByHYYdQ1MK0X2u5aF_ns0FUA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 739be0e4311c56f7126cd82a39bec736 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 20098909-b449-477b-9803-d8dfd5bd09d7 + Atl-Traceid: + - 20098909b449477b9803d8dfd5bd09d7 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:12 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=268,atl-edge;dur=260,atl-edge-internal;dur=16,atl-edge-upstream;dur=244,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Z5L9OLB1EDctRk3UWVSs6RssVZ63cHjR3bvLph0D2TRRvTqKWDyQ4w==",cdn-downstream-fbl;dur=272 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 c337a55bb25a3540411fbbf6c8ad1b46.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - Z5L9OLB1EDctRk3UWVSs6RssVZ63cHjR3bvLph0D2TRRvTqKWDyQ4w== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 3536d5ae8361f840f5e6d45440fcbac9 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of + Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/911] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/96]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/256]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/256]\n*Defect + Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require(''pg'')\nconst client = new Client()\nclient.connect()\n\nconst + sql = `SELECT 1 AS \"\\\\''/*\", 2 AS \"\\\\''*/\\n + console.log(process.env)] + = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n + Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= + 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 + || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < + 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n + Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to version 2.11.2 + or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: + Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 + or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions + 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version + 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/258]\n*Defect Dojo link:* http://localhost:8080/finding/258 + (258)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require(''pg'')\nconst client = new Client()\nclient.connect()\n\nconst + sql = `SELECT 1 AS \"\\\\''/*\", 2 AS \"\\\\''*/\\n + console.log(process.env)] + = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n + Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= + 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 + || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < + 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n + Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to version 2.11.2 + or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: + Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 + or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions + 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version + 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '6980' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19645","key":"NTEST-2973","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19645"}' + headers: + Atl-Request-Id: + - 13262e44-6a20-41e8-ba99-8b2cf22cc021 + Atl-Traceid: + - 13262e446a2041e8ba998b2cf22cc021 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:13 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=7,cdn-upstream-fbl;dur=748,atl-edge;dur=719,atl-edge-internal;dur=18,atl-edge-upstream;dur=701,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="l6HlZP3oyDijjFSXID9rTQmrKAoLhKH5oN_AB0cKEvMdVjutJz0dow==",cdn-downstream-fbl;dur=752 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - l6HlZP3oyDijjFSXID9rTQmrKAoLhKH5oN_AB0cKEvMdVjutJz0dow== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 23cb0041374d9feacbee97b0f8fa8669 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2973 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19645","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19645","key":"NTEST-2973","fields":{"statuscategorychangedate":"2025-05-24T12:32:13.792+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2973/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:13.415+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010br:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:13.496+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/911] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/96]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/256]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/256]\n*Defect + Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258]\n*Defect + Dojo link:* http://localhost:8080/finding/258 (258)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2973/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19645/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 0e0742b1-0948-49c8-a983-2cbe688a2a9d + Atl-Traceid: + - 0e0742b1094849c8a9832cbe688a2a9d + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:14 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=227,atl-edge;dur=220,atl-edge-internal;dur=17,atl-edge-upstream;dur=203,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="hDjQreY7ZyY80ADWFAfUJO3Zc_2mr2rm-EJ3erdAMg99lGDQ3JypSg==",cdn-downstream-fbl;dur=231 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - hDjQreY7ZyY80ADWFAfUJO3Zc_2mr2rm-EJ3erdAMg99lGDQ3JypSg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 3689b50e43bf1e5505f3b3a1a488f0ba + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19645 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19645","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19645","key":"NTEST-2973","fields":{"statuscategorychangedate":"2025-05-24T12:32:13.792+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2973/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:13.415+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010br:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:13.496+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/911] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/96]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/256]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/256]\n*Defect + Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258]\n*Defect + Dojo link:* http://localhost:8080/finding/258 (258)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2973/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19645/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - b0867c72-a158-46e8-96b1-ff02168d354a + Atl-Traceid: + - b0867c72a15846e896b1ff02168d354a + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:14 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="_yuTGv1mhwLkUnMkspW59DsOg6PEb8gtsiSFkHsmRl3dSXkKYQ3Ypw==",cdn-downstream-fbl;dur=255,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=19,cdn-upstream-fbl;dur=253,atl-edge;dur=226,atl-edge-internal;dur=16,atl-edge-upstream;dur=210,atl-edge-pop;desc="aws-eu-central-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - _yuTGv1mhwLkUnMkspW59DsOg6PEb8gtsiSFkHsmRl3dSXkKYQ3Ypw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 26396804b96f6a38ea5afbf853eeaca2 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:14.723+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 5c55391e-f055-4d56-b8a2-68354795e44f + Atl-Traceid: + - 5c55391ef0554d56b8a268354795e44f + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:14 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="KcV2HdwmN3qEDmIloB1Fml7M4p6pOU-Og4ZLFTLjW3weIFouZadPRw==",cdn-downstream-fbl;dur=146,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=144,atl-edge;dur=116,atl-edge-internal;dur=14,atl-edge-upstream;dur=102,atl-edge-pop;desc="aws-eu-central-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - KcV2HdwmN3qEDmIloB1Fml7M4p6pOU-Og4ZLFTLjW3weIFouZadPRw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 78ef9f77e838b6c278e0ddf9522cf3cf + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - a7a07887-dfd2-4d0d-868a-7e0d37530484 + Atl-Traceid: + - a7a07887dfd24d0d868a7e0d37530484 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:15 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=274,atl-edge;dur=267,atl-edge-internal;dur=15,atl-edge-upstream;dur=251,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="TSkDZdDb0wlVNEUD-eBwNnnHQR4jCh_XDjnyCiZ2m3WKQ-Amexz-yg==",cdn-downstream-fbl;dur=278 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - TSkDZdDb0wlVNEUD-eBwNnnHQR4jCh_XDjnyCiZ2m3WKQ-Amexz-yg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 8c191b0518c6e978871a6b5db9f0bc58 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group + of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/912] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/96]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/257]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/257]\n*Defect + Dojo link:* http://localhost:8080/finding/257 (257)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service when + parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '2138' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19646","key":"NTEST-2974","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19646"}' + headers: + Atl-Request-Id: + - 4ebe695a-1cde-47c6-a518-9198a107a0a5 + Atl-Traceid: + - 4ebe695a1cde47c6a5189198a107a0a5 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:15 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="OeiGw4_t9xYqL8O5eZLtQCYblPM4JgLr8KaBHpRZB9Z6N1zPZoaYEg==",cdn-downstream-fbl;dur=705,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=703,atl-edge;dur=675,atl-edge-internal;dur=16,atl-edge-upstream;dur=659,atl-edge-pop;desc="aws-eu-central-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - OeiGw4_t9xYqL8O5eZLtQCYblPM4JgLr8KaBHpRZB9Z6N1zPZoaYEg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 795fba54d4840b5c81ff5e1d3e940ac3 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2974 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19646","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19646","key":"NTEST-2974","fields":{"statuscategorychangedate":"2025-05-24T12:32:15.846+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2974/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:15.544+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010bz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:15.619+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/912] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/96]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/257]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/257]\n*Defect + Dojo link:* http://localhost:8080/finding/257 (257)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service + when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2974/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19646/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 4dbbff33-57b6-4d75-93ac-c42eca1ebe2a + Atl-Traceid: + - 4dbbff3357b64d7593acc42eca1ebe2a + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:16 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=262,atl-edge;dur=255,atl-edge-internal;dur=15,atl-edge-upstream;dur=239,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="whWfrd1Yvy8WF4x8ijPVA7kMd8KdhUq2WNVfrBHYdFD0ZI2_viK2gw==",cdn-downstream-fbl;dur=266 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - whWfrd1Yvy8WF4x8ijPVA7kMd8KdhUq2WNVfrBHYdFD0ZI2_viK2gw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - d07d28bfc39f80f55f5046a8c5d20046 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19646 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19646","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19646","key":"NTEST-2974","fields":{"statuscategorychangedate":"2025-05-24T12:32:15.846+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2974/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:15.544+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010bz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:15.619+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/912] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/96]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/257]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/257]\n*Defect + Dojo link:* http://localhost:8080/finding/257 (257)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service + when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2974/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19646/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 9c2d6e2f-8b59-4dac-b3fa-c4614da30cb1 + Atl-Traceid: + - 9c2d6e2f8b594dacb3fac4614da30cb1 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:16 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=213,atl-edge;dur=205,atl-edge-internal;dur=16,atl-edge-upstream;dur=190,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Lp_4eI2z9e0zTrw6YFroB49SXOxJ_dyMdWIppEZxSgYQgu986VzzcQ==",cdn-downstream-fbl;dur=217 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - Lp_4eI2z9e0zTrw6YFroB49SXOxJ_dyMdWIppEZxSgYQgu986VzzcQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 01038d0d437237a34244c600695a8610 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"description": "Event test_added has occurred.", "title": "Test created + for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, + "url_ui": "http://localhost:8080/test/96", "url_api": "http://localhost:8080/api/v2/tests/96/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 96, "url_ui": "http://localhost:8080/test/96", "url_api": "http://localhost:8080/api/v2/tests/96/"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '844' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - test_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"844\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:53078\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for + Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/96\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/96/\\\", \\\"product_type\\\": {\\\"name\\\": + \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 96, \\\"url_ui\\\": \\\"http://localhost:8080/test/96\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/96/\\\"}}\",\n \"files\": + {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added + has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": + \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 96,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/96/\",\n + \ \"url_ui\": \"http://localhost:8080/test/96\"\n },\n \"title\": + \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/tests/96/\",\n \"url_ui\": + \"http://localhost:8080/test/96\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:32:14 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": + null, "url_ui": "http://localhost:8080/test/96", "url_api": "http://localhost:8080/api/v2/tests/96/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 96, "url_ui": "http://localhost:8080/test/96", "url_api": "http://localhost:8080/api/v2/tests/96/"}, + "finding_count": 5, "findings": {"new": [{"id": 255, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/255", + "url_api": "http://localhost:8080/api/v2/findings/255/"}, {"id": 256, "title": + "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 + || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "High", "url_ui": "http://localhost:8080/finding/256", "url_api": + "http://localhost:8080/api/v2/findings/256/"}, {"id": 254, "title": "Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", + "url_ui": "http://localhost:8080/finding/254", "url_api": "http://localhost:8080/api/v2/findings/254/"}, + {"id": 257, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/257", "url_api": + "http://localhost:8080/api/v2/findings/257/"}, {"id": 258, "title": "2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= + 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || + >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/258", "url_api": + "http://localhost:8080/api/v2/findings/258/"}], "reactivated": [], "mitigated": + [], "untouched": []}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '2373' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - scan_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"2373\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:53094\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/96\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/96/\\\", \\\"product_type\\\": + {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 96, \\\"url_ui\\\": \\\"http://localhost:8080/test/96\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/96/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 255, \\\"title\\\": \\\"2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/255\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/255/\\\"}, {\\\"id\\\": 256, \\\"title\\\": + \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 + < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= + 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/256\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/256/\\\"}, + {\\\"id\\\": 254, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/254\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/254/\\\"}, + {\\\"id\\\": 257, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/257\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/257/\\\"}, + {\\\"id\\\": 258, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/258\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/258/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": + 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n + \ \"id\": 255,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/255/\",\n \"url_ui\": \"http://localhost:8080/finding/255\"\n + \ },\n {\n \"id\": 256,\n \"severity\": \"High\",\n + \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < + 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 + < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/256/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/256\"\n },\n + \ {\n \"id\": 254,\n \"severity\": \"Medium\",\n \"title\": + \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/254/\",\n \"url_ui\": \"http://localhost:8080/finding/254\"\n + \ },\n {\n \"id\": 257,\n \"severity\": \"Medium\",\n + \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/257/\",\n \"url_ui\": + \"http://localhost:8080/finding/257\"\n },\n {\n \"id\": + 258,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/258/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/258\"\n }\n ],\n + \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 96,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/96/\",\n + \ \"url_ui\": \"http://localhost:8080/test/96\"\n },\n \"title\": + \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/96/\",\n + \ \"url_ui\": \"http://localhost:8080/test/96\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:32:14 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +version: 1 diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_true.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_true.yaml new file mode 100644 index 00000000000..1200cb5bbd7 --- /dev/null +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_true.yaml @@ -0,0 +1,2038 @@ +interactions: +- request: + body: '{"description": "Event test_added has occurred.", "title": "Test created + for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, + "url_ui": "http://localhost:8080/test/97", "url_api": "http://localhost:8080/api/v2/tests/97/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 97, "url_ui": "http://localhost:8080/test/97", "url_api": "http://localhost:8080/api/v2/tests/97/"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '844' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - test_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"844\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:60534\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for + Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/97\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/97/\\\", \\\"product_type\\\": {\\\"name\\\": + \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 97, \\\"url_ui\\\": \\\"http://localhost:8080/test/97\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/97/\\\"}}\",\n \"files\": + {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added + has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": + \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 97,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/97/\",\n + \ \"url_ui\": \"http://localhost:8080/test/97\"\n },\n \"title\": + \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/tests/97/\",\n \"url_ui\": + \"http://localhost:8080/test/97\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:32:14 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": + null, "url_ui": "http://localhost:8080/test/97", "url_api": "http://localhost:8080/api/v2/tests/97/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 97, "url_ui": "http://localhost:8080/test/97", "url_api": "http://localhost:8080/api/v2/tests/97/"}, + "finding_count": 5, "findings": {"new": [{"id": 260, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/260", + "url_api": "http://localhost:8080/api/v2/findings/260/"}, {"id": 261, "title": + "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 + || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "High", "url_ui": "http://localhost:8080/finding/261", "url_api": + "http://localhost:8080/api/v2/findings/261/"}, {"id": 259, "title": "Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", + "url_ui": "http://localhost:8080/finding/259", "url_api": "http://localhost:8080/api/v2/findings/259/"}, + {"id": 262, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/262", "url_api": + "http://localhost:8080/api/v2/findings/262/"}, {"id": 263, "title": "2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= + 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || + >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/263", "url_api": + "http://localhost:8080/api/v2/findings/263/"}], "reactivated": [], "mitigated": + [], "untouched": []}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '2373' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - scan_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"2373\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:60546\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/97\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/97/\\\", \\\"product_type\\\": + {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 97, \\\"url_ui\\\": \\\"http://localhost:8080/test/97\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/97/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 260, \\\"title\\\": \\\"2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/260\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/260/\\\"}, {\\\"id\\\": 261, \\\"title\\\": + \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 + < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= + 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/261\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/261/\\\"}, + {\\\"id\\\": 259, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/259\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/259/\\\"}, + {\\\"id\\\": 262, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/262\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/262/\\\"}, + {\\\"id\\\": 263, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/263\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/263/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": + 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n + \ \"id\": 260,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/260/\",\n \"url_ui\": \"http://localhost:8080/finding/260\"\n + \ },\n {\n \"id\": 261,\n \"severity\": \"High\",\n + \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < + 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 + < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/261/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/261\"\n },\n + \ {\n \"id\": 259,\n \"severity\": \"Medium\",\n \"title\": + \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/259/\",\n \"url_ui\": \"http://localhost:8080/finding/259\"\n + \ },\n {\n \"id\": 262,\n \"severity\": \"Medium\",\n + \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/262/\",\n \"url_ui\": + \"http://localhost:8080/finding/262\"\n },\n {\n \"id\": + 263,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/263/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/263\"\n }\n ],\n + \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 97,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/97/\",\n + \ \"url_ui\": \"http://localhost:8080/test/97\"\n },\n \"title\": + \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/97/\",\n + \ \"url_ui\": \"http://localhost:8080/test/97\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:32:14 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:17.359+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 9ab5c573-975f-4d37-954f-53d316a12d47 + Atl-Traceid: + - 9ab5c573975f4d37954f53d316a12d47 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:17 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=133,atl-edge;dur=125,atl-edge-internal;dur=16,atl-edge-upstream;dur=109,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="c8WYweSsbQzRy4wUf0Kj5uqfySBNfHFbO8BUHoB6nWCGTwxwu1yo6A==",cdn-downstream-fbl;dur=137 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - c8WYweSsbQzRy4wUf0Kj5uqfySBNfHFbO8BUHoB6nWCGTwxwu1yo6A== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 758b96d090f2139ab69498d42db9edcb + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 6483e4cd-29ed-4216-aefc-293ec284780e + Atl-Traceid: + - 6483e4cd29ed4216aefc293ec284780e + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:17 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=297,atl-edge;dur=289,atl-edge-internal;dur=16,atl-edge-upstream;dur=273,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="erMYQFsZR4AcZ7t0Dyc4aqspmwqiklovn5u4cfZ-BviSZlaFrIitIg==",cdn-downstream-fbl;dur=302 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - erMYQFsZR4AcZ7t0Dyc4aqspmwqiklovn5u4cfZ-BviSZlaFrIitIg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 823f3eba92da5ac90194b60039c25703 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/916] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/98]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/265]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/264]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service Different Title - + (Negotiator, <= 0.6.0)|http://localhost:8080/finding/265]\n*Defect Dojo link:* + http://localhost:8080/finding/265 (265)\n*Severity:* High\n *Due Date:* June + 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/264]\n*Defect + Dojo link:* http://localhost:8080/finding/264 (264)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '3574' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19647","key":"NTEST-2975","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19647"}' + headers: + Atl-Request-Id: + - b927ee4d-9d57-466e-a2b3-da165c0787d6 + Atl-Traceid: + - b927ee4d9d57466ea2b3da165c0787d6 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:18 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=732,atl-edge;dur=725,atl-edge-internal;dur=14,atl-edge-upstream;dur=710,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Gp14Nj8_b23-D2epn4-Gz1W_TRvKfz56sOiPVUURXXWT46wULuFttg==",cdn-downstream-fbl;dur=736 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - Gp14Nj8_b23-D2epn4-Gz1W_TRvKfz56sOiPVUURXXWT46wULuFttg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 3f5eb1088f52349da83d6ca42336ee6c + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2975 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19647","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19647","key":"NTEST-2975","fields":{"statuscategorychangedate":"2025-05-24T12:32:18.528+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2975/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:18.171+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010c7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:18.268+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/916] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/98]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/265]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/264]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service Different Title + - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/265]\n*Defect Dojo + link:* http://localhost:8080/finding/265 (265)\n*Severity:* High\n *Due Date:* + June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/264]\n*Defect + Dojo link:* http://localhost:8080/finding/264 (264)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2975/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19647/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 300cf929-d919-4f4b-b3f9-d7fdfa16ddaa + Atl-Traceid: + - 300cf929d9194f4bb3f9d7fdfa16ddaa + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:18 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="vKXPvdK5qMk7PJ-ArXtak2Az7f-HiS78ARw29QuhnEaNTbD5SN7VVg==",cdn-downstream-fbl;dur=240,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=238,atl-edge;dur=210,atl-edge-internal;dur=17,atl-edge-upstream;dur=193,atl-edge-pop;desc="aws-eu-central-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - vKXPvdK5qMk7PJ-ArXtak2Az7f-HiS78ARw29QuhnEaNTbD5SN7VVg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - b4a2bf80017bb59249558a565ad1a6fb + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19647 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19647","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19647","key":"NTEST-2975","fields":{"statuscategorychangedate":"2025-05-24T12:32:18.528+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2975/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:18.171+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010c7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:18.268+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/916] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/98]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/265]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/264]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service Different Title + - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/265]\n*Defect Dojo + link:* http://localhost:8080/finding/265 (265)\n*Severity:* High\n *Due Date:* + June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/264]\n*Defect + Dojo link:* http://localhost:8080/finding/264 (264)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2975/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19647/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 6e42d5b5-eda7-446e-90d1-81ba3f4100c9 + Atl-Traceid: + - 6e42d5b5eda7446e90d181ba3f4100c9 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:19 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=292,atl-edge;dur=265,atl-edge-internal;dur=16,atl-edge-upstream;dur=249,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="CmZMFroscjevUSmBKKp8Hs7YQWmVYobFHp6oV19TPaElNMzAKDMGig==",cdn-downstream-fbl;dur=296 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - CmZMFroscjevUSmBKKp8Hs7YQWmVYobFHp6oV19TPaElNMzAKDMGig== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 8a76fb80bdeaab9e8a11004b3344416c + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:19.527+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 80888ad8-f6cc-471b-b8ee-aa519cbcec30 + Atl-Traceid: + - 80888ad8f6cc471bb8eeaa519cbcec30 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:19 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=138,atl-edge;dur=131,atl-edge-internal;dur=13,atl-edge-upstream;dur=117,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="0R5rKXCpQilY7fQVITglkoliSJ_-exdi3bm2U_lZhqMw0NK9rCtXjQ==",cdn-downstream-fbl;dur=143 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 0R5rKXCpQilY7fQVITglkoliSJ_-exdi3bm2U_lZhqMw0NK9rCtXjQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 98739505a16a6e0f9f6c5b29704ac2da + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - b9e3ff1c-608c-448e-ba52-496bf2e07538 + Atl-Traceid: + - b9e3ff1c608c448eba52496bf2e07538 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:19 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=280,atl-edge;dur=273,atl-edge-internal;dur=18,atl-edge-upstream;dur=255,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="16x5mxEkizGY9L2mS3ggXwD8Qnjiz-7EHSIDwZ4e-KY7esc_L-DcrQ==",cdn-downstream-fbl;dur=284 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 16x5mxEkizGY9L2mS3ggXwD8Qnjiz-7EHSIDwZ4e-KY7esc_L-DcrQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 803a1f4aebda79b48ddf060c13fa57cc + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of + Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/917] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/98]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/266]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/268]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution Different Title - (Pg, < 2.11.2 >= + 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 + < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < + 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/266]\n*Defect + Dojo link:* http://localhost:8080/finding/266 (266)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require(''pg'')\nconst client = new Client()\nclient.connect()\n\nconst + sql = `SELECT 1 AS \"\\\\''/*\", 2 AS \"\\\\''*/\\n + console.log(process.env)] + = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n + Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= + 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 + || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < + 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n + Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to version 2.11.2 + or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: + Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 + or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions + 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version + 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution Different + Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/268]\n*Defect Dojo + link:* http://localhost:8080/finding/268 (268)\n*Severity:* Medium\n *Due Date:* + Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require(''pg'')\nconst client = new Client()\nclient.connect()\n\nconst + sql = `SELECT 1 AS \"\\\\''/*\", 2 AS \"\\\\''*/\\n + console.log(process.env)] + = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n + Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= + 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 + || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < + 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n + Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to version 2.11.2 + or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: + Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 + or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions + 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version + 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '7044' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19648","key":"NTEST-2976","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19648"}' + headers: + Atl-Request-Id: + - e0d53b56-7232-41f1-826e-319d802fb41f + Atl-Traceid: + - e0d53b56723241f1826e319d802fb41f + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:20 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=714,atl-edge;dur=707,atl-edge-internal;dur=17,atl-edge-upstream;dur=690,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="w_8zOADxGccgpKC6Gxc05iknz-muFTektQQOKiGvJ4g5Er23cZTfPQ==",cdn-downstream-fbl;dur=718 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - w_8zOADxGccgpKC6Gxc05iknz-muFTektQQOKiGvJ4g5Er23cZTfPQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 55e2091a5fa22bf695f49aae92c3a3b8 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2976 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19648","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19648","key":"NTEST-2976","fields":{"statuscategorychangedate":"2025-05-24T12:32:20.622+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2976/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:20.277+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010cf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:20.372+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/917] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/98]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/266]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/268]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution Different Title - (Pg, < 2.11.2 >= + 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 + < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < + 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/266]\n*Defect + Dojo link:* http://localhost:8080/finding/266 (266)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/268]\n*Defect + Dojo link:* http://localhost:8080/finding/268 (268)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2976/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19648/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - a5ba140e-f658-448c-a034-aa0bc3d9ffeb + Atl-Traceid: + - a5ba140ef658448ca034aa0bc3d9ffeb + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:21 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="aAHDVo82o1kGQY8jbn2t34gVZ97Url8fg2xK0b9qDQ6nnXl26N916g==",cdn-downstream-fbl;dur=281,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=278,atl-edge;dur=247,atl-edge-internal;dur=18,atl-edge-upstream;dur=230,atl-edge-pop;desc="aws-eu-central-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - aAHDVo82o1kGQY8jbn2t34gVZ97Url8fg2xK0b9qDQ6nnXl26N916g== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 411ed0ba3afdaeecc952e18c163e25bb + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19648 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19648","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19648","key":"NTEST-2976","fields":{"statuscategorychangedate":"2025-05-24T12:32:20.622+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2976/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:20.277+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010cf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:20.372+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/917] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/98]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/266]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/268]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution Different Title - (Pg, < 2.11.2 >= + 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 + < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < + 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/266]\n*Defect + Dojo link:* http://localhost:8080/finding/266 (266)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/268]\n*Defect + Dojo link:* http://localhost:8080/finding/268 (268)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2976/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19648/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 24215454-a6d4-4c40-bae9-36b000fe1e5f + Atl-Traceid: + - 24215454a6d44c40bae936b000fe1e5f + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:21 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=258,atl-edge;dur=251,atl-edge-internal;dur=17,atl-edge-upstream;dur=234,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Eug4ATX8fJGr4xcRJUCfBxrjGlQ_qqKdToDL2Uvsm1TTUusX_-As0g==",cdn-downstream-fbl;dur=262 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 b0062bb33b961b53be87d688f2bdd9f8.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - Eug4ATX8fJGr4xcRJUCfBxrjGlQ_qqKdToDL2Uvsm1TTUusX_-As0g== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - ade0f0abc29e49c61898e682d8a6b7cd + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:21.615+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 5d4ad33a-3a4a-485a-b1f3-a434bcc0957c + Atl-Traceid: + - 5d4ad33a3a4a485ab1f3a434bcc0957c + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:21 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="BnEFuZB6EbN5dqz3_pwrP136ZkP9Ynf9R4cYwU0DIVOVnw2YwNXQyQ==",cdn-downstream-fbl;dur=118,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=116,atl-edge;dur=107,atl-edge-internal;dur=16,atl-edge-upstream;dur=92,atl-edge-pop;desc="aws-eu-central-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - BnEFuZB6EbN5dqz3_pwrP136ZkP9Ynf9R4cYwU0DIVOVnw2YwNXQyQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 674e802d6e56850072d869ac1e776de3 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 9ccda4f7-6c60-400c-ac75-b284bd3dead8 + Atl-Traceid: + - 9ccda4f76c60400cac75b284bd3dead8 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:22 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=311,atl-edge;dur=302,atl-edge-internal;dur=15,atl-edge-upstream;dur=288,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ZsDmYwhc6M4VtM66Z8yrf5l56N3aYLdKgxcOqovuJnJPO3ymOmu4dA==",cdn-downstream-fbl;dur=314 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - ZsDmYwhc6M4VtM66Z8yrf5l56N3aYLdKgxcOqovuJnJPO3ymOmu4dA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 2300ca89159bcc94d67cf70240714cf6 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group + of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/918] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/98]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service Different Title - (Fresh, < 0.5.2)|http://localhost:8080/finding/267]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service Different Title - (Fresh, + < 0.5.2)|http://localhost:8080/finding/267]\n*Defect Dojo link:* http://localhost:8080/finding/267 + (267)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service when + parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '2170' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19649","key":"NTEST-2977","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19649"}' + headers: + Atl-Request-Id: + - 82fd5d96-1550-4b4b-bcca-5561462b609e + Atl-Traceid: + - 82fd5d9615504b4bbcca5561462b609e + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:22 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="yiE5sBQhu8gNC4k9C0HYrqnPBErTSUKNC53mW_8K9T7YtcgLDVrlfg==",cdn-downstream-fbl;dur=834,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=831,atl-edge;dur=801,atl-edge-internal;dur=17,atl-edge-upstream;dur=785,atl-edge-pop;desc="aws-eu-central-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - yiE5sBQhu8gNC4k9C0HYrqnPBErTSUKNC53mW_8K9T7YtcgLDVrlfg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - f4abb2a7d976ce427f4c54d7394f67fc + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2977 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19649","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19649","key":"NTEST-2977","fields":{"statuscategorychangedate":"2025-05-24T12:32:22.856+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2977/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:22.517+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010cn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:22.606+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/918] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/98]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service Different Title - (Fresh, < 0.5.2)|http://localhost:8080/finding/267]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service Different Title - (Fresh, + < 0.5.2)|http://localhost:8080/finding/267]\n*Defect Dojo link:* http://localhost:8080/finding/267 + (267)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service + when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2977/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19649/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - a1ca5003-1586-4844-b14b-c042144c811e + Atl-Traceid: + - a1ca500315864844b14bc042144c811e + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:23 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Yq91qlsgrVE0DhRMfU5a6gN7r0eLdKY0hws-FIerSohEVkZWT4R1Zw==",cdn-downstream-fbl;dur=334,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=332,atl-edge;dur=303,atl-edge-internal;dur=17,atl-edge-upstream;dur=286,atl-edge-pop;desc="aws-eu-central-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 b0062bb33b961b53be87d688f2bdd9f8.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - Yq91qlsgrVE0DhRMfU5a6gN7r0eLdKY0hws-FIerSohEVkZWT4R1Zw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 44a9e53b4374853bdf71d62ab9ef1915 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19649 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19649","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19649","key":"NTEST-2977","fields":{"statuscategorychangedate":"2025-05-24T12:32:22.856+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2977/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:22.517+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010cn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:22.606+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/918] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/98]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service Different Title - (Fresh, < 0.5.2)|http://localhost:8080/finding/267]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service Different Title - (Fresh, + < 0.5.2)|http://localhost:8080/finding/267]\n*Defect Dojo link:* http://localhost:8080/finding/267 + (267)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service + when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2977/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19649/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - ff88c869-5b11-4736-9ea1-914355fbc82c + Atl-Traceid: + - ff88c8695b1147369ea1914355fbc82c + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:23 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=235,atl-edge;dur=227,atl-edge-internal;dur=19,atl-edge-upstream;dur=209,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="BUOJHyhf6_sX9iRCpsvKB1W6jo0XMEaebxRytCvh4OR4rGvhe2xWzA==",cdn-downstream-fbl;dur=239 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 e086ec27af2d3105a1a9fa7efa1be454.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - BUOJHyhf6_sX9iRCpsvKB1W6jo0XMEaebxRytCvh4OR4rGvhe2xWzA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 68bf2c5ea23f1fe32f01a38b69aeb748 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"description": "Event test_added has occurred.", "title": "Test created + for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, + "url_ui": "http://localhost:8080/test/98", "url_api": "http://localhost:8080/api/v2/tests/98/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 98, "url_ui": "http://localhost:8080/test/98", "url_api": "http://localhost:8080/api/v2/tests/98/"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '844' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - test_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"844\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:60556\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for + Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/98\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/98/\\\", \\\"product_type\\\": {\\\"name\\\": + \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 98, \\\"url_ui\\\": \\\"http://localhost:8080/test/98\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/98/\\\"}}\",\n \"files\": + {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added + has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": + \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 98,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/98/\",\n + \ \"url_ui\": \"http://localhost:8080/test/98\"\n },\n \"title\": + \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/tests/98/\",\n \"url_ui\": + \"http://localhost:8080/test/98\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:32:23 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": + null, "url_ui": "http://localhost:8080/test/98", "url_api": "http://localhost:8080/api/v2/tests/98/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 98, "url_ui": "http://localhost:8080/test/98", "url_api": "http://localhost:8080/api/v2/tests/98/"}, + "finding_count": 5, "findings": {"new": [{"id": 265, "title": "2222Regular Expression + Denial of Service Different Title - (Negotiator, <= 0.6.0)", "severity": "High", + "url_ui": "http://localhost:8080/finding/265", "url_api": "http://localhost:8080/api/v2/findings/265/"}, + {"id": 266, "title": "Remote Code Execution Different Title - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 + || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 + || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/266", + "url_api": "http://localhost:8080/api/v2/findings/266/"}, {"id": 264, "title": + "Regular Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/264", "url_api": + "http://localhost:8080/api/v2/findings/264/"}, {"id": 267, "title": "Regular + Expression Denial of Service Different Title - (Fresh, < 0.5.2)", "severity": + "Medium", "url_ui": "http://localhost:8080/finding/267", "url_api": "http://localhost:8080/api/v2/findings/267/"}, + {"id": 268, "title": "2222Remote Code Execution Different Title - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 + || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 + || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "Medium", "url_ui": "http://localhost:8080/finding/268", + "url_api": "http://localhost:8080/api/v2/findings/268/"}], "reactivated": [], + "mitigated": [], "untouched": []}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '2453' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - scan_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"2453\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:60560\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/98\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/98/\\\", \\\"product_type\\\": + {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 98, \\\"url_ui\\\": \\\"http://localhost:8080/test/98\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/98/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 265, \\\"title\\\": \\\"2222Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)\\\", + \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/265\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/265/\\\"}, {\\\"id\\\": + 266, \\\"title\\\": \\\"Remote Code Execution Different Title - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/266\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/266/\\\"}, {\\\"id\\\": 264, \\\"title\\\": + \\\"Regular Expression Denial of Service Different Title - (Negotiator, <= + 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/264\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/264/\\\"}, {\\\"id\\\": + 267, \\\"title\\\": \\\"Regular Expression Denial of Service Different Title + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/267\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/267/\\\"}, + {\\\"id\\\": 268, \\\"title\\\": \\\"2222Remote Code Execution Different Title + - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 + || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < + 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": + \\\"Medium\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/268\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/268/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": + 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n + \ \"id\": 265,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service Different Title - (Negotiator, + <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/265/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/265\"\n },\n + \ {\n \"id\": 266,\n \"severity\": \"High\",\n \"title\": + \"Remote Code Execution Different Title - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 + || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < + 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 + < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/266/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/266\"\n },\n + \ {\n \"id\": 264,\n \"severity\": \"Medium\",\n \"title\": + \"Regular Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/264/\",\n \"url_ui\": + \"http://localhost:8080/finding/264\"\n },\n {\n \"id\": + 267,\n \"severity\": \"Medium\",\n \"title\": \"Regular + Expression Denial of Service Different Title - (Fresh, < 0.5.2)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/267/\",\n \"url_ui\": \"http://localhost:8080/finding/267\"\n + \ },\n {\n \"id\": 268,\n \"severity\": \"Medium\",\n + \ \"title\": \"2222Remote Code Execution Different Title - (Pg, < + 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= + 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 + || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/268/\",\n \"url_ui\": \"http://localhost:8080/finding/268\"\n + \ }\n ],\n \"reactivated\": [],\n \"untouched\": []\n + \ },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": + \"http://localhost:8080/product/2\"\n },\n \"product_type\": {\n \"id\": + 2,\n \"name\": \"ebooks\",\n \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n + \ \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": + {\n \"id\": 98,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/98/\",\n + \ \"url_ui\": \"http://localhost:8080/test/98\"\n },\n \"title\": + \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/98/\",\n + \ \"url_ui\": \"http://localhost:8080/test/98\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:32:23 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +version: 1 diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_false.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_false.yaml new file mode 100644 index 00000000000..b96ba8de91d --- /dev/null +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_false.yaml @@ -0,0 +1,2039 @@ +interactions: +- request: + body: '{"description": "Event test_added has occurred.", "title": "Test created + for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, + "url_ui": "http://localhost:8080/test/99", "url_api": "http://localhost:8080/api/v2/tests/99/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 99, "url_ui": "http://localhost:8080/test/99", "url_api": "http://localhost:8080/api/v2/tests/99/"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '844' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - test_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"844\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:60564\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for + Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/99\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/99/\\\", \\\"product_type\\\": {\\\"name\\\": + \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 99, \\\"url_ui\\\": \\\"http://localhost:8080/test/99\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/99/\\\"}}\",\n \"files\": + {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added + has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": + \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 99,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/99/\",\n + \ \"url_ui\": \"http://localhost:8080/test/99\"\n },\n \"title\": + \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/tests/99/\",\n \"url_ui\": + \"http://localhost:8080/test/99\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:32:23 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": + null, "url_ui": "http://localhost:8080/test/99", "url_api": "http://localhost:8080/api/v2/tests/99/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 99, "url_ui": "http://localhost:8080/test/99", "url_api": "http://localhost:8080/api/v2/tests/99/"}, + "finding_count": 5, "findings": {"new": [{"id": 270, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/270", + "url_api": "http://localhost:8080/api/v2/findings/270/"}, {"id": 271, "title": + "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 + || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "High", "url_ui": "http://localhost:8080/finding/271", "url_api": + "http://localhost:8080/api/v2/findings/271/"}, {"id": 269, "title": "Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", + "url_ui": "http://localhost:8080/finding/269", "url_api": "http://localhost:8080/api/v2/findings/269/"}, + {"id": 272, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/272", "url_api": + "http://localhost:8080/api/v2/findings/272/"}, {"id": 273, "title": "2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= + 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || + >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/273", "url_api": + "http://localhost:8080/api/v2/findings/273/"}], "reactivated": [], "mitigated": + [], "untouched": []}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '2373' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - scan_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"2373\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:60578\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/99\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/99/\\\", \\\"product_type\\\": + {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 99, \\\"url_ui\\\": \\\"http://localhost:8080/test/99\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/99/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 270, \\\"title\\\": \\\"2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/270\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/270/\\\"}, {\\\"id\\\": 271, \\\"title\\\": + \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 + < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= + 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/271\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/271/\\\"}, + {\\\"id\\\": 269, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/269\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/269/\\\"}, + {\\\"id\\\": 272, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/272\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/272/\\\"}, + {\\\"id\\\": 273, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/273\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/273/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": + 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n + \ \"id\": 270,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/270/\",\n \"url_ui\": \"http://localhost:8080/finding/270\"\n + \ },\n {\n \"id\": 271,\n \"severity\": \"High\",\n + \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < + 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 + < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/271/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/271\"\n },\n + \ {\n \"id\": 269,\n \"severity\": \"Medium\",\n \"title\": + \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/269/\",\n \"url_ui\": \"http://localhost:8080/finding/269\"\n + \ },\n {\n \"id\": 272,\n \"severity\": \"Medium\",\n + \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/272/\",\n \"url_ui\": + \"http://localhost:8080/finding/272\"\n },\n {\n \"id\": + 273,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/273/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/273\"\n }\n ],\n + \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 99,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/99/\",\n + \ \"url_ui\": \"http://localhost:8080/test/99\"\n },\n \"title\": + \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/99/\",\n + \ \"url_ui\": \"http://localhost:8080/test/99\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:32:23 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:24.550+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 92a2cc35-a441-4d37-9430-bee943520d18 + Atl-Traceid: + - 92a2cc35a4414d379430bee943520d18 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:24 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=108,atl-edge;dur=100,atl-edge-internal;dur=17,atl-edge-upstream;dur=84,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ZWfI9k6I9T_SwrxVZrJg1SgJO1BCTMWXHoBqEHbR-e6rx46CTt0gRA==",cdn-downstream-fbl;dur=111 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - ZWfI9k6I9T_SwrxVZrJg1SgJO1BCTMWXHoBqEHbR-e6rx46CTt0gRA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 6c981e74314d917b47624c67912793e1 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 699c9f4a-7505-4181-a6cc-c90e2df8f25a + Atl-Traceid: + - 699c9f4a75054181a6ccc90e2df8f25a + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:24 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=260,atl-edge;dur=251,atl-edge-internal;dur=16,atl-edge-upstream;dur=235,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="hrwtttaz4bq4U9RzCN3q5qX_odbyBGskSmo9DwC2LaqrdTmfZkFzqA==",cdn-downstream-fbl;dur=264 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - hrwtttaz4bq4U9RzCN3q5qX_odbyBGskSmo9DwC2LaqrdTmfZkFzqA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 5680e2228945323c9ff499da51c9b355 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/922] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/100]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/275]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/274]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service Different Title - + (Negotiator, <= 0.6.0)|http://localhost:8080/finding/275]\n*Defect Dojo link:* + http://localhost:8080/finding/275 (275)\n*Severity:* High\n *Due Date:* June + 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/274]\n*Defect + Dojo link:* http://localhost:8080/finding/274 (274)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '3575' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19650","key":"NTEST-2978","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19650"}' + headers: + Atl-Request-Id: + - 7cd267aa-2aeb-4e4f-8565-b083efa11992 + Atl-Traceid: + - 7cd267aa2aeb4e4f8565b083efa11992 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:25 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=747,atl-edge;dur=740,atl-edge-internal;dur=15,atl-edge-upstream;dur=725,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="uL7nwwsPsJtyuaZRGx64N6RP9jsXNCiF34e-oZJal7mgu2gi6Btgwg==",cdn-downstream-fbl;dur=751 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - uL7nwwsPsJtyuaZRGx64N6RP9jsXNCiF34e-oZJal7mgu2gi6Btgwg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 32ee55de457dba8e706756756d78f7c4 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2978 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19650","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19650","key":"NTEST-2978","fields":{"statuscategorychangedate":"2025-05-24T12:32:25.686+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2978/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:25.356+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010cv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:25.454+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/922] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/100]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/275]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/274]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service Different Title + - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/275]\n*Defect Dojo + link:* http://localhost:8080/finding/275 (275)\n*Severity:* High\n *Due Date:* + June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/274]\n*Defect + Dojo link:* http://localhost:8080/finding/274 (274)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2978/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19650/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 58f8dc8e-16c0-4bcb-81a7-60dca73873ef + Atl-Traceid: + - 58f8dc8e16c04bcb81a760dca73873ef + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:26 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=252,atl-edge;dur=243,atl-edge-internal;dur=17,atl-edge-upstream;dur=221,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="3XnfWxI20UIjRg-xwQDZXYKCkKOoppWXX2-XN_NRDCoU7_nnpcGJFw==",cdn-downstream-fbl;dur=255 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 3XnfWxI20UIjRg-xwQDZXYKCkKOoppWXX2-XN_NRDCoU7_nnpcGJFw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - d9dd6eff3454d97055990aa38ad2d480 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19650 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19650","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19650","key":"NTEST-2978","fields":{"statuscategorychangedate":"2025-05-24T12:32:25.686+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2978/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:25.356+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010cv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:25.454+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/922] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/100]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/275]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/274]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service Different Title + - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/275]\n*Defect Dojo + link:* http://localhost:8080/finding/275 (275)\n*Severity:* High\n *Due Date:* + June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/274]\n*Defect + Dojo link:* http://localhost:8080/finding/274 (274)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2978/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19650/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - c3929dd3-e8c2-4da8-b961-608d8edf8d11 + Atl-Traceid: + - c3929dd3e8c24da8b961608d8edf8d11 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:26 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=214,atl-edge;dur=207,atl-edge-internal;dur=19,atl-edge-upstream;dur=188,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="p7BmINRR3NsG7rdA4PNoYLzAmFB12s6yUB0yofAb6sVtTo-tIDXiBQ==",cdn-downstream-fbl;dur=217 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - p7BmINRR3NsG7rdA4PNoYLzAmFB12s6yUB0yofAb6sVtTo-tIDXiBQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - d4b2dab090084e61ddaa2b18a855cd34 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:26.585+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - d983e08b-e736-4bc7-a505-bfa3e5696c4b + Atl-Traceid: + - d983e08be7364bc7a505bfa3e5696c4b + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:26 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=107,atl-edge;dur=99,atl-edge-internal;dur=14,atl-edge-upstream;dur=85,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="vRj626dSUYE3vSFhP_gNsq24wx7KQQmQq1_UmIF66Cb4oN9qs-loFg==",cdn-downstream-fbl;dur=111 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - vRj626dSUYE3vSFhP_gNsq24wx7KQQmQq1_UmIF66Cb4oN9qs-loFg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 9083c2dbebcd36c87093eb55dd549746 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - dde6bc32-7620-4eab-b5c1-b8d90a145dbe + Atl-Traceid: + - dde6bc3276204eabb5c1b8d90a145dbe + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:26 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=273,atl-edge;dur=265,atl-edge-internal;dur=16,atl-edge-upstream;dur=250,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="JU5gt2i1JtyIZJDFfPhScpZI9TDdg4iGlOzaXvR2sUkB8L2xJ1lEHQ==",cdn-downstream-fbl;dur=277 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - JU5gt2i1JtyIZJDFfPhScpZI9TDdg4iGlOzaXvR2sUkB8L2xJ1lEHQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 77b3cd07158f0a0cfbba41bd142fe7e4 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of + Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/923] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/100]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/276]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/278]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution Different Title - (Pg, < 2.11.2 >= + 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 + < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < + 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/276]\n*Defect + Dojo link:* http://localhost:8080/finding/276 (276)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require(''pg'')\nconst client = new Client()\nclient.connect()\n\nconst + sql = `SELECT 1 AS \"\\\\''/*\", 2 AS \"\\\\''*/\\n + console.log(process.env)] + = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n + Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= + 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 + || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < + 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n + Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to version 2.11.2 + or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: + Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 + or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions + 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version + 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution Different + Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/278]\n*Defect Dojo + link:* http://localhost:8080/finding/278 (278)\n*Severity:* Medium\n *Due Date:* + Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require(''pg'')\nconst client = new Client()\nclient.connect()\n\nconst + sql = `SELECT 1 AS \"\\\\''/*\", 2 AS \"\\\\''*/\\n + console.log(process.env)] + = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n + Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= + 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 + || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < + 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n + Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to version 2.11.2 + or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: + Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 + or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions + 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version + 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '7045' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19651","key":"NTEST-2979","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19651"}' + headers: + Atl-Request-Id: + - f16a450d-bf95-43a7-afd9-d54d4108cfdc + Atl-Traceid: + - f16a450dbf9543a7afd9d54d4108cfdc + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:27 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=645,atl-edge;dur=638,atl-edge-internal;dur=16,atl-edge-upstream;dur=621,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="pM8biwx0HhGVdfq0Wl00uZNvpxiZ2NrSoq2b1xMSW9JslYvOVYnDmQ==",cdn-downstream-fbl;dur=650 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - pM8biwx0HhGVdfq0Wl00uZNvpxiZ2NrSoq2b1xMSW9JslYvOVYnDmQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 5c0a1772ba07885071c4f0daba8c8bdd + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2979 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19651","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19651","key":"NTEST-2979","fields":{"statuscategorychangedate":"2025-05-24T12:32:27.651+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2979/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:27.372+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010d3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:27.455+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/923] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/100]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/276]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/278]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution Different Title - (Pg, < 2.11.2 >= + 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 + < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < + 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/276]\n*Defect + Dojo link:* http://localhost:8080/finding/276 (276)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/278]\n*Defect + Dojo link:* http://localhost:8080/finding/278 (278)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2979/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19651/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 60d6bf34-b75c-4650-8ecb-32a6ef3b376f + Atl-Traceid: + - 60d6bf34b75c46508ecb32a6ef3b376f + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:28 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=215,atl-edge;dur=208,atl-edge-internal;dur=17,atl-edge-upstream;dur=191,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="PIcR9HJDUD7suwhS0-kHvo2jllSRq8iO2eEYcDiPr1SfWTvYTMEudQ==",cdn-downstream-fbl;dur=219 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - PIcR9HJDUD7suwhS0-kHvo2jllSRq8iO2eEYcDiPr1SfWTvYTMEudQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 70877d770260058b772d7960694af386 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19651 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19651","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19651","key":"NTEST-2979","fields":{"statuscategorychangedate":"2025-05-24T12:32:27.651+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2979/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:27.372+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010d3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:27.455+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/923] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/100]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/276]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/278]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution Different Title - (Pg, < 2.11.2 >= + 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 + < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < + 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/276]\n*Defect + Dojo link:* http://localhost:8080/finding/276 (276)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/278]\n*Defect + Dojo link:* http://localhost:8080/finding/278 (278)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2979/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19651/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - fe473972-cc41-4291-a94f-99e24cebcb00 + Atl-Traceid: + - fe473972cc414291a94f99e24cebcb00 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:28 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=297,atl-edge;dur=289,atl-edge-internal;dur=22,atl-edge-upstream;dur=267,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="gboeKEm0cXoHxhEELODW7KW3v9OqMQme_yvH39YERc07sv_a0zyW4g==",cdn-downstream-fbl;dur=300 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - gboeKEm0cXoHxhEELODW7KW3v9OqMQme_yvH39YERc07sv_a0zyW4g== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - eb771954f88b962745056854c36927a8 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:28.615+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 07372833-b07d-4afa-a5a0-1b2453a3d490 + Atl-Traceid: + - 07372833b07d4afaa5a01b2453a3d490 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:28 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=118,atl-edge;dur=111,atl-edge-internal;dur=15,atl-edge-upstream;dur=96,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="D_HuRetXSKFUOf2mGzWDqkquGFBMFdC1Ol5yZ8zSSON_yT_fHFgdyg==",cdn-downstream-fbl;dur=122 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - D_HuRetXSKFUOf2mGzWDqkquGFBMFdC1Ol5yZ8zSSON_yT_fHFgdyg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 9788b95661821b25bba2668807aa9440 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 618e66db-2c64-42c9-8e43-a8bd61771be6 + Atl-Traceid: + - 618e66db2c6442c98e43a8bd61771be6 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:29 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=290,atl-edge;dur=283,atl-edge-internal;dur=16,atl-edge-upstream;dur=267,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="SAO3lD7OyD6JrQKxNXSSW2Y_R0szRpoLWhLSpuKhrE2fk8anQa4Uzg==",cdn-downstream-fbl;dur=296 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - SAO3lD7OyD6JrQKxNXSSW2Y_R0szRpoLWhLSpuKhrE2fk8anQa4Uzg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - a9877623ff31858ff6bd0b1f96a8019b + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group + of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/924] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/100]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service Different Title - (Fresh, < 0.5.2)|http://localhost:8080/finding/277]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service Different Title - (Fresh, + < 0.5.2)|http://localhost:8080/finding/277]\n*Defect Dojo link:* http://localhost:8080/finding/277 + (277)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service when + parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '2171' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19652","key":"NTEST-2980","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19652"}' + headers: + Atl-Request-Id: + - b041e8b0-051f-4a8a-81b0-a81c989c5810 + Atl-Traceid: + - b041e8b0051f4a8a81b0a81c989c5810 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:30 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=902,atl-edge;dur=895,atl-edge-internal;dur=15,atl-edge-upstream;dur=879,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="gAkoZcYAOm8e5_qe9kjAtELPAyHfPLfgjZYlMfGkNgfuRwbG4KOPuw==",cdn-downstream-fbl;dur=908 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - gAkoZcYAOm8e5_qe9kjAtELPAyHfPLfgjZYlMfGkNgfuRwbG4KOPuw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 1eed1034516a7fd2cca45f059c98f0b1 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2980 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19652","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19652","key":"NTEST-2980","fields":{"statuscategorychangedate":"2025-05-24T12:32:29.967+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2980/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:29.626+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010db:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:29.712+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/924] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/100]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service Different Title - (Fresh, < 0.5.2)|http://localhost:8080/finding/277]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service Different Title - (Fresh, + < 0.5.2)|http://localhost:8080/finding/277]\n*Defect Dojo link:* http://localhost:8080/finding/277 + (277)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service + when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2980/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19652/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - cde1dfd0-96c7-4eb8-8060-08b4eeeb1b45 + Atl-Traceid: + - cde1dfd096c74eb8806008b4eeeb1b45 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:30 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=244,atl-edge;dur=237,atl-edge-internal;dur=18,atl-edge-upstream;dur=219,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="v9M6rGknel-8fyuN07dqKCgnruUYuL8oAiEuqUCKVCRMvxW1ijduPg==",cdn-downstream-fbl;dur=248 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - v9M6rGknel-8fyuN07dqKCgnruUYuL8oAiEuqUCKVCRMvxW1ijduPg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 3961064cf30ba0f4f36ad5746783d43d + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19652 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19652","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19652","key":"NTEST-2980","fields":{"statuscategorychangedate":"2025-05-24T12:32:29.967+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2980/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:29.626+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010db:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:29.712+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/924] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/100]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service Different Title - (Fresh, < 0.5.2)|http://localhost:8080/finding/277]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service Different Title - (Fresh, + < 0.5.2)|http://localhost:8080/finding/277]\n*Defect Dojo link:* http://localhost:8080/finding/277 + (277)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service + when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2980/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19652/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 0a171eb1-ff89-46db-a636-10fdc40ff063 + Atl-Traceid: + - 0a171eb1ff8946dba63610fdc40ff063 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:30 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=246,atl-edge;dur=238,atl-edge-internal;dur=19,atl-edge-upstream;dur=219,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="wlShjamRdKC3ZAIZFnWUU6PtuwKBjKAJNuzeTTfRa9A04Hqf7WA4Ww==",cdn-downstream-fbl;dur=250 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 e086ec27af2d3105a1a9fa7efa1be454.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - wlShjamRdKC3ZAIZFnWUU6PtuwKBjKAJNuzeTTfRa9A04Hqf7WA4Ww== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 2432acdec62ac14f70749890303801e7 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"description": "Event test_added has occurred.", "title": "Test created + for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, + "url_ui": "http://localhost:8080/test/100", "url_api": "http://localhost:8080/api/v2/tests/100/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 100, "url_ui": "http://localhost:8080/test/100", "url_api": "http://localhost:8080/api/v2/tests/100/"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '849' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - test_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"849\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:37006\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for + Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/100\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/100/\\\", \\\"product_type\\\": {\\\"name\\\": + \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 100, \\\"url_ui\\\": \\\"http://localhost:8080/test/100\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/100/\\\"}}\",\n \"files\": + {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added + has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": + \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 100,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/100/\",\n + \ \"url_ui\": \"http://localhost:8080/test/100\"\n },\n \"title\": + \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/tests/100/\",\n \"url_ui\": + \"http://localhost:8080/test/100\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:32:29 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": + null, "url_ui": "http://localhost:8080/test/100", "url_api": "http://localhost:8080/api/v2/tests/100/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 100, "url_ui": "http://localhost:8080/test/100", "url_api": "http://localhost:8080/api/v2/tests/100/"}, + "finding_count": 5, "findings": {"new": [{"id": 275, "title": "2222Regular Expression + Denial of Service Different Title - (Negotiator, <= 0.6.0)", "severity": "High", + "url_ui": "http://localhost:8080/finding/275", "url_api": "http://localhost:8080/api/v2/findings/275/"}, + {"id": 276, "title": "Remote Code Execution Different Title - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 + || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 + || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/276", + "url_api": "http://localhost:8080/api/v2/findings/276/"}, {"id": 274, "title": + "Regular Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/274", "url_api": + "http://localhost:8080/api/v2/findings/274/"}, {"id": 277, "title": "Regular + Expression Denial of Service Different Title - (Fresh, < 0.5.2)", "severity": + "Medium", "url_ui": "http://localhost:8080/finding/277", "url_api": "http://localhost:8080/api/v2/findings/277/"}, + {"id": 278, "title": "2222Remote Code Execution Different Title - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 + || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 + || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "Medium", "url_ui": "http://localhost:8080/finding/278", + "url_api": "http://localhost:8080/api/v2/findings/278/"}], "reactivated": [], + "mitigated": [], "untouched": []}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '2458' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - scan_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"2458\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:37020\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/100\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/100/\\\", \\\"product_type\\\": + {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 100, \\\"url_ui\\\": \\\"http://localhost:8080/test/100\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/100/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 275, \\\"title\\\": \\\"2222Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)\\\", + \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/275\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/275/\\\"}, {\\\"id\\\": + 276, \\\"title\\\": \\\"Remote Code Execution Different Title - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/276\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/276/\\\"}, {\\\"id\\\": 274, \\\"title\\\": + \\\"Regular Expression Denial of Service Different Title - (Negotiator, <= + 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/274\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/274/\\\"}, {\\\"id\\\": + 277, \\\"title\\\": \\\"Regular Expression Denial of Service Different Title + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/277\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/277/\\\"}, + {\\\"id\\\": 278, \\\"title\\\": \\\"2222Remote Code Execution Different Title + - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 + || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < + 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": + \\\"Medium\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/278\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/278/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": + 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n + \ \"id\": 275,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service Different Title - (Negotiator, + <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/275/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/275\"\n },\n + \ {\n \"id\": 276,\n \"severity\": \"High\",\n \"title\": + \"Remote Code Execution Different Title - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 + || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < + 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 + < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/276/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/276\"\n },\n + \ {\n \"id\": 274,\n \"severity\": \"Medium\",\n \"title\": + \"Regular Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/274/\",\n \"url_ui\": + \"http://localhost:8080/finding/274\"\n },\n {\n \"id\": + 277,\n \"severity\": \"Medium\",\n \"title\": \"Regular + Expression Denial of Service Different Title - (Fresh, < 0.5.2)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/277/\",\n \"url_ui\": \"http://localhost:8080/finding/277\"\n + \ },\n {\n \"id\": 278,\n \"severity\": \"Medium\",\n + \ \"title\": \"2222Remote Code Execution Different Title - (Pg, < + 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= + 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 + || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/278/\",\n \"url_ui\": \"http://localhost:8080/finding/278\"\n + \ }\n ],\n \"reactivated\": [],\n \"untouched\": []\n + \ },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": + \"http://localhost:8080/product/2\"\n },\n \"product_type\": {\n \"id\": + 2,\n \"name\": \"ebooks\",\n \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n + \ \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": + {\n \"id\": 100,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/100/\",\n + \ \"url_ui\": \"http://localhost:8080/test/100\"\n },\n \"title\": + \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/100/\",\n + \ \"url_ui\": \"http://localhost:8080/test/100\",\n \"user\": null\n + \ }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:32:29 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +version: 1 diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_true.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_true.yaml new file mode 100644 index 00000000000..cd4f39c2600 --- /dev/null +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_true.yaml @@ -0,0 +1,2040 @@ +interactions: +- request: + body: '{"description": "Event test_added has occurred.", "title": "Test created + for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, + "url_ui": "http://localhost:8080/test/101", "url_api": "http://localhost:8080/api/v2/tests/101/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 101, "url_ui": "http://localhost:8080/test/101", "url_api": "http://localhost:8080/api/v2/tests/101/"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '849' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - test_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"849\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:37034\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for + Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/101\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/101/\\\", \\\"product_type\\\": {\\\"name\\\": + \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 101, \\\"url_ui\\\": \\\"http://localhost:8080/test/101\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/101/\\\"}}\",\n \"files\": + {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added + has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": + \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 101,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/101/\",\n + \ \"url_ui\": \"http://localhost:8080/test/101\"\n },\n \"title\": + \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/tests/101/\",\n \"url_ui\": + \"http://localhost:8080/test/101\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:32:30 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": + null, "url_ui": "http://localhost:8080/test/101", "url_api": "http://localhost:8080/api/v2/tests/101/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 101, "url_ui": "http://localhost:8080/test/101", "url_api": "http://localhost:8080/api/v2/tests/101/"}, + "finding_count": 5, "findings": {"new": [{"id": 280, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/280", + "url_api": "http://localhost:8080/api/v2/findings/280/"}, {"id": 281, "title": + "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 + || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "High", "url_ui": "http://localhost:8080/finding/281", "url_api": + "http://localhost:8080/api/v2/findings/281/"}, {"id": 279, "title": "Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", + "url_ui": "http://localhost:8080/finding/279", "url_api": "http://localhost:8080/api/v2/findings/279/"}, + {"id": 282, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/282", "url_api": + "http://localhost:8080/api/v2/findings/282/"}, {"id": 283, "title": "2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= + 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || + >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/283", "url_api": + "http://localhost:8080/api/v2/findings/283/"}], "reactivated": [], "mitigated": + [], "untouched": []}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '2378' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - scan_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"2378\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:37040\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/101\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/101/\\\", \\\"product_type\\\": + {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 101, \\\"url_ui\\\": \\\"http://localhost:8080/test/101\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/101/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 280, \\\"title\\\": \\\"2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/280\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/280/\\\"}, {\\\"id\\\": 281, \\\"title\\\": + \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 + < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= + 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/281\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/281/\\\"}, + {\\\"id\\\": 279, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/279\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/279/\\\"}, + {\\\"id\\\": 282, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/282\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/282/\\\"}, + {\\\"id\\\": 283, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/283\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/283/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": + 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n + \ \"id\": 280,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/280/\",\n \"url_ui\": \"http://localhost:8080/finding/280\"\n + \ },\n {\n \"id\": 281,\n \"severity\": \"High\",\n + \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < + 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 + < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/281/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/281\"\n },\n + \ {\n \"id\": 279,\n \"severity\": \"Medium\",\n \"title\": + \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/279/\",\n \"url_ui\": \"http://localhost:8080/finding/279\"\n + \ },\n {\n \"id\": 282,\n \"severity\": \"Medium\",\n + \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/282/\",\n \"url_ui\": + \"http://localhost:8080/finding/282\"\n },\n {\n \"id\": + 283,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/283/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/283\"\n }\n ],\n + \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 101,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/101/\",\n + \ \"url_ui\": \"http://localhost:8080/test/101\"\n },\n \"title\": + \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/101/\",\n + \ \"url_ui\": \"http://localhost:8080/test/101\",\n \"user\": null\n + \ }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:32:30 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:31.506+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 42cfa1d0-fb69-4786-aef0-b010b69542d3 + Atl-Traceid: + - 42cfa1d0fb694786aef0b010b69542d3 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:31 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=113,atl-edge;dur=106,atl-edge-internal;dur=14,atl-edge-upstream;dur=92,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="GmKOKNMzKc2BEmQjkNle000lhoAa9nr8yTHgCoBh6ZbA3WzAMcahFQ==",cdn-downstream-fbl;dur=117 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - GmKOKNMzKc2BEmQjkNle000lhoAa9nr8yTHgCoBh6ZbA3WzAMcahFQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 74128861071af1b6813a084cfd93cde1 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 9e840eda-e9bc-4373-a6b4-f0a3e87abdf9 + Atl-Traceid: + - 9e840edae9bc4373a6b4f0a3e87abdf9 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:31 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=311,atl-edge;dur=304,atl-edge-internal;dur=15,atl-edge-upstream;dur=289,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="UwYYbL0h_J4XENy-OK5QhJXRk1Dg-Yp3tqS9wc81MOfpbmwZSmQkRA==",cdn-downstream-fbl;dur=314 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - UwYYbL0h_J4XENy-OK5QhJXRk1Dg-Yp3tqS9wc81MOfpbmwZSmQkRA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 5da62803ef9fccc8f2beb0c9aef73445 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/928] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/102]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/285]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/284]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service Different Title - + (Negotiator, <= 0.6.0)|http://localhost:8080/finding/285]\n*Defect Dojo link:* + http://localhost:8080/finding/285 (285)\n*Severity:* High\n *Due Date:* June + 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/284]\n*Defect + Dojo link:* http://localhost:8080/finding/284 (284)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '3575' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19653","key":"NTEST-2981","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19653"}' + headers: + Atl-Request-Id: + - d200815f-7aa5-4ba8-ba5a-b179b08f558e + Atl-Traceid: + - d200815f7aa54ba8ba5ab179b08f558e + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:32 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=745,atl-edge;dur=729,atl-edge-internal;dur=22,atl-edge-upstream;dur=715,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="8qg2o_U5dg9kQyT6a35TOpxpGwZR6E8pRs0UT_uB1YorMo55Zvjm1g==",cdn-downstream-fbl;dur=750 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 8qg2o_U5dg9kQyT6a35TOpxpGwZR6E8pRs0UT_uB1YorMo55Zvjm1g== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 9c403661dda862b6372fdbf7f8c4578f + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2981 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19653","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19653","key":"NTEST-2981","fields":{"statuscategorychangedate":"2025-05-24T12:32:32.712+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2981/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:32.364+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010dj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:32.462+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/928] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/102]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/285]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/284]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service Different Title + - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/285]\n*Defect Dojo + link:* http://localhost:8080/finding/285 (285)\n*Severity:* High\n *Due Date:* + June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/284]\n*Defect + Dojo link:* http://localhost:8080/finding/284 (284)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2981/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19653/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 77010f2a-d482-4bbf-b819-e9a90b3b4291 + Atl-Traceid: + - 77010f2ad4824bbfb819e9a90b3b4291 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:33 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=236,atl-edge;dur=228,atl-edge-internal;dur=16,atl-edge-upstream;dur=213,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="djHyw_wZh5AnxLHMESbN3_U4PC-4vYYsI0gHXfrBnVJaFMQ3feSWRw==",cdn-downstream-fbl;dur=241 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 5de5e66003332bec09dff893114ac06c.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - djHyw_wZh5AnxLHMESbN3_U4PC-4vYYsI0gHXfrBnVJaFMQ3feSWRw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 6680563d520f0afbb41c30a634e676d4 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19653 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19653","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19653","key":"NTEST-2981","fields":{"statuscategorychangedate":"2025-05-24T12:32:32.712+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2981/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:32.364+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010dj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:32.462+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/928] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/102]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/285]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/284]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service Different Title + - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/285]\n*Defect Dojo + link:* http://localhost:8080/finding/285 (285)\n*Severity:* High\n *Due Date:* + June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service Different Title - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/284]\n*Defect + Dojo link:* http://localhost:8080/finding/284 (284)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2981/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19653/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 7a4da98e-423e-4f46-aae9-1974b9b90947 + Atl-Traceid: + - 7a4da98e423e4f46aae91974b9b90947 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:33 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=229,atl-edge;dur=222,atl-edge-internal;dur=16,atl-edge-upstream;dur=206,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="OFmICy0N0St1Zdc8EZbq1iGZfdhmWXln1pa-O3fpq440M8lz1P27hQ==",cdn-downstream-fbl;dur=233 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - OFmICy0N0St1Zdc8EZbq1iGZfdhmWXln1pa-O3fpq440M8lz1P27hQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 507cc6ce371ec7631d2cca22bb66e716 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:33.629+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 13c695ed-caad-4d53-8e8d-fc4acbcf8089 + Atl-Traceid: + - 13c695edcaad4d538e8dfc4acbcf8089 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:33 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=115,atl-edge;dur=107,atl-edge-internal;dur=15,atl-edge-upstream;dur=92,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ul2STN2Ep3zRkoghmjKxv5jELABB5880XAsCu8asVpLMorwPYq1m5g==",cdn-downstream-fbl;dur=119 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - ul2STN2Ep3zRkoghmjKxv5jELABB5880XAsCu8asVpLMorwPYq1m5g== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 591dfd77a1ceff385e60363fc8c02f4b + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 42329af6-c4e3-4fc4-9408-2e48ef396626 + Atl-Traceid: + - 42329af6c4e34fc494082e48ef396626 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:34 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="2DdVP_AgQ5R4QUWgki2MXiGLpexTob7NGjR_yiv-xkX2adQ7J_Az1A==",cdn-downstream-fbl;dur=312,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=309,atl-edge;dur=280,atl-edge-internal;dur=15,atl-edge-upstream;dur=265,atl-edge-pop;desc="aws-eu-central-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 4ab1227a56c7dfaf7a8f7750683df1be.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 2DdVP_AgQ5R4QUWgki2MXiGLpexTob7NGjR_yiv-xkX2adQ7J_Az1A== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - b9253ef7a933615183b4af9f2fee7440 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of + Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/929] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/102]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/286]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/288]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution Different Title - (Pg, < 2.11.2 >= + 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 + < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < + 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/286]\n*Defect + Dojo link:* http://localhost:8080/finding/286 (286)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require(''pg'')\nconst client = new Client()\nclient.connect()\n\nconst + sql = `SELECT 1 AS \"\\\\''/*\", 2 AS \"\\\\''*/\\n + console.log(process.env)] + = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n + Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= + 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 + || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < + 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n + Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to version 2.11.2 + or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: + Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 + or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions + 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version + 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution Different + Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/288]\n*Defect Dojo + link:* http://localhost:8080/finding/288 (288)\n*Severity:* Medium\n *Due Date:* + Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require(''pg'')\nconst client = new Client()\nclient.connect()\n\nconst + sql = `SELECT 1 AS \"\\\\''/*\", 2 AS \"\\\\''*/\\n + console.log(process.env)] + = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n + Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= + 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 + || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < + 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n + Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to version 2.11.2 + or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: + Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 + or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions + 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version + 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '7045' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19654","key":"NTEST-2982","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19654"}' + headers: + Atl-Request-Id: + - 19fcf30c-8c8e-4a4b-8c87-18db82383a35 + Atl-Traceid: + - 19fcf30c8c8e4a4b8c8718db82383a35 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:34 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=793,atl-edge;dur=786,atl-edge-internal;dur=17,atl-edge-upstream;dur=769,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="4fbFjoz-BpLggOOFxPmo3RQzB95sjy2IwbB1r0Jqs57360BJbqN8Kg==",cdn-downstream-fbl;dur=797 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 4fbFjoz-BpLggOOFxPmo3RQzB95sjy2IwbB1r0Jqs57360BJbqN8Kg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - ad0d76f8d411785ebf399a5c5017af8b + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2982 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19654","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19654","key":"NTEST-2982","fields":{"statuscategorychangedate":"2025-05-24T12:32:34.816+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2982/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:34.472+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010dr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:34.573+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/929] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/102]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/286]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/288]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution Different Title - (Pg, < 2.11.2 >= + 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 + < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < + 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/286]\n*Defect + Dojo link:* http://localhost:8080/finding/286 (286)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/288]\n*Defect + Dojo link:* http://localhost:8080/finding/288 (288)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2982/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19654/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 1d1ffedb-a89a-432a-a619-174401a529e6 + Atl-Traceid: + - 1d1ffedba89a432aa619174401a529e6 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:35 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=267,atl-edge;dur=260,atl-edge-internal;dur=16,atl-edge-upstream;dur=244,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="1LtFGe-RP-QtbuDH6GLUJJxd9fbGE61LM6rwJeFfOyMY3zSAyXT3hw==",cdn-downstream-fbl;dur=271 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 1LtFGe-RP-QtbuDH6GLUJJxd9fbGE61LM6rwJeFfOyMY3zSAyXT3hw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 81d7194715c53dc5273765312789df37 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19654 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19654","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19654","key":"NTEST-2982","fields":{"statuscategorychangedate":"2025-05-24T12:32:34.816+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2982/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:34.472+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010dr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:34.573+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/929] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/102]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/286]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= + 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 + < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < + 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/288]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution Different Title - (Pg, < 2.11.2 >= + 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 + < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < + 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/286]\n*Defect + Dojo link:* http://localhost:8080/finding/286 (286)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + Different Title - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/288]\n*Defect + Dojo link:* http://localhost:8080/finding/288 (288)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2982/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19654/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 9a847db0-6035-487d-ba3f-fca248bf4b49 + Atl-Traceid: + - 9a847db06035487dba3ffca248bf4b49 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:35 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=244,atl-edge;dur=237,atl-edge-internal;dur=15,atl-edge-upstream;dur=222,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="LYXEo6vjWQz-7wPoulGx88oFdRmOuDH9iYJcTa51bKKuLxt8__9OKg==",cdn-downstream-fbl;dur=248 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - LYXEo6vjWQz-7wPoulGx88oFdRmOuDH9iYJcTa51bKKuLxt8__9OKg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 723e960dcb255bd3f32b4eb47d19aaaf + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:35.835+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 1ed3518d-c825-4d4c-b14f-75d8692a9846 + Atl-Traceid: + - 1ed3518dc8254d4cb14f75d8692a9846 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:35 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=110,atl-edge;dur=102,atl-edge-internal;dur=14,atl-edge-upstream;dur=89,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="0L6knUumUHbGr-PNafD8A5SKClDn83lKMHrauvH9sNH6OVXbnCL_ug==",cdn-downstream-fbl;dur=114 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 0L6knUumUHbGr-PNafD8A5SKClDn83lKMHrauvH9sNH6OVXbnCL_ug== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - e58698adb865e7a8baff3cf80a1e86b4 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - ce19e63e-85b7-4577-84ff-cc1677c2fea9 + Atl-Traceid: + - ce19e63e85b7457784ffcc1677c2fea9 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:36 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=260,atl-edge;dur=253,atl-edge-internal;dur=15,atl-edge-upstream;dur=238,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="mPTdugIWicP33WJoLdn-z4zq5zxic5dC89AGu_gl1ufeOPAQ7oesoQ==",cdn-downstream-fbl;dur=264 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - mPTdugIWicP33WJoLdn-z4zq5zxic5dC89AGu_gl1ufeOPAQ7oesoQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 8e6a97c1363e7ed755007057afd4fdc3 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group + of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/930] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/102]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service Different Title - (Fresh, < 0.5.2)|http://localhost:8080/finding/287]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service Different Title - (Fresh, + < 0.5.2)|http://localhost:8080/finding/287]\n*Defect Dojo link:* http://localhost:8080/finding/287 + (287)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service when + parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '2171' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19655","key":"NTEST-2983","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19655"}' + headers: + Atl-Request-Id: + - ddf8266e-b002-44c0-8eff-cb645eaa4fb5 + Atl-Traceid: + - ddf8266eb00244c08effcb645eaa4fb5 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:36 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=647,atl-edge;dur=638,atl-edge-internal;dur=18,atl-edge-upstream;dur=620,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="xRb6Yj81Fq6WdJBWvgRKAk2bSInHR13ItLTo8fSNILSS00jXZqF70Q==",cdn-downstream-fbl;dur=651 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - xRb6Yj81Fq6WdJBWvgRKAk2bSInHR13ItLTo8fSNILSS00jXZqF70Q== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - f053b4ad6be3a9951e2655050af8baa2 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2983 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19655","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19655","key":"NTEST-2983","fields":{"statuscategorychangedate":"2025-05-24T12:32:36.878+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2983/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:36.589+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010dz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:36.664+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/930] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/102]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service Different Title - (Fresh, < 0.5.2)|http://localhost:8080/finding/287]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service Different Title - (Fresh, + < 0.5.2)|http://localhost:8080/finding/287]\n*Defect Dojo link:* http://localhost:8080/finding/287 + (287)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service + when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2983/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19655/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 0f7bafad-343b-49a3-9d06-723de77c52b2 + Atl-Traceid: + - 0f7bafad343b49a39d06723de77c52b2 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:37 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=246,atl-edge;dur=239,atl-edge-internal;dur=17,atl-edge-upstream;dur=222,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="HRp6WfcBYW_Ep0sVK_HyO2-UN6yO79JLLvMMGxfnCDmPuVfGySFvVg==",cdn-downstream-fbl;dur=250 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - HRp6WfcBYW_Ep0sVK_HyO2-UN6yO79JLLvMMGxfnCDmPuVfGySFvVg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - c798bd82368ea10ccf9bdc1128865b87 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19655 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19655","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19655","key":"NTEST-2983","fields":{"statuscategorychangedate":"2025-05-24T12:32:36.878+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2983/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:36.589+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010dz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:36.664+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/930] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/102]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service Different Title - (Fresh, < 0.5.2)|http://localhost:8080/finding/287]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service Different Title - (Fresh, + < 0.5.2)|http://localhost:8080/finding/287]\n*Defect Dojo link:* http://localhost:8080/finding/287 + (287)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service + when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2983/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19655/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - bba63c31-c347-430f-8d50-52960ba34ebe + Atl-Traceid: + - bba63c31c347430f8d5052960ba34ebe + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:32:37 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=310,atl-edge;dur=302,atl-edge-internal;dur=16,atl-edge-upstream;dur=286,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="YqIZw0-xZhCzyNEu9LG3NLDGE3NtGQ3UcnHzYgMAb7uSyMlKlyUEhQ==",cdn-downstream-fbl;dur=313 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - YqIZw0-xZhCzyNEu9LG3NLDGE3NtGQ3UcnHzYgMAb7uSyMlKlyUEhQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 9d7a9a1922e5700d8557150e460c4937 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"description": "Event test_added has occurred.", "title": "Test created + for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, + "url_ui": "http://localhost:8080/test/102", "url_api": "http://localhost:8080/api/v2/tests/102/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 102, "url_ui": "http://localhost:8080/test/102", "url_api": "http://localhost:8080/api/v2/tests/102/"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '849' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - test_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"849\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:37044\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for + Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/102\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/102/\\\", \\\"product_type\\\": {\\\"name\\\": + \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 102, \\\"url_ui\\\": \\\"http://localhost:8080/test/102\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/102/\\\"}}\",\n \"files\": + {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added + has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": + \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 102,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/102/\",\n + \ \"url_ui\": \"http://localhost:8080/test/102\"\n },\n \"title\": + \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/tests/102/\",\n \"url_ui\": + \"http://localhost:8080/test/102\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:32:36 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": + null, "url_ui": "http://localhost:8080/test/102", "url_api": "http://localhost:8080/api/v2/tests/102/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 102, "url_ui": "http://localhost:8080/test/102", "url_api": "http://localhost:8080/api/v2/tests/102/"}, + "finding_count": 5, "findings": {"new": [{"id": 285, "title": "2222Regular Expression + Denial of Service Different Title - (Negotiator, <= 0.6.0)", "severity": "High", + "url_ui": "http://localhost:8080/finding/285", "url_api": "http://localhost:8080/api/v2/findings/285/"}, + {"id": 286, "title": "Remote Code Execution Different Title - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 + || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 + || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/286", + "url_api": "http://localhost:8080/api/v2/findings/286/"}, {"id": 284, "title": + "Regular Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/284", "url_api": + "http://localhost:8080/api/v2/findings/284/"}, {"id": 287, "title": "Regular + Expression Denial of Service Different Title - (Fresh, < 0.5.2)", "severity": + "Medium", "url_ui": "http://localhost:8080/finding/287", "url_api": "http://localhost:8080/api/v2/findings/287/"}, + {"id": 288, "title": "2222Remote Code Execution Different Title - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 + || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 + || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "Medium", "url_ui": "http://localhost:8080/finding/288", + "url_api": "http://localhost:8080/api/v2/findings/288/"}], "reactivated": [], + "mitigated": [], "untouched": []}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '2458' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - scan_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"2458\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:37054\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/102\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/102/\\\", \\\"product_type\\\": + {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 102, \\\"url_ui\\\": \\\"http://localhost:8080/test/102\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/102/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 285, \\\"title\\\": \\\"2222Regular + Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)\\\", + \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/285\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/285/\\\"}, {\\\"id\\\": + 286, \\\"title\\\": \\\"Remote Code Execution Different Title - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/286\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/286/\\\"}, {\\\"id\\\": 284, \\\"title\\\": + \\\"Regular Expression Denial of Service Different Title - (Negotiator, <= + 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/284\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/284/\\\"}, {\\\"id\\\": + 287, \\\"title\\\": \\\"Regular Expression Denial of Service Different Title + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/287\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/287/\\\"}, + {\\\"id\\\": 288, \\\"title\\\": \\\"2222Remote Code Execution Different Title + - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 + || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < + 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": + \\\"Medium\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/288\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/288/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": + 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n + \ \"id\": 285,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service Different Title - (Negotiator, + <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/285/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/285\"\n },\n + \ {\n \"id\": 286,\n \"severity\": \"High\",\n \"title\": + \"Remote Code Execution Different Title - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 + || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < + 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 + < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/286/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/286\"\n },\n + \ {\n \"id\": 284,\n \"severity\": \"Medium\",\n \"title\": + \"Regular Expression Denial of Service Different Title - (Negotiator, <= 0.6.0)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/284/\",\n \"url_ui\": + \"http://localhost:8080/finding/284\"\n },\n {\n \"id\": + 287,\n \"severity\": \"Medium\",\n \"title\": \"Regular + Expression Denial of Service Different Title - (Fresh, < 0.5.2)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/287/\",\n \"url_ui\": \"http://localhost:8080/finding/287\"\n + \ },\n {\n \"id\": 288,\n \"severity\": \"Medium\",\n + \ \"title\": \"2222Remote Code Execution Different Title - (Pg, < + 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= + 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 + || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/288/\",\n \"url_ui\": \"http://localhost:8080/finding/288\"\n + \ }\n ],\n \"reactivated\": [],\n \"untouched\": []\n + \ },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": + \"http://localhost:8080/product/2\"\n },\n \"product_type\": {\n \"id\": + 2,\n \"name\": \"ebooks\",\n \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n + \ \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": + {\n \"id\": 102,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/102/\",\n + \ \"url_ui\": \"http://localhost:8080/test/102\"\n },\n \"title\": + \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/102/\",\n + \ \"url_ui\": \"http://localhost:8080/test/102\",\n \"user\": null\n + \ }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:32:36 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +version: 1 diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_add_comments_then_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_add_comments_then_push_to_jira.yaml index 69257c62caa..76ac16d77dc 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_add_comments_then_push_to_jira.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_add_comments_then_push_to_jira.yaml @@ -2,14 +2,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/96", "url_api": "http://localhost:8080/api/v2/tests/96/", + "http://localhost:8080/test/103", "url_api": "http://localhost:8080/api/v2/tests/103/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 96, "url_ui": "http://localhost:8080/test/96", "url_api": "http://localhost:8080/api/v2/tests/96/"}}' + 103, "url_ui": "http://localhost:8080/test/103", "url_api": "http://localhost:8080/api/v2/tests/103/"}}' headers: Accept: - application/json @@ -20,11 +20,11 @@ interactions: Connection: - keep-alive Content-Length: - - '838' + - '843' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -36,15 +36,15 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"838\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:53970\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:37068\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/96\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/96/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/103\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/103/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -52,8 +52,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 96, \\\"url_ui\\\": \\\"http://localhost:8080/test/96\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/96/\\\"}}\",\n \"files\": + null, \\\"id\\\": 103, \\\"url_ui\\\": \\\"http://localhost:8080/test/103\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/103/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -63,11 +63,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 96,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/96/\",\n - \ \"url_ui\": \"http://localhost:8080/test/96\"\n },\n \"title\": + 103,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/103/\",\n + \ \"url_ui\": \"http://localhost:8080/test/103\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/96/\",\n \"url_ui\": - \"http://localhost:8080/test/96\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/103/\",\n \"url_ui\": + \"http://localhost:8080/test/103\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -76,7 +76,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:25:00 GMT + - Sat, 24 May 2025 10:32:36 GMT Transfer-Encoding: - chunked status: @@ -85,19 +85,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/96", "url_api": "http://localhost:8080/api/v2/tests/96/", + "url_ui": "http://localhost:8080/test/103", "url_api": "http://localhost:8080/api/v2/tests/103/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 96, "url_ui": "http://localhost:8080/test/96", "url_api": "http://localhost:8080/api/v2/tests/96/"}, - "finding_count": 2, "findings": {"new": [{"id": 254, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/254", - "url_api": "http://localhost:8080/api/v2/findings/254/"}, {"id": 255, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/255", - "url_api": "http://localhost:8080/api/v2/findings/255/"}], "reactivated": [], + 103, "url_ui": "http://localhost:8080/test/103", "url_api": "http://localhost:8080/api/v2/tests/103/"}, + "finding_count": 2, "findings": {"new": [{"id": 289, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/289", + "url_api": "http://localhost:8080/api/v2/findings/289/"}, {"id": 290, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/290", + "url_api": "http://localhost:8080/api/v2/findings/290/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -109,11 +109,11 @@ interactions: Connection: - keep-alive Content-Length: - - '1310' + - '1315' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -125,53 +125,54 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"1310\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:53978\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:37076\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/96\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/96/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/103\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/103/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 96, \\\"url_ui\\\": \\\"http://localhost:8080/test/96\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/96/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 254, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 103, \\\"url_ui\\\": \\\"http://localhost:8080/test/103\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/103/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 289, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/254\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/254/\\\"}, - {\\\"id\\\": 255, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/255\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/255/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/289\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/289/\\\"}, + {\\\"id\\\": 290, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/290\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/290/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 254,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/254/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/254\"\n },\n - \ {\n \"id\": 255,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/255/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/255\"\n }\n ],\n + \ \"id\": 289,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/289/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/289\"\n },\n + \ {\n \"id\": 290,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/290/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/290\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 96,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/96/\",\n - \ \"url_ui\": \"http://localhost:8080/test/96\"\n },\n \"title\": + 103,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/103/\",\n + \ \"url_ui\": \"http://localhost:8080/test/103\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/96/\",\n - \ \"url_ui\": \"http://localhost:8080/test/96\",\n \"user\": null\n }\n}\n" + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/103/\",\n + \ \"url_ui\": \"http://localhost:8080/test/103\",\n \"user\": null\n + \ }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -180,7 +181,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:25:00 GMT + - Sat, 24 May 2025 10:32:36 GMT Transfer-Encoding: - chunked status: @@ -205,12 +206,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:00.833+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:38.270+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 2c3a869a-f689-4701-b2fa-2b31fc3c2e71 + - 204fa7b2-8fc8-4278-9b2e-0c04f9a69180 Atl-Traceid: - - 2c3a869af6894701b2fa2b31fc3c2e71 + - 204fa7b28fc842789b2e0c04f9a69180 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -220,7 +221,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:00 GMT + - Sat, 24 May 2025 10:32:38 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -230,7 +231,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="6bYRlkIqY3toKoYHe0V9CN5bToJG0b4EkrDt6LB0wwO8Y-J85KPE-w==",cdn-downstream-fbl;dur=293,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=97,cdn-upstream-fbl;dur=291,atl-edge;dur=161,atl-edge-internal;dur=14,atl-edge-upstream;dur=147,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="J9mCLjQCkc6tQQTOj5itmGnrTviWvFVhHfwQ2_QWCwE_xUebjgfNjQ==",cdn-downstream-fbl;dur=135,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=133,atl-edge;dur=103,atl-edge-internal;dur=17,atl-edge-upstream;dur=86,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -240,15 +241,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 995d6494814d695ff2add6899f970080.cloudfront.net (CloudFront) + - 1.1 9835af751c15612a813bbc131d2ce1e6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 6bYRlkIqY3toKoYHe0V9CN5bToJG0b4EkrDt6LB0wwO8Y-J85KPE-w== + - J9mCLjQCkc6tQQTOj5itmGnrTviWvFVhHfwQ2_QWCwE_xUebjgfNjQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - aa03a8cc42d7129b28bd62933f7c1b87 + - 753a4889425bbfdb33223550201ec103 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -286,9 +287,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 0d4a36a5-de0a-4a30-8952-5da9a948f4c0 + - c4b398b3-89da-424d-a7dc-e560a9ff0de6 Atl-Traceid: - - 0d4a36a5de0a4a3089525da9a948f4c0 + - c4b398b389da424da7dce560a9ff0de6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -298,7 +299,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:01 GMT + - Sat, 24 May 2025 10:32:38 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -308,7 +309,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=312,atl-edge;dur=280,atl-edge-internal;dur=15,atl-edge-upstream;dur=265,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="N9Pl1mC9kfQwefwCzj1zpT3S43xF5jPq7JVCmpsIt2jZlrAHsFAPuQ==",cdn-downstream-fbl;dur=317 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=295,atl-edge;dur=287,atl-edge-internal;dur=15,atl-edge-upstream;dur=272,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="IolOr16KM_5MnUtTLhSXnaRoRWuX3MAr4BQOetDSY-1l6pv6XqdsGA==",cdn-downstream-fbl;dur=298 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -318,18 +319,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 7d27498ef63e76e5a81975299a76fae4.cloudfront.net (CloudFront) + - 1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - N9Pl1mC9kfQwefwCzj1zpT3S43xF5jPq7JVCmpsIt2jZlrAHsFAPuQ== + - IolOr16KM_5MnUtTLhSXnaRoRWuX3MAr4BQOetDSY-1l6pv6XqdsGA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - fca7cfa1ee1d43a398ec367d1f20d0e1 + - 160ccbe3f68504456c1e6ee5d3ec7732 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -342,11 +343,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/254]\n\n*Defect - Dojo link:* http://localhost:8080/finding/254 (254)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/289]\n\n*Defect + Dojo link:* http://localhost:8080/finding/289 (289)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/96]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -364,7 +365,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1322' + - '1324' Content-Type: - application/json User-Agent: @@ -373,12 +374,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18189","key":"NTEST-1847","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18189"}' + string: '{"id":"19656","key":"NTEST-2984","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19656"}' headers: Atl-Request-Id: - - 2073face-9730-40e1-b4cb-c8b1527d674e + - a92648ea-5b65-48c0-9e75-cb90c31d7b56 Atl-Traceid: - - 2073face973040e1b4cbc8b1527d674e + - a92648ea5b6548c09e75cb90c31d7b56 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -386,7 +387,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:02 GMT + - Sat, 24 May 2025 10:32:39 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -396,7 +397,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=754,atl-edge;dur=722,atl-edge-internal;dur=15,atl-edge-upstream;dur=707,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="VV0-lOJmAm4Nq-T0XAzlkl7dOnr5fjGgWir4rAj-G_7auqw730kr-w==",cdn-downstream-fbl;dur=758 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=883,atl-edge;dur=875,atl-edge-internal;dur=16,atl-edge-upstream;dur=860,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="QO-KvVj4Zr3GiHInoDZjqyBUawuNLZY3DKACOe0cuxWoXyIGLkmDrA==",cdn-downstream-fbl;dur=887 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -406,15 +407,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c7697b9c4955dc41900ab918dddd33e0.cloudfront.net (CloudFront) + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - VV0-lOJmAm4Nq-T0XAzlkl7dOnr5fjGgWir4rAj-G_7auqw730kr-w== + - QO-KvVj4Zr3GiHInoDZjqyBUawuNLZY3DKACOe0cuxWoXyIGLkmDrA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - e42a7f498549b441887f9ec885dea37c + - 6de9c027cba1bebeae71ea2fec553b41 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -440,19 +441,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1847 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2984 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18189","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18189","key":"NTEST-1847","fields":{"statuscategorychangedate":"2025-04-30T18:25:02.089+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19656","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19656","key":"NTEST-2984","fields":{"statuscategorychangedate":"2025-05-24T12:32:39.503+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1847/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:01.748+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t0v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:01.830+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2984/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:39.051+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010e7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:39.138+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/254]\n\n*Defect - Dojo link:* http://localhost:8080/finding/254 (254)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/289]\n\n*Defect + Dojo link:* http://localhost:8080/finding/289 (289)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/96]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -460,14 +461,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1847/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18189/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2984/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19656/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 07963d39-5ad7-495e-8475-f80beb9f9047 + - e508651b-7ef1-44f3-8b7d-549b5b3c8ea7 Atl-Traceid: - - 07963d395ad7495e8475f80beb9f9047 + - e508651b7ef144f38b7d549b5b3c8ea7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -477,7 +478,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:02 GMT + - Sat, 24 May 2025 10:32:39 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -487,7 +488,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="4Fs3W8pq5VzYLZUgCo1z2iuc3kreStNdCLFrSH_wyP-aiM7tGlC6Yw==",cdn-downstream-fbl;dur=363,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=360,atl-edge;dur=277,atl-edge-internal;dur=24,atl-edge-upstream;dur=253,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=211,atl-edge;dur=203,atl-edge-internal;dur=17,atl-edge-upstream;dur=186,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="p2xqHIRX16dLYiZ6A4czGLAHKYtH8CJJ13-Vu342ByndywO_l-xIvA==",cdn-downstream-fbl;dur=216 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -497,15 +498,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c973663b623c0e82cd366d5ae7837bf4.cloudfront.net (CloudFront) + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 4Fs3W8pq5VzYLZUgCo1z2iuc3kreStNdCLFrSH_wyP-aiM7tGlC6Yw== + - p2xqHIRX16dLYiZ6A4czGLAHKYtH8CJJ13-Vu342ByndywO_l-xIvA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 2ce0a36067c429ad081a3df9bdafd421 + - 3bc853e14f53f2feac3de26a599cc3c1 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -531,19 +532,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18189 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19656 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18189","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18189","key":"NTEST-1847","fields":{"statuscategorychangedate":"2025-04-30T18:25:02.089+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19656","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19656","key":"NTEST-2984","fields":{"statuscategorychangedate":"2025-05-24T12:32:39.503+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1847/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:01.748+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t0v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:01.830+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2984/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:39.051+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010e7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:39.138+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/254]\n\n*Defect - Dojo link:* http://localhost:8080/finding/254 (254)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/289]\n\n*Defect + Dojo link:* http://localhost:8080/finding/289 (289)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/96]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -551,14 +552,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1847/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18189/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2984/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19656/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 011afd23-eded-4c61-b288-88f58217f082 + - d8bfc309-841a-47bc-9b31-2e7369f45bfc Atl-Traceid: - - 011afd23eded4c61b28888f58217f082 + - d8bfc309841a47bc9b312e7369f45bfc Cache-Control: - no-cache, no-store, no-transform Connection: @@ -568,7 +569,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:03 GMT + - Sat, 24 May 2025 10:32:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -578,7 +579,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="pQTd1Kt0mY4_sRZ0ZcHUXekq5bMk50pqWwTX9kJWd4REb5ZCKFK6Rg==",cdn-downstream-fbl;dur=316,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=314,atl-edge;dur=230,atl-edge-internal;dur=17,atl-edge-upstream;dur=213,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=245,atl-edge;dur=236,atl-edge-internal;dur=17,atl-edge-upstream;dur=220,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="-ejhj1Q9M1wYo1RsAyJdkPKoIlmkQQSnyYUsolcje3tKgflDhVkyFQ==",cdn-downstream-fbl;dur=249 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -588,15 +589,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 64d5385c423c2207e3680beec4636de8.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - pQTd1Kt0mY4_sRZ0ZcHUXekq5bMk50pqWwTX9kJWd4REb5ZCKFK6Rg== + - -ejhj1Q9M1wYo1RsAyJdkPKoIlmkQQSnyYUsolcje3tKgflDhVkyFQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - b634b497aa536d0df10c65feb24a8008 + - eed463cfc5f0fb2afe9dae4977d9dfbc X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -625,12 +626,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:03.435+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:40.422+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 098695c6-f543-4439-a696-e4151bd25e4e + - 51602401-be17-45fd-9128-e9b108752901 Atl-Traceid: - - 098695c6f5434439a696e4151bd25e4e + - 51602401be1745fd9128e9b108752901 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -640,7 +641,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:03 GMT + - Sat, 24 May 2025 10:32:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -650,7 +651,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=209,atl-edge;dur=176,atl-edge-internal;dur=17,atl-edge-upstream;dur=160,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="Fs9dnyDoqfEFiLgDnCO3LHDX0hRR0TK7kEtidJ9MEpjmp2o-iKfEhQ==",cdn-downstream-fbl;dur=212 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=117,atl-edge;dur=107,atl-edge-internal;dur=18,atl-edge-upstream;dur=89,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="YOB_Y9q9J2mPL2Lw87le0-280Fyp195yKtZjLSXtvL2eNDBauYigiQ==",cdn-downstream-fbl;dur=121 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -660,15 +661,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1918cab433d8a05c792c3cff85897f3c.cloudfront.net (CloudFront) + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Fs9dnyDoqfEFiLgDnCO3LHDX0hRR0TK7kEtidJ9MEpjmp2o-iKfEhQ== + - YOB_Y9q9J2mPL2Lw87le0-280Fyp195yKtZjLSXtvL2eNDBauYigiQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - b2669fdf7c8b41ed292ef6c4ae9d4d79 + - 71e2680d7d93e2fb196a4067062c46ae X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -696,18 +697,18 @@ interactions: User-Agent: - python-requests/2.32.3 method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18189/comment + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19656/comment response: body: - string: '{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18189/comment/11330","id":"11330","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"((admin)): - testing note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2025-04-30T18:25:03.875+0200","updated":"2025-04-30T18:25:03.875+0200","jsdPublic":true}' + string: '{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19656/comment/11532","id":"11532","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"((admin)): + testing note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2025-05-24T12:32:40.743+0200","updated":"2025-05-24T12:32:40.743+0200","jsdPublic":true}' headers: Atl-Request-Id: - - 71822a85-c906-4c17-8700-6b98bfffedf6 + - db19b366-381d-467c-aa2d-7722cb8c99a0 Atl-Traceid: - - 71822a85c9064c1787006b98bfffedf6 + - db19b366381d467caa2d7722cb8c99a0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -715,9 +716,9 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:04 GMT + - Sat, 24 May 2025 10:32:40 GMT Location: - - https://defectdojo.atlassian.net/rest/api/2/issue/18189/comment/11330 + - https://defectdojo.atlassian.net/rest/api/2/issue/19656/comment/11532 Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -727,7 +728,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="9JABk4IPc5etkRqU18HBUEzwr1Gx05lW_eAPU0LTSit0Qi-ULkrfZg==",cdn-downstream-fbl;dur=540,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=96,cdn-upstream-fbl;dur=538,atl-edge;dur=409,atl-edge-internal;dur=17,atl-edge-upstream;dur=392,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=429,atl-edge;dur=421,atl-edge-internal;dur=17,atl-edge-upstream;dur=405,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="rLso4gFisYiisAjCZvOwrO1G2_QQwfyOWbb61sVrUHC6oMvu43eSXQ==",cdn-downstream-fbl;dur=433 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -737,15 +738,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 9JABk4IPc5etkRqU18HBUEzwr1Gx05lW_eAPU0LTSit0Qi-ULkrfZg== + - rLso4gFisYiisAjCZvOwrO1G2_QQwfyOWbb61sVrUHC6oMvu43eSXQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 01ef8adccc2e1bce4d68ecc461c179dd + - be21b61db32e95e1845cce59297b3fcd X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -774,12 +775,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:04.339+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:41.144+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - b137bde6-e1e8-4b0b-853d-77a0c0ade435 + - 6260693b-bb62-4430-bcbf-db35de50a1ca Atl-Traceid: - - b137bde6e1e84b0b853d77a0c0ade435 + - 6260693bbb624430bcbfdb35de50a1ca Cache-Control: - no-cache, no-store, no-transform Connection: @@ -789,7 +790,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:04 GMT + - Sat, 24 May 2025 10:32:41 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -799,7 +800,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=189,atl-edge;dur=157,atl-edge-internal;dur=14,atl-edge-upstream;dur=144,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="kpaK978aK5fgk3i738rcXTtfeX1W_sqOiIgNYDs2sB8nz9CiVRU7nw==",cdn-downstream-fbl;dur=194 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=109,atl-edge;dur=101,atl-edge-internal;dur=13,atl-edge-upstream;dur=88,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="uu6zgu03rjP4d1tr5IJ24la-z0BaHWJYd6Vhn0H2MMnaM5Lc8aydXQ==",cdn-downstream-fbl;dur=113 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -809,15 +810,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 d45e064f8c3e1035d136019303749e0e.cloudfront.net (CloudFront) + - 1.1 4ab1227a56c7dfaf7a8f7750683df1be.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - kpaK978aK5fgk3i738rcXTtfeX1W_sqOiIgNYDs2sB8nz9CiVRU7nw== + - uu6zgu03rjP4d1tr5IJ24la-z0BaHWJYd6Vhn0H2MMnaM5Lc8aydXQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c7a7c4ab94b6d400ceb88a05e7befa06 + - 368f63fda694109a12cfc6345b1a9559 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -846,18 +847,18 @@ interactions: User-Agent: - python-requests/2.32.3 method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18189/comment + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19656/comment response: body: - string: '{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18189/comment/11331","id":"11331","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"((admin)): - testing second note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2025-04-30T18:25:04.747+0200","updated":"2025-04-30T18:25:04.747+0200","jsdPublic":true}' + string: '{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19656/comment/11533","id":"11533","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"((admin)): + testing second note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2025-05-24T12:32:41.395+0200","updated":"2025-05-24T12:32:41.395+0200","jsdPublic":true}' headers: Atl-Request-Id: - - 0ec19603-c8f7-4416-ac90-47154bf05f91 + - 68443b52-955a-49ca-b6e8-797cc301647f Atl-Traceid: - - 0ec19603c8f74416ac9047154bf05f91 + - 68443b52955a49cab6e8797cc301647f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -865,9 +866,9 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:04 GMT + - Sat, 24 May 2025 10:32:41 GMT Location: - - https://defectdojo.atlassian.net/rest/api/2/issue/18189/comment/11331 + - https://defectdojo.atlassian.net/rest/api/2/issue/19656/comment/11533 Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -877,7 +878,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="VMHdJSR9jGl2axGOXHz5m_VO9yGNlUigvW-l_5Dkl0hCrWhdkNUS6Q==",cdn-downstream-fbl;dur=452,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=449,atl-edge;dur=365,atl-edge-internal;dur=15,atl-edge-upstream;dur=350,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=360,atl-edge;dur=332,atl-edge-internal;dur=16,atl-edge-upstream;dur=316,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="tbNu06GnP5p95OERzuikQmELtCSiq1o5dC68Hz86x69Y7YvRbTVJ9Q==",cdn-downstream-fbl;dur=364 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -887,15 +888,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b6805b08a4af317938604723e3f3424a.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - VMHdJSR9jGl2axGOXHz5m_VO9yGNlUigvW-l_5Dkl0hCrWhdkNUS6Q== + - tbNu06GnP5p95OERzuikQmELtCSiq1o5dC68Hz86x69Y7YvRbTVJ9Q== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 9be3f2c428c329b0c16655977128b123 + - 65df324113dc6121e1bc84c1219b5448 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -924,12 +925,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:05.308+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:41.819+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 2933ea28-8b53-4191-ac69-e6f2e15e0c46 + - 561503cc-9d21-40fe-a098-22fb4af2e1dd Atl-Traceid: - - 2933ea288b534191ac69e6f2e15e0c46 + - 561503cc9d2140fea09822fb4af2e1dd Cache-Control: - no-cache, no-store, no-transform Connection: @@ -939,7 +940,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:05 GMT + - Sat, 24 May 2025 10:32:41 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -949,7 +950,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=202,atl-edge;dur=168,atl-edge-internal;dur=14,atl-edge-upstream;dur=154,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="T2tC1imiNzjCVAdyv6C-Qr8hQY5Qu4jLk9QyPT8Jvb-T8luM2NXUtA==",cdn-downstream-fbl;dur=205 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=127,atl-edge;dur=113,atl-edge-internal;dur=24,atl-edge-upstream;dur=95,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="6hj_nUOg9Vq9L7CGkQ53AFVgms_XUbZM3qBhdna_rAgpqkBOK3yOtQ==",cdn-downstream-fbl;dur=130 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -959,15 +960,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2918cacbb3dda2d143059f9b5f341e32.cloudfront.net (CloudFront) + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - T2tC1imiNzjCVAdyv6C-Qr8hQY5Qu4jLk9QyPT8Jvb-T8luM2NXUtA== + - 6hj_nUOg9Vq9L7CGkQ53AFVgms_XUbZM3qBhdna_rAgpqkBOK3yOtQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 8405d96edb0462b6df87a4c3b90663db + - bb725b7b2e9c650b9b00a0e12b9bbc94 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -993,19 +994,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18189 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19656 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18189","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18189","key":"NTEST-1847","fields":{"statuscategorychangedate":"2025-04-30T18:25:02.089+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19656","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19656","key":"NTEST-2984","fields":{"statuscategorychangedate":"2025-05-24T12:32:39.503+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1847/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:01.748+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t0v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:04.747+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2984/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:39.051+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010e7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:41.395+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/254]\n\n*Defect - Dojo link:* http://localhost:8080/finding/254 (254)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/289]\n\n*Defect + Dojo link:* http://localhost:8080/finding/289 (289)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/96]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1013,20 +1014,20 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1847/votes","votes":0,"hasVoted":false},"comment":{"comments":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18189/comment/11330","id":"11330","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"((admin)): - testing note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2025-04-30T18:25:03.875+0200","updated":"2025-04-30T18:25:03.875+0200","jsdPublic":true},{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18189/comment/11331","id":"11331","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"((admin)): - testing second note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2025-04-30T18:25:04.747+0200","updated":"2025-04-30T18:25:04.747+0200","jsdPublic":true}],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18189/comment","maxResults":2,"total":2,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2984/votes","votes":0,"hasVoted":false},"comment":{"comments":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19656/comment/11532","id":"11532","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"((admin)): + testing note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2025-05-24T12:32:40.743+0200","updated":"2025-05-24T12:32:40.743+0200","jsdPublic":true},{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19656/comment/11533","id":"11533","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"((admin)): + testing second note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2025-05-24T12:32:41.395+0200","updated":"2025-05-24T12:32:41.395+0200","jsdPublic":true}],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19656/comment","maxResults":2,"total":2,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - f8ddbfd2-d8e3-4e30-b93b-79f722f9dd1f + - 72f1b6fb-ae18-4884-bea8-498024a1e6b9 Atl-Traceid: - - f8ddbfd2d8e34e30b93b79f722f9dd1f + - 72f1b6fbae184884bea8498024a1e6b9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1036,7 +1037,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:05 GMT + - Sat, 24 May 2025 10:32:42 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1046,7 +1047,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="ucHToMM7VB6MwVWK3Q4_eoaJQwLxH5C9OjOkgsK6Pja_BzrEyy3szA==",cdn-downstream-fbl;dur=335,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=55,cdn-upstream-fbl;dur=333,atl-edge;dur=259,atl-edge-internal;dur=18,atl-edge-upstream;dur=240,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=232,atl-edge;dur=225,atl-edge-internal;dur=16,atl-edge-upstream;dur=209,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="DcF9B8COyUqfUw1ajfbgKmuliC-rttyM4kBPoNYBMFZ3enPLZKNp9g==",cdn-downstream-fbl;dur=236 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1056,15 +1057,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 82e46a17c2e4998f87de230e61a57612.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ucHToMM7VB6MwVWK3Q4_eoaJQwLxH5C9OjOkgsK6Pja_BzrEyy3szA== + - DcF9B8COyUqfUw1ajfbgKmuliC-rttyM4kBPoNYBMFZ3enPLZKNp9g== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 04115b78f39d67c3a1c6dc4d5ddbbf67 + - 4b29493944d805a742845cfcecdd8138 X-Cache: - Miss from cloudfront X-Content-Type-Options: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_grouped_reopen_expired_sla.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_grouped_reopen_expired_sla.yaml index 7c1ac477ec6..efae9501238 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_grouped_reopen_expired_sla.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_grouped_reopen_expired_sla.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:06.285+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:42.492+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 4e770015-6bee-4551-b898-dc1335a075e0 + - 8b7ceb9b-52f5-4c96-bbb9-f0559a5c77fa Atl-Traceid: - - 4e7700156bee4551b898dc1335a075e0 + - 8b7ceb9b52f54c96bbb9f0559a5c77fa Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:06 GMT + - Sat, 24 May 2025 10:32:42 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="JLqzFwViCXKELXa6jtpZxdlt5dZEo5mPpMX8eGV0cXCWU63Hb2DMCA==",cdn-downstream-fbl;dur=261,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=59,cdn-upstream-fbl;dur=258,atl-edge;dur=180,atl-edge-internal;dur=15,atl-edge-upstream;dur=166,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=105,atl-edge;dur=98,atl-edge-internal;dur=14,atl-edge-upstream;dur=85,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="yEUTWhSqLho-68BPRIJfwZTbRm0zLLlZBtkt3ijeqoqMYIC3EjJa9Q==",cdn-downstream-fbl;dur=109 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 41e9e91568ab5e34cd26bd32ceb4035e.cloudfront.net (CloudFront) + - 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - JLqzFwViCXKELXa6jtpZxdlt5dZEo5mPpMX8eGV0cXCWU63Hb2DMCA== + - yEUTWhSqLho-68BPRIJfwZTbRm0zLLlZBtkt3ijeqoqMYIC3EjJa9Q== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - b0fe46b92f0dd60621b3506518034a19 + - 7eda89e064906b3d0ff46e27df193880 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - e5937a24-434d-4c54-8135-bded0efed76a + - 506593d4-1e35-44a1-b9f8-da716b87c088 Atl-Traceid: - - e5937a24434d4c548135bded0efed76a + - 506593d41e3544a1b9f8da716b87c088 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:06 GMT + - Sat, 24 May 2025 10:32:42 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=339,atl-edge;dur=306,atl-edge-internal;dur=17,atl-edge-upstream;dur=289,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="lv53L0U7T69YwlhcOA19GsI0fUWzzdSVKNTDtgHAcE3hN3S5eamf9g==",cdn-downstream-fbl;dur=343 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="X5_XsBmjLGvyiqNFd09egWqna-k5QAzxEIK2Uo9dZVvfgyuWLH8Q0Q==",cdn-downstream-fbl;dur=329,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=327,atl-edge;dur=295,atl-edge-internal;dur=18,atl-edge-upstream;dur=280,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a78d8f4a6ccd81221651cd6112d5330a.cloudfront.net (CloudFront) + - 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - lv53L0U7T69YwlhcOA19GsI0fUWzzdSVKNTDtgHAcE3hN3S5eamf9g== + - X5_XsBmjLGvyiqNFd09egWqna-k5QAzxEIK2Uo9dZVvfgyuWLH8Q0Q== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 58a03fe735b0843025dcaec6f99a13f4 + - 904498294f39f30b614669fa3e0bd063 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -156,19 +156,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/257]\n*Defect Dojo link:* http://localhost:8080/finding/257 - (257)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/292]\n*Defect Dojo link:* http://localhost:8080/finding/292 + (292)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -178,9 +179,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -200,7 +201,7 @@ interactions: Connection: - keep-alive Content-Length: - - '3332' + - '3511' Content-Type: - application/json User-Agent: @@ -209,12 +210,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18191","key":"NTEST-1848","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191"}' + string: '{"id":"19657","key":"NTEST-2985","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657"}' headers: Atl-Request-Id: - - 3c5d260b-9e6f-4727-b59d-4a90d9252c33 + - 171e15c8-ed6e-4de0-a2ce-72b7e91c2db8 Atl-Traceid: - - 3c5d260b9e6f4727b59d4a90d9252c33 + - 171e15c8ed6e4de0a2ce72b7e91c2db8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -222,7 +223,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:07 GMT + - Sat, 24 May 2025 10:32:43 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -232,7 +233,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="qKUER7NM5XHYDpqjuNOl8CA7aSI8CSWrweCfJqwqn2stSAgy0b8PVQ==",cdn-downstream-fbl;dur=834,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=66,cdn-upstream-fbl;dur=831,atl-edge;dur=741,atl-edge-internal;dur=17,atl-edge-upstream;dur=724,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=719,atl-edge;dur=711,atl-edge-internal;dur=16,atl-edge-upstream;dur=696,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="A1qsp1GD37LwH9_KZhnFdfvJFvOyqLdEelzrXwdhQasK3hA8rBpUjw==",cdn-downstream-fbl;dur=723 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -242,15 +243,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 41e9e91568ab5e34cd26bd32ceb4035e.cloudfront.net (CloudFront) + - 1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - qKUER7NM5XHYDpqjuNOl8CA7aSI8CSWrweCfJqwqn2stSAgy0b8PVQ== + - A1qsp1GD37LwH9_KZhnFdfvJFvOyqLdEelzrXwdhQasK3hA8rBpUjw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 47ac7e7ef5748875695e10fe2b9d3fc3 + - ec38b8c35de3ef66e2f12a39346da420 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -276,28 +277,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18191","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191","key":"NTEST-1848","fields":{"statuscategorychangedate":"2025-04-30T18:25:07.743+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19657","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657","key":"NTEST-2985","fields":{"statuscategorychangedate":"2025-05-24T12:32:43.686+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:07.393+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t13:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:07.506+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:43.318+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ef:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:43.415+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/257]\n*Defect Dojo link:* http://localhost:8080/finding/257 - (257)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/292]\n*Defect Dojo link:* http://localhost:8080/finding/292 + (292)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -307,9 +309,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -319,14 +321,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 20f151d3-9f90-461a-9e9e-bd4af4c1b041 + - 1da2924b-c462-4141-80f1-fb3d086d61a2 Atl-Traceid: - - 20f151d39f90461a9e9ebd4af4c1b041 + - 1da2924bc462414180f1fb3d086d61a2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -336,7 +338,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:08 GMT + - Sat, 24 May 2025 10:32:44 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -346,7 +348,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=355,atl-edge;dur=323,atl-edge-internal;dur=14,atl-edge-upstream;dur=309,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="0CX5eePW_bcOu3LxBDAn62ozTTg3KI3qSDPOQyyemHY_wBlH_sVtng==",cdn-downstream-fbl;dur=359 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=239,atl-edge;dur=231,atl-edge-internal;dur=17,atl-edge-upstream;dur=215,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="I3DPnTZq0u_2zT-WtnzfJ6Qu_r4jDE2l4UuKfbFJP5g9RaEoyODAtg==",cdn-downstream-fbl;dur=243 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -356,15 +358,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 0CX5eePW_bcOu3LxBDAn62ozTTg3KI3qSDPOQyyemHY_wBlH_sVtng== + - I3DPnTZq0u_2zT-WtnzfJ6Qu_r4jDE2l4UuKfbFJP5g9RaEoyODAtg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - ff2115f6a9d1980db03e88a13fdb5a06 + - ab8b81d71dd2dc35746048fd09be8bbb X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -390,28 +392,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18191 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19657 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18191","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191","key":"NTEST-1848","fields":{"statuscategorychangedate":"2025-04-30T18:25:07.743+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19657","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657","key":"NTEST-2985","fields":{"statuscategorychangedate":"2025-05-24T12:32:43.686+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:07.393+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t13:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:07.506+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:43.318+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ef:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:43.415+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/257]\n*Defect Dojo link:* http://localhost:8080/finding/257 - (257)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/292]\n*Defect Dojo link:* http://localhost:8080/finding/292 + (292)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -421,9 +424,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -433,14 +436,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - eece372d-82eb-47c4-bea7-2139547784a4 + - bfe994b1-ef64-4be9-b4d4-2478dd285397 Atl-Traceid: - - eece372d82eb47c4bea72139547784a4 + - bfe994b1ef644be9b4d42478dd285397 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -450,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:08 GMT + - Sat, 24 May 2025 10:32:44 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -460,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="bpMXImTxCT5acMd84e0CtYQXi2wTRz6O42lmNN1RzsqJKDwOFg2hJg==",cdn-downstream-fbl;dur=362,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=58,cdn-upstream-fbl;dur=359,atl-edge;dur=280,atl-edge-internal;dur=16,atl-edge-upstream;dur=265,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=211,atl-edge;dur=204,atl-edge-internal;dur=23,atl-edge-upstream;dur=181,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Vxah-6qOGj90-f1ItyhV4qGCRTpZqTPDcHhFnjH1wJbvXZC7TND7lQ==",cdn-downstream-fbl;dur=216 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -470,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 bbfdc39b99d2b072cca90c3f38450aea.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - bpMXImTxCT5acMd84e0CtYQXi2wTRz6O42lmNN1RzsqJKDwOFg2hJg== + - Vxah-6qOGj90-f1ItyhV4qGCRTpZqTPDcHhFnjH1wJbvXZC7TND7lQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - ca8f22b5e5005f4a20300d68bca5b165 + - 7bb6bc5eb7e0ceb143ca7c6e51197e56 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -507,12 +510,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:09.099+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:44.563+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 96d30bbf-00ba-4a72-8b4d-2e7cc26ce018 + - 7aa54057-fe92-45af-9d98-14851b00216d Atl-Traceid: - - 96d30bbf00ba4a728b4d2e7cc26ce018 + - 7aa54057fe9245af9d9814851b00216d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -522,7 +525,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:09 GMT + - Sat, 24 May 2025 10:32:44 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -532,7 +535,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="4X1eaXLPO0KWdY_5fRkhOW8b0X7Dka1v0fzwQx56Ml97fFRw6_d1gQ==",cdn-downstream-fbl;dur=249,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=246,atl-edge;dur=159,atl-edge-internal;dur=13,atl-edge-upstream;dur=146,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=120,atl-edge;dur=112,atl-edge-internal;dur=15,atl-edge-upstream;dur=98,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="HEkp-3LVuBmS_zc5ZUwHyco8AbHyv-Fnt0c7R4i6an6Yr1jU99aI9g==",cdn-downstream-fbl;dur=124 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -542,15 +545,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 471c951325b4c2c11c6c583a1d28e92a.cloudfront.net (CloudFront) + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 4X1eaXLPO0KWdY_5fRkhOW8b0X7Dka1v0fzwQx56Ml97fFRw6_d1gQ== + - HEkp-3LVuBmS_zc5ZUwHyco8AbHyv-Fnt0c7R4i6an6Yr1jU99aI9g== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - a18fc8a84398461ffbc9d3c22e6822cb + - ef56006a63a98b3027482c23c64edfb3 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -588,9 +591,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 76bc4e6f-bfce-4c55-a538-08034da8f661 + - f8b3c4ad-3bd2-49bc-8e5d-3ba90e259a21 Atl-Traceid: - - 76bc4e6fbfce4c55a53808034da8f661 + - f8b3c4ad3bd249bc8e5d3ba90e259a21 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -600,7 +603,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:09 GMT + - Sat, 24 May 2025 10:32:44 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -610,7 +613,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=324,atl-edge;dur=291,atl-edge-internal;dur=20,atl-edge-upstream;dur=271,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="XCS-YIzcdg-z4vuVPe6Hm74LskynSQH073XTFQ2sMQysFMFFFeuMdA==",cdn-downstream-fbl;dur=328 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=310,atl-edge;dur=302,atl-edge-internal;dur=16,atl-edge-upstream;dur=287,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="HyYbASngiqGupICliBXehphJTXP-RAZRoKyb4uIFZqManhMt-fF_7w==",cdn-downstream-fbl;dur=314 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -620,18 +623,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 aa3674a12327640af71c59263be8ffc6.cloudfront.net (CloudFront) + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - XCS-YIzcdg-z4vuVPe6Hm74LskynSQH073XTFQ2sMQysFMFFFeuMdA== + - HyYbASngiqGupICliBXehphJTXP-RAZRoKyb4uIFZqManhMt-fF_7w== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 6b969086005787be68b94222f4638c03 + - 6d267b29388ad341951c86d959b5fea0 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -645,29 +648,31 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/5] in [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| - Severity || CVE || CWE || Component || Version || Title || Status ||\n| High - | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] - | pg | 5.1.0 | [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < - 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= - 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260] - | Active, Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/932] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260]\n*Defect - Dojo link:* http://localhost:8080/finding/260 (260)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]\n*Defect + Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -690,15 +695,15 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/258]\n*Defect Dojo link:* http://localhost:8080/finding/258 - (258)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]\n*Defect Dojo link:* http://localhost:8080/finding/295 + (295)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -721,7 +726,7 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' headers: Accept: @@ -733,7 +738,7 @@ interactions: Connection: - keep-alive Content-Length: - - '6802' + - '6981' Content-Type: - application/json User-Agent: @@ -742,12 +747,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18193","key":"NTEST-1849","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193"}' + string: '{"id":"19658","key":"NTEST-2986","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658"}' headers: Atl-Request-Id: - - e4dffc46-4f11-4d6a-b146-0fb8b2ffe71e + - 21a9cb3c-5e26-4f86-a7a8-cbea22ff6a6c Atl-Traceid: - - e4dffc464f114d6ab1460fb8b2ffe71e + - 21a9cb3c5e264f86a7a8cbea22ff6a6c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -755,7 +760,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:10 GMT + - Sat, 24 May 2025 10:32:45 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -765,7 +770,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=793,atl-edge;dur=759,atl-edge-internal;dur=21,atl-edge-upstream;dur=739,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="q7LTY_BpL-9HaAc2OsedoZwLRYUEeFh5siJOk9zn7paeZ-8rtRyKqQ==",cdn-downstream-fbl;dur=798 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=732,atl-edge;dur=725,atl-edge-internal;dur=16,atl-edge-upstream;dur=709,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="qkdrGM5OdRWisxIdwVUqJTwVEdjZaFoCG08zxiznY12o_s7kgmtJuw==",cdn-downstream-fbl;dur=737 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -775,15 +780,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 cbe94ab27088fc4bb73abf8e3179b3d2.cloudfront.net (CloudFront) + - 1.1 b0062bb33b961b53be87d688f2bdd9f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - q7LTY_BpL-9HaAc2OsedoZwLRYUEeFh5siJOk9zn7paeZ-8rtRyKqQ== + - qkdrGM5OdRWisxIdwVUqJTwVEdjZaFoCG08zxiznY12o_s7kgmtJuw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - ba2194e12848f40a04ebec0be883ca52 + - 288aaee26d4dbb9714f9565334096416 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -809,39 +814,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18193","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193","key":"NTEST-1849","fields":{"statuscategorychangedate":"2025-04-30T18:25:10.376+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19658","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658","key":"NTEST-2986","fields":{"statuscategorychangedate":"2025-05-24T12:32:45.768+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:10.039+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:10.150+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:45.418+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010en:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:45.520+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/5] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/932] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260]\n*Defect - Dojo link:* http://localhost:8080/finding/260 (260)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]\n*Defect + Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -864,16 +870,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/258]\n*Defect Dojo link:* - http://localhost:8080/finding/258 (258)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]\n*Defect + Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -896,16 +902,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 30ba3c06-e0b0-43a9-9216-149fec58aaf7 + - 9816b64a-1658-4a5a-b3ed-11d4cb8ce420 Atl-Traceid: - - 30ba3c06e0b043a99216149fec58aaf7 + - 9816b64a16584a5ab3ed11d4cb8ce420 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -915,7 +921,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:11 GMT + - Sat, 24 May 2025 10:32:46 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -925,7 +931,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="JYXlXd17_pTAmaGCkZnGncfzPJYb_H7xXXLV08rBcBfF98wCKXKtiQ==",cdn-downstream-fbl;dur=366,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=358,atl-edge;dur=273,atl-edge-internal;dur=15,atl-edge-upstream;dur=259,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=246,atl-edge;dur=239,atl-edge-internal;dur=16,atl-edge-upstream;dur=223,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="2ctVPhZ70l8ZUPQq0iqdKxVYqPufcV0aWc5Dp7b6g0n31eMnUGuRyQ==",cdn-downstream-fbl;dur=249 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -935,15 +941,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 595c26368a4c8eede29e4b5da7206efc.cloudfront.net (CloudFront) + - 1.1 9835af751c15612a813bbc131d2ce1e6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - JYXlXd17_pTAmaGCkZnGncfzPJYb_H7xXXLV08rBcBfF98wCKXKtiQ== + - 2ctVPhZ70l8ZUPQq0iqdKxVYqPufcV0aWc5Dp7b6g0n31eMnUGuRyQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 231a7183c9390190e5f025edb1ce70a7 + - d24c1fbd43cdb19683de4467d7fce3fe X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -969,39 +975,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18193 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19658 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18193","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193","key":"NTEST-1849","fields":{"statuscategorychangedate":"2025-04-30T18:25:10.376+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19658","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658","key":"NTEST-2986","fields":{"statuscategorychangedate":"2025-05-24T12:32:45.768+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:10.039+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:10.150+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:45.418+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010en:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:45.520+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/5] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/932] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260]\n*Defect - Dojo link:* http://localhost:8080/finding/260 (260)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]\n*Defect + Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -1024,16 +1031,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/258]\n*Defect Dojo link:* - http://localhost:8080/finding/258 (258)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]\n*Defect + Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -1056,16 +1063,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 48b1180a-f90b-4e52-bdb0-23fa73fa1acd + - 6484acbe-c652-40ff-98c2-dd9366b41542 Atl-Traceid: - - 48b1180af90b4e52bdb023fa73fa1acd + - 6484acbec65240ff98c2dd9366b41542 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1075,7 +1082,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:11 GMT + - Sat, 24 May 2025 10:32:46 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1085,7 +1092,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=289,atl-edge;dur=256,atl-edge-internal;dur=16,atl-edge-upstream;dur=241,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="JNZi507_PLCglddjlRMVlPQBXZl1Y2JNeNF_3e-DxjPbqvE2lFQQxg==",cdn-downstream-fbl;dur=294 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=258,atl-edge;dur=251,atl-edge-internal;dur=28,atl-edge-upstream;dur=223,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="G5a_NY1Nbv8cjJWS6Dq4Uk0ladBkmRIx_sGiX2TftKaGAMn1Y1iyLA==",cdn-downstream-fbl;dur=263 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1095,15 +1102,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 800cba2437ee092ab9e4755c65d34a72.cloudfront.net (CloudFront) + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - JNZi507_PLCglddjlRMVlPQBXZl1Y2JNeNF_3e-DxjPbqvE2lFQQxg== + - G5a_NY1Nbv8cjJWS6Dq4Uk0ladBkmRIx_sGiX2TftKaGAMn1Y1iyLA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - d1985f1897e4d6e72fcf5045cd713a03 + - 0636250464db62a3f3db69f6ec76cbb3 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1132,12 +1139,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:11.745+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:46.706+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - e0a20f83-3d2f-41e2-9492-86a9dcff3fd7 + - fe0cce79-ff61-42a5-9c5e-67d9f50cf152 Atl-Traceid: - - e0a20f833d2f41e2949286a9dcff3fd7 + - fe0cce79ff6142a59c5e67d9f50cf152 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1147,7 +1154,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:11 GMT + - Sat, 24 May 2025 10:32:46 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1157,7 +1164,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=199,atl-edge;dur=166,atl-edge-internal;dur=13,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="R4oAvb4IvXFK4-SQwETf5-JQ8-FaSEMy9lb77848XB1gJIfCP2yZjg==",cdn-downstream-fbl;dur=204 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=114,atl-edge;dur=106,atl-edge-internal;dur=16,atl-edge-upstream;dur=90,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="di01vUgZ7oSspvTfn3FfzYECnQu8Cb47sRoSJaeED1zX7NXyZGxnaA==",cdn-downstream-fbl;dur=118 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1167,15 +1174,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 535c2b5354e6ba6798fd64420ee97a2c.cloudfront.net (CloudFront) + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - R4oAvb4IvXFK4-SQwETf5-JQ8-FaSEMy9lb77848XB1gJIfCP2yZjg== + - di01vUgZ7oSspvTfn3FfzYECnQu8Cb47sRoSJaeED1zX7NXyZGxnaA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - ec6cae3195ccf9fb78e7ffe9325816c0 + - 1a6c55739fe02541d0300d2e1bf3145d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1213,9 +1220,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - fa4896d6-e80f-4ba4-aadd-82961a0cd619 + - 875bb0b4-0e95-40bf-9dae-de15b94156f3 Atl-Traceid: - - fa4896d6e80f4ba4aadd82961a0cd619 + - 875bb0b40e9540bf9daede15b94156f3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1225,7 +1232,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:12 GMT + - Sat, 24 May 2025 10:32:47 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1235,7 +1242,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="2-_97sOcBeob_emLowXbGK6-WljII0z-NCUbki2qU4_hZj7IRZaL2A==",cdn-downstream-fbl;dur=368,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=365,atl-edge;dur=278,atl-edge-internal;dur=17,atl-edge-upstream;dur=260,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=266,atl-edge;dur=259,atl-edge-internal;dur=16,atl-edge-upstream;dur=243,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Q1cdkkbpNpB3W2uVVV8c0i25KLABxIMyf9AUku4B6Gtrsyrf0x0WmQ==",cdn-downstream-fbl;dur=270 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1245,18 +1252,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f4931915c262d78fa3e94b48faa4f55a.cloudfront.net (CloudFront) + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 2-_97sOcBeob_emLowXbGK6-WljII0z-NCUbki2qU4_hZj7IRZaL2A== + - Q1cdkkbpNpB3W2uVVV8c0i25KLABxIMyf9AUku4B6Gtrsyrf0x0WmQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 9d0bb0901e4eab565635f3a65e9fe15a + - 7e9f12b2dcd9c7a1f75d57339bec5ce6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1270,16 +1277,18 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/6] in [Security + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/933] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259]\n*Defect - Dojo link:* http://localhost:8080/finding/259 (259)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]\n*Defect + Dojo link:* http://localhost:8080/finding/294 (294)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service when @@ -1287,7 +1296,7 @@ interactions: Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* - [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' headers: Accept: - application/json,*/*;q=0.9 @@ -1298,7 +1307,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1943' + - '2139' Content-Type: - application/json User-Agent: @@ -1307,12 +1316,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18195","key":"NTEST-1850","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18195"}' + string: '{"id":"19659","key":"NTEST-2987","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19659"}' headers: Atl-Request-Id: - - 2fe94f64-0cbb-42bb-b846-1ac1a3fe9723 + - 6af21b20-7b77-46d8-9c78-aa8caddacaaf Atl-Traceid: - - 2fe94f640cbb42bbb8461ac1a3fe9723 + - 6af21b207b7746d89c78aa8caddacaaf Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1320,7 +1329,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:13 GMT + - Sat, 24 May 2025 10:32:47 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1330,7 +1339,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=840,atl-edge;dur=807,atl-edge-internal;dur=16,atl-edge-upstream;dur=791,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="fmku7p53dHCtaNnPh_uEMi2Ou0nbdt4ROy5kkW5694CGpyTfB1aOqQ==",cdn-downstream-fbl;dur=845 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=689,atl-edge;dur=682,atl-edge-internal;dur=15,atl-edge-upstream;dur=666,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="NXsSjZzmw7MVs4F8CKYQe_MJBjUvGYK-VgSVBGHl7Hv_-tlHxIn1Hg==",cdn-downstream-fbl;dur=692 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1340,15 +1349,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 22067fb5d7eb764108747a104222f50a.cloudfront.net (CloudFront) + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - fmku7p53dHCtaNnPh_uEMi2Ou0nbdt4ROy5kkW5694CGpyTfB1aOqQ== + - NXsSjZzmw7MVs4F8CKYQe_MJBjUvGYK-VgSVBGHl7Hv_-tlHxIn1Hg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - bb93cdc32a573e22143f18e9f296821f + - eb0660e378a56c6cc901dfddbd0a57ac X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1374,25 +1383,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1850 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2987 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18195","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18195","key":"NTEST-1850","fields":{"statuscategorychangedate":"2025-04-30T18:25:13.029+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19659","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19659","key":"NTEST-2987","fields":{"statuscategorychangedate":"2025-05-24T12:32:47.782+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1850/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:12.710+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:12.797+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2987/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:47.431+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:47.516+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/6] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/933] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259]\n*Defect - Dojo link:* http://localhost:8080/finding/259 (259)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]\n*Defect + Dojo link:* http://localhost:8080/finding/294 (294)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -1401,14 +1412,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1850/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18195/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2987/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19659/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 3912e53e-9db0-4e82-8560-8a9352466830 + - 000db031-b068-46d6-9030-49c68f8df78f Atl-Traceid: - - 3912e53e9db04e8285608a9352466830 + - 000db031b06846d6903049c68f8df78f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1418,7 +1429,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:13 GMT + - Sat, 24 May 2025 10:32:48 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1428,7 +1439,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=277,atl-edge;dur=244,atl-edge-internal;dur=16,atl-edge-upstream;dur=228,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="X941HcQUDQIry_gVVM9iLxjNRN1pvlcLSwnMLnd5VdC4uPmcR7EA0g==",cdn-downstream-fbl;dur=281 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=228,atl-edge;dur=221,atl-edge-internal;dur=19,atl-edge-upstream;dur=202,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="D6lLiCKYJmscehQEI4iwDoo-03A3JdbvvvbIuiX9sQLSXwQ0ZdbT4w==",cdn-downstream-fbl;dur=232 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1438,15 +1449,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - X941HcQUDQIry_gVVM9iLxjNRN1pvlcLSwnMLnd5VdC4uPmcR7EA0g== + - D6lLiCKYJmscehQEI4iwDoo-03A3JdbvvvbIuiX9sQLSXwQ0ZdbT4w== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 82d4c7fa4d2e0d8b944b077a1e5b6978 + - 4e7e076f4f873203461148ff4bc8091b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1472,25 +1483,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18195 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19659 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18195","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18195","key":"NTEST-1850","fields":{"statuscategorychangedate":"2025-04-30T18:25:13.029+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19659","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19659","key":"NTEST-2987","fields":{"statuscategorychangedate":"2025-05-24T12:32:47.782+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1850/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:12.710+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:12.797+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2987/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:47.431+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:47.516+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/6] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/933] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259]\n*Defect - Dojo link:* http://localhost:8080/finding/259 (259)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]\n*Defect + Dojo link:* http://localhost:8080/finding/294 (294)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -1499,14 +1512,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1850/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18195/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2987/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19659/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - bb7913f3-db37-4333-b17c-d7511e8a71a9 + - c7303887-6dc1-4ef4-b580-295d41e20775 Atl-Traceid: - - bb7913f3db374333b17cd7511e8a71a9 + - c73038876dc14ef4b580295d41e20775 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1516,7 +1529,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:14 GMT + - Sat, 24 May 2025 10:32:48 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1526,7 +1539,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=304,atl-edge;dur=272,atl-edge-internal;dur=15,atl-edge-upstream;dur=256,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="_8kh1X9bQK7UECzs4cD0lqaFtZJ4KYmyuayqta3Gpb8d-H58D6ox_w==",cdn-downstream-fbl;dur=308 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=202,atl-edge;dur=194,atl-edge-internal;dur=19,atl-edge-upstream;dur=176,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="SIeB-sbfC1fywYHdlRU1JQsFICPgzK_DJ42IrtL-H-tp5rpMWah8Zw==",cdn-downstream-fbl;dur=206 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1536,15 +1549,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 1a89beee9d72657437f5e91f57220804.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - _8kh1X9bQK7UECzs4cD0lqaFtZJ4KYmyuayqta3Gpb8d-H58D6ox_w== + - SIeB-sbfC1fywYHdlRU1JQsFICPgzK_DJ42IrtL-H-tp5rpMWah8Zw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 332b06364da28403326ee9154f40c0b0 + - 5236761d2149ff08cb6ce8e3659377f7 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1557,14 +1570,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, - "url_ui": "http://localhost:8080/test/97", "url_api": "http://localhost:8080/api/v2/tests/97/", + "url_ui": "http://localhost:8080/test/104", "url_api": "http://localhost:8080/api/v2/tests/104/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 97, "url_ui": "http://localhost:8080/test/97", "url_api": "http://localhost:8080/api/v2/tests/97/"}}' + 104, "url_ui": "http://localhost:8080/test/104", "url_api": "http://localhost:8080/api/v2/tests/104/"}}' headers: Accept: - application/json @@ -1575,11 +1588,11 @@ interactions: Connection: - keep-alive Content-Length: - - '844' + - '849' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -1591,24 +1604,24 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"844\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"849\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:37872\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:42498\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/97\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/97/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/104\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/104/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 97, \\\"url_ui\\\": \\\"http://localhost:8080/test/97\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/97/\\\"}}\",\n \"files\": + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 104, \\\"url_ui\\\": \\\"http://localhost:8080/test/104\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/104/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -1618,11 +1631,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 97,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/97/\",\n - \ \"url_ui\": \"http://localhost:8080/test/97\"\n },\n \"title\": + 104,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/104/\",\n + \ \"url_ui\": \"http://localhost:8080/test/104\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/97/\",\n \"url_ui\": - \"http://localhost:8080/test/97\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/104/\",\n \"url_ui\": + \"http://localhost:8080/test/104\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -1631,7 +1644,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:25:14 GMT + - Sat, 24 May 2025 10:32:46 GMT Transfer-Encoding: - chunked status: @@ -1640,32 +1653,33 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": - null, "url_ui": "http://localhost:8080/test/97", "url_api": "http://localhost:8080/api/v2/tests/97/", + null, "url_ui": "http://localhost:8080/test/104", "url_api": "http://localhost:8080/api/v2/tests/104/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 97, "url_ui": "http://localhost:8080/test/97", "url_api": "http://localhost:8080/api/v2/tests/97/"}, - "finding_count": 5, "findings": {"new": [{"id": 256, "title": "Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/256", - "url_api": "http://localhost:8080/api/v2/findings/256/"}, {"id": 257, "title": - "2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": - "High", "url_ui": "http://localhost:8080/finding/257", "url_api": "http://localhost:8080/api/v2/findings/257/"}, - {"id": 258, "title": "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 - || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 - || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 - || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/258", - "url_api": "http://localhost:8080/api/v2/findings/258/"}, {"id": 259, "title": - "Regular Expression Denial of Service - (Fresh, < 0.5.2)", "severity": "High", - "url_ui": "http://localhost:8080/finding/259", "url_api": "http://localhost:8080/api/v2/findings/259/"}, - {"id": 260, "title": "2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 - < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 - < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/260", - "url_api": "http://localhost:8080/api/v2/findings/260/"}], "reactivated": [], - "mitigated": [], "untouched": []}}' + 104, "url_ui": "http://localhost:8080/test/104", "url_api": "http://localhost:8080/api/v2/tests/104/"}, + "finding_count": 5, "findings": {"new": [{"id": 292, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/292", + "url_api": "http://localhost:8080/api/v2/findings/292/"}, {"id": 293, "title": + "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 + || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "High", "url_ui": "http://localhost:8080/finding/293", "url_api": + "http://localhost:8080/api/v2/findings/293/"}, {"id": 291, "title": "Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", + "url_ui": "http://localhost:8080/finding/291", "url_api": "http://localhost:8080/api/v2/findings/291/"}, + {"id": 294, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/294", "url_api": + "http://localhost:8080/api/v2/findings/294/"}, {"id": 295, "title": "2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= + 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || + >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/295", "url_api": + "http://localhost:8080/api/v2/findings/295/"}], "reactivated": [], "mitigated": + [], "untouched": []}}' headers: Accept: - application/json @@ -1676,11 +1690,11 @@ interactions: Connection: - keep-alive Content-Length: - - '2367' + - '2378' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -1692,84 +1706,85 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"2367\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"2378\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:37876\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:42508\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", - \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/97\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/97/\\\", \\\"product_type\\\": + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/104\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/104/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 97, \\\"url_ui\\\": \\\"http://localhost:8080/test/97\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/97/\\\"}, \\\"finding_count\\\": - 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 256, \\\"title\\\": \\\"Regular + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 104, \\\"url_ui\\\": \\\"http://localhost:8080/test/104\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/104/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 292, \\\"title\\\": \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/256\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/256/\\\"}, {\\\"id\\\": 257, \\\"title\\\": - \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", - \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/257\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/257/\\\"}, {\\\"id\\\": - 258, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/258\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/258/\\\"}, {\\\"id\\\": 259, \\\"title\\\": - \\\"Regular Expression Denial of Service - (Fresh, < 0.5.2)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/259\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/259/\\\"}, {\\\"id\\\": 260, \\\"title\\\": - \\\"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/292\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/292/\\\"}, {\\\"id\\\": 293, \\\"title\\\": + \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/260\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/260/\\\"}], - \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n - \ \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event - scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": - \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \\\"http://localhost:8080/finding/293\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/293/\\\"}, + {\\\"id\\\": 291, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/291\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/291/\\\"}, + {\\\"id\\\": 294, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/294\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/294/\\\"}, + {\\\"id\\\": 295, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/295\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/295/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 256,\n \"severity\": \"High\",\n \"title\": + \ \"id\": 292,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/292/\",\n \"url_ui\": \"http://localhost:8080/finding/292\"\n + \ },\n {\n \"id\": 293,\n \"severity\": \"High\",\n + \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < + 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 + < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/293/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/293\"\n },\n + \ {\n \"id\": 291,\n \"severity\": \"Medium\",\n \"title\": \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/256/\",\n \"url_ui\": \"http://localhost:8080/finding/256\"\n - \ },\n {\n \"id\": 257,\n \"severity\": \"High\",\n - \ \"title\": \"2222Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/257/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/257\"\n },\n - \ {\n \"id\": 258,\n \"severity\": \"High\",\n \"title\": - \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < - 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 - < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= - 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/258/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/258\"\n },\n - \ {\n \"id\": 259,\n \"severity\": \"High\",\n \"title\": - \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/259/\",\n \"url_ui\": \"http://localhost:8080/finding/259\"\n - \ },\n {\n \"id\": 260,\n \"severity\": \"High\",\n - \ \"title\": \"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/260/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/260\"\n }\n ],\n + \"http://localhost:8080/api/v2/findings/291/\",\n \"url_ui\": \"http://localhost:8080/finding/291\"\n + \ },\n {\n \"id\": 294,\n \"severity\": \"Medium\",\n + \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/294/\",\n \"url_ui\": + \"http://localhost:8080/finding/294\"\n },\n {\n \"id\": + 295,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/295/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/295\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 97,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/97/\",\n - \ \"url_ui\": \"http://localhost:8080/test/97\"\n },\n \"title\": + 104,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/104/\",\n + \ \"url_ui\": \"http://localhost:8080/test/104\"\n },\n \"title\": \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: - NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/97/\",\n - \ \"url_ui\": \"http://localhost:8080/test/97\",\n \"user\": null\n }\n}\n" + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/104/\",\n + \ \"url_ui\": \"http://localhost:8080/test/104\",\n \"user\": null\n + \ }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -1778,7 +1793,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:25:14 GMT + - Sat, 24 May 2025 10:32:46 GMT Transfer-Encoding: - chunked status: @@ -1803,12 +1818,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:14.452+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:48.768+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - a9bbe70f-85a5-42c2-9bb6-20592407dd6c + - c76cb2b1-0145-45d3-8493-179574767ec7 Atl-Traceid: - - a9bbe70f85a542c29bb620592407dd6c + - c76cb2b1014545d38493179574767ec7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1818,7 +1833,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:14 GMT + - Sat, 24 May 2025 10:32:48 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1828,7 +1843,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="r9cKqQi37pSpdWIxBdsmO-bevZY__0HfX1F67B68oKtdfs3qqM4ppw==",cdn-downstream-fbl;dur=242,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=240,atl-edge;dur=167,atl-edge-internal;dur=15,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=107,atl-edge;dur=99,atl-edge-internal;dur=14,atl-edge-upstream;dur=85,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="DybEwp8lrOnQ3vTOwl6yC7dvG084F77MHGqtSiWd_kUZxLX2--vOLQ==",cdn-downstream-fbl;dur=110 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1838,15 +1853,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 35f3ad5aa26e63a13ffedf420998e698.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - r9cKqQi37pSpdWIxBdsmO-bevZY__0HfX1F67B68oKtdfs3qqM4ppw== + - DybEwp8lrOnQ3vTOwl6yC7dvG084F77MHGqtSiWd_kUZxLX2--vOLQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 21f5943150930d1ebcf0ea23afd9fde8 + - 6d7f14ff04f9e411765cf2c13f211c68 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1872,28 +1887,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18191 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19657 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18191","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191","key":"NTEST-1848","fields":{"statuscategorychangedate":"2025-04-30T18:25:07.743+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19657","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657","key":"NTEST-2985","fields":{"statuscategorychangedate":"2025-05-24T12:32:43.686+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:07.393+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t13:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:07.506+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:43.318+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ef:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:43.415+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/257]\n*Defect Dojo link:* http://localhost:8080/finding/257 - (257)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/292]\n*Defect Dojo link:* http://localhost:8080/finding/292 + (292)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1903,9 +1919,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1915,14 +1931,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - e2fcadfb-97de-4a72-936d-31c231fbee13 + - 8baa060f-90b9-4528-8d9c-893e3a433ad1 Atl-Traceid: - - e2fcadfb97de4a72936d31c231fbee13 + - 8baa060f90b945288d9c893e3a433ad1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1932,7 +1948,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:14 GMT + - Sat, 24 May 2025 10:32:49 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1942,7 +1958,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=301,atl-edge;dur=268,atl-edge-internal;dur=16,atl-edge-upstream;dur=250,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="-RNS25MXiLoUTO5DUAZFvC43cikladAM24mi4-ixxqGWIJZ1kLK_EQ==",cdn-downstream-fbl;dur=304 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=238,atl-edge;dur=230,atl-edge-internal;dur=15,atl-edge-upstream;dur=215,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="einOInktVcXdEwWV6yeS90Ak7fhYGnG2IYJJTi8367vW1rrMDRc-7Q==",cdn-downstream-fbl;dur=242 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1952,15 +1968,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9dbecd95f02024b36225d6b521598db6.cloudfront.net (CloudFront) + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - -RNS25MXiLoUTO5DUAZFvC43cikladAM24mi4-ixxqGWIJZ1kLK_EQ== + - einOInktVcXdEwWV6yeS90Ak7fhYGnG2IYJJTi8367vW1rrMDRc-7Q== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 79aab7bd8979a37710097aee89efd909 + - 8d375c8a0f8e30bb612a526fcd0528d6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1989,12 +2005,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:15.404+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:49.563+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 4b4e15b7-1980-4e59-9e49-5e930de7d574 + - fc01ea8e-d8da-4572-b9f7-afb86f04dabe Atl-Traceid: - - 4b4e15b719804e599e495e930de7d574 + - fc01ea8ed8da4572b9f7afb86f04dabe Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2004,7 +2020,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:15 GMT + - Sat, 24 May 2025 10:32:49 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2014,7 +2030,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="uldF8UCP8TNkipEi5MC-S7Dh9I2Tk1JaWNKa7malTuxrMfQYVQlVXw==",cdn-downstream-fbl;dur=248,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=245,atl-edge;dur=161,atl-edge-internal;dur=13,atl-edge-upstream;dur=147,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=115,atl-edge;dur=107,atl-edge-internal;dur=14,atl-edge-upstream;dur=93,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="kp7v1ZVdrOxeRj-Cj-PfaVtTJnr9vSpguzjztFyKJ7nxOwsEBD9H-g==",cdn-downstream-fbl;dur=119 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2024,15 +2040,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8dac9acbf37a4821f35529f7cc336eba.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - uldF8UCP8TNkipEi5MC-S7Dh9I2Tk1JaWNKa7malTuxrMfQYVQlVXw== + - kp7v1ZVdrOxeRj-Cj-PfaVtTJnr9vSpguzjztFyKJ7nxOwsEBD9H-g== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 664de2b4d66e801647c1e0de8cd2be92 + - 11b64c66d57a275a6f3fa58626dd2f75 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2058,28 +2074,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18191 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19657 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18191","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191","key":"NTEST-1848","fields":{"statuscategorychangedate":"2025-04-30T18:25:07.743+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19657","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657","key":"NTEST-2985","fields":{"statuscategorychangedate":"2025-05-24T12:32:43.686+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:07.393+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t13:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:07.506+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:43.318+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ef:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:43.415+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/257]\n*Defect Dojo link:* http://localhost:8080/finding/257 - (257)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/292]\n*Defect Dojo link:* http://localhost:8080/finding/292 + (292)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2089,9 +2106,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2101,14 +2118,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 1a845ab5-7182-412a-bf34-64b54c1e448e + - b7345a24-de44-491a-bfc1-e847ddda3af4 Atl-Traceid: - - 1a845ab57182412abf3464b54c1e448e + - b7345a24de44491abfc1e847ddda3af4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2118,7 +2135,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:15 GMT + - Sat, 24 May 2025 10:32:49 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2128,7 +2145,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="-mWUeBOkl9aymAzsngqL2mJc8w5P-ivgxREMUM6VQ3daRm0TFfM2dA==",cdn-downstream-fbl;dur=381,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=379,atl-edge;dur=292,atl-edge-internal;dur=15,atl-edge-upstream;dur=277,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=242,atl-edge;dur=234,atl-edge-internal;dur=15,atl-edge-upstream;dur=220,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="CK4_NVUZ0PinhxVxcYDm4ZOhd5OUQRPAUKblhy-3Y7_cMziebAuz4A==",cdn-downstream-fbl;dur=245 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2138,15 +2155,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 82e46a17c2e4998f87de230e61a57612.cloudfront.net (CloudFront) + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - -mWUeBOkl9aymAzsngqL2mJc8w5P-ivgxREMUM6VQ3daRm0TFfM2dA== + - CK4_NVUZ0PinhxVxcYDm4ZOhd5OUQRPAUKblhy-3Y7_cMziebAuz4A== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 7817a5d0925db3b330a404bb170a1043 + - baea1c405cf998e8a88184e262b7cb40 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2184,9 +2201,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - b7684974-065d-4c06-b08f-e3016241e053 + - 47afe3ab-433a-4f16-ac1e-0df1bc301c0d Atl-Traceid: - - b7684974065d4c06b08fe3016241e053 + - 47afe3ab433a4f16ac1e0df1bc301c0d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2196,7 +2213,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:16 GMT + - Sat, 24 May 2025 10:32:50 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2206,7 +2223,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="etMx3-2yxOVJjC5W0yqXDS4u1l8-4dL537M5pzmS7ABc9-3lq_iDvw==",cdn-downstream-fbl;dur=355,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=56,cdn-upstream-fbl;dur=352,atl-edge;dur=276,atl-edge-internal;dur=15,atl-edge-upstream;dur=260,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=287,atl-edge;dur=280,atl-edge-internal;dur=17,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="OJBJMMo7vgurDUsbchJLYOWzUIe62QfAB6iy8fgy7nz-c40RjA0vwg==",cdn-downstream-fbl;dur=291 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2216,18 +2233,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2bdfafaaaec33c116889588ecd9de280.cloudfront.net (CloudFront) + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - etMx3-2yxOVJjC5W0yqXDS4u1l8-4dL537M5pzmS7ABc9-3lq_iDvw== + - OJBJMMo7vgurDUsbchJLYOWzUIe62QfAB6iy8fgy7nz-c40RjA0vwg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 9460fbd12b517916526f2c6a671420d5 + - 771a931de620c854f929cac935475cc4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2241,20 +2258,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Inactive, Verified, Risk Accepted |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Inactive, Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* May - 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257]\n*Defect - Dojo link:* http://localhost:8080/finding/257 (257)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings + *not* matching the Active, and Severity criteria:\n|| Severity || CVE || CWE + || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Inactive, + Verified, Risk Accepted|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Inactive, + Verified, Risk Accepted|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]\n*Defect + Dojo link:* http://localhost:8080/finding/292 (292)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2264,9 +2281,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2275,7 +2292,7 @@ interactions: Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + [(admin) ()|mailto:]\n", "priority": {"name": "Lowest"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -2286,21 +2303,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3350' + - '3552' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18191 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19657 response: body: string: '' headers: Atl-Request-Id: - - b9cb8993-b190-48ef-afd5-b74ba2ecb200 + - 0f19d758-54dd-41f0-8f8d-c7153700347f Atl-Traceid: - - b9cb8993b19048efafd5b74ba2ecb200 + - 0f19d75854dd41f08f8dc7153700347f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2308,7 +2325,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:17 GMT + - Sat, 24 May 2025 10:32:51 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2318,7 +2335,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="RkfO_tH9843GilePXor0bKgFg4l8zlP0qHDLSbDK5S-S0b7QAfI7FQ==",cdn-downstream-fbl;dur=672,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=95,cdn-upstream-fbl;dur=670,atl-edge;dur=542,atl-edge-internal;dur=17,atl-edge-upstream;dur=525,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=669,atl-edge;dur=660,atl-edge-internal;dur=16,atl-edge-upstream;dur=645,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="8aWfIykGlQJMftzWTRR852cowP9SZgzrMURsy25KfcfsaqDumqIy6Q==",cdn-downstream-fbl;dur=673 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2326,15 +2343,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1b7fa09f50c08a88d619f90eef5ee94a.cloudfront.net (CloudFront) + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - RkfO_tH9843GilePXor0bKgFg4l8zlP0qHDLSbDK5S-S0b7QAfI7FQ== + - 8aWfIykGlQJMftzWTRR852cowP9SZgzrMURsy25KfcfsaqDumqIy6Q== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 58112f599009482b9c76a0d30f38071b + - f47e38e8b63cad0e39beb7c83a463778 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2360,29 +2377,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18191 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19657 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18191","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191","key":"NTEST-1848","fields":{"statuscategorychangedate":"2025-04-30T18:25:07.743+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19657","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657","key":"NTEST-2985","fields":{"statuscategorychangedate":"2025-05-24T12:32:43.686+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:07.393+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t13:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:16.959+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:43.318+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ef:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:50.689+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Inactive, Verified, Risk Accepted |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Inactive, Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* - May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257]\n*Defect - Dojo link:* http://localhost:8080/finding/257 (257)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings + *not* matching the Active, and Severity criteria:\n|| Severity || CVE || CWE + || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Inactive, + Verified, Risk Accepted|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Inactive, + Verified, Risk Accepted|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]\n*Defect + Dojo link:* http://localhost:8080/finding/292 (292)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2392,9 +2409,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2404,14 +2421,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 45205931-a90c-4f6e-a0fc-caf39498c7fd + - 4dbe7465-6a82-4601-ad6d-3c57d9bf311a Atl-Traceid: - - 45205931a90c4f6ea0fccaf39498c7fd + - 4dbe74656a824601ad6d3c57d9bf311a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2421,7 +2438,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:17 GMT + - Sat, 24 May 2025 10:32:51 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2431,7 +2448,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="gK50Qg11MnrVrDIxEk76lC09utEq9YllzEz520ld9XuzK0jNlKI0IA==",cdn-downstream-fbl;dur=484,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=481,atl-edge;dur=398,atl-edge-internal;dur=16,atl-edge-upstream;dur=381,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=245,atl-edge;dur=237,atl-edge-internal;dur=16,atl-edge-upstream;dur=220,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="jq2VGmZgGRFyi0PY8GZ-e1Ps6DpdOvP_njMdXkfGTW9XAYQ8LZbAsA==",cdn-downstream-fbl;dur=249 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2441,15 +2458,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 d4aa84013921cdd269ab20fbd29fbe1e.cloudfront.net (CloudFront) + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - gK50Qg11MnrVrDIxEk76lC09utEq9YllzEz520ld9XuzK0jNlKI0IA== + - jq2VGmZgGRFyi0PY8GZ-e1Ps6DpdOvP_njMdXkfGTW9XAYQ8LZbAsA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 4bad563c5d8b8d55418cd30314128fc2 + - 5ccf5b9b4f6631c49fd7a7680b69dc0b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2477,15 +2494,15 @@ interactions: User-Agent: - python-requests/2.32.3 method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/transitions + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/transitions response: body: string: '' headers: Atl-Request-Id: - - 01a55549-2298-4f3a-8ef1-9e5f823bdd3d + - b7d4d8ba-81da-4d1b-8914-760741e1757b Atl-Traceid: - - 01a5554922984f3a8ef19e5f823bdd3d + - b7d4d8ba81da4d1b8914760741e1757b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2493,7 +2510,7 @@ interactions: Content-Type: - text/html;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:18 GMT + - Sat, 24 May 2025 10:32:51 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2503,7 +2520,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=563,atl-edge;dur=526,atl-edge-internal;dur=16,atl-edge-upstream;dur=508,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="baQeUG7kt9cPunLJ_Jk4xNlfetjLVyf94hrXG6dk3CXcx31UBM3ObA==",cdn-downstream-fbl;dur=567 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=481,atl-edge;dur=473,atl-edge-internal;dur=15,atl-edge-upstream;dur=458,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="EXAjKn-wRy5jQl-XDXyeRWZfdAaXuV7kD5va71EnQuimwWDQv6ee2A==",cdn-downstream-fbl;dur=485 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2511,15 +2528,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1918cab433d8a05c792c3cff85897f3c.cloudfront.net (CloudFront) + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - baQeUG7kt9cPunLJ_Jk4xNlfetjLVyf94hrXG6dk3CXcx31UBM3ObA== + - EXAjKn-wRy5jQl-XDXyeRWZfdAaXuV7kD5va71EnQuimwWDQv6ee2A== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 2172d69a7f7ef86b63881ac119f8f57b + - 29aaa30494a1b650bf00c088dd96c534 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2548,12 +2565,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:19.040+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:52.248+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - ace3fa1d-00bb-460e-8f6b-f59328de3e20 + - 7be62e0c-c584-4ee3-aaa1-75b5eb48a1be Atl-Traceid: - - ace3fa1d00bb460e8f6bf59328de3e20 + - 7be62e0cc5844ee3aaa175b5eb48a1be Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2563,7 +2580,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:19 GMT + - Sat, 24 May 2025 10:32:52 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2573,7 +2590,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="FW7-l1PCZH6VteqDnSqAE2tvM_rqfvNHzSZeST4NTgDYN2r7W8OfEA==",cdn-downstream-fbl;dur=253,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=250,atl-edge;dur=161,atl-edge-internal;dur=19,atl-edge-upstream;dur=143,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=118,atl-edge;dur=110,atl-edge-internal;dur=14,atl-edge-upstream;dur=97,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="wjEpK8ptu1BMwPlm16dn-M3utDzNkmwcGNWLa6qa0SV7xqe0EsogYw==",cdn-downstream-fbl;dur=123 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2583,15 +2600,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9041bc1ab42f996e0fd971e734eff2e2.cloudfront.net (CloudFront) + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - FW7-l1PCZH6VteqDnSqAE2tvM_rqfvNHzSZeST4NTgDYN2r7W8OfEA== + - wjEpK8ptu1BMwPlm16dn-M3utDzNkmwcGNWLa6qa0SV7xqe0EsogYw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 7b9f3c1218b5537800df22edb72203ef + - 886c7cffb5e1b1d55b7385692d10c212 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2617,28 +2634,28 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18191 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19657 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18191","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191","key":"NTEST-1848","fields":{"statuscategorychangedate":"2025-04-30T18:25:18.266+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19657","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657","key":"NTEST-2985","fields":{"statuscategorychangedate":"2025-05-24T12:32:51.688+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-04-30T18:25:18.244+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:07.393+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_10873_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t13:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:18.266+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-05-24T12:32:51.661+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:43.318+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_8370_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ef:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:51.688+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Inactive, Verified, Risk Accepted |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Inactive, Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* - May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257]\n*Defect - Dojo link:* http://localhost:8080/finding/257 (257)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings + *not* matching the Active, and Severity criteria:\n|| Severity || CVE || CWE + || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Inactive, + Verified, Risk Accepted|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Inactive, + Verified, Risk Accepted|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]\n*Defect + Dojo link:* http://localhost:8080/finding/292 (292)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2648,9 +2665,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2660,14 +2677,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - c3223988-c40d-484b-9459-91d7b1c9809f + - 3aaa8424-2df7-4ebf-97b9-9ab6a4066d5e Atl-Traceid: - - c3223988c40d484b945991d7b1c9809f + - 3aaa84242df74ebf97b99ab6a4066d5e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2677,7 +2694,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:19 GMT + - Sat, 24 May 2025 10:32:52 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2687,7 +2704,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="hUTE0T2snwQb-Dyb9nunOy40GLANpOmNvR45xiNevAge08mAvC_-fg==",cdn-downstream-fbl;dur=354,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=351,atl-edge;dur=277,atl-edge-internal;dur=18,atl-edge-upstream;dur=260,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=273,atl-edge;dur=265,atl-edge-internal;dur=15,atl-edge-upstream;dur=251,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="3XqlbVKMFI0DDK1GTjuARYeO9_AMgY-nj12tzUhsHbE_p37lzUumsw==",cdn-downstream-fbl;dur=277 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2697,15 +2714,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8f3e5b5af450fbcfb7e821f6aa6b3d76.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - hUTE0T2snwQb-Dyb9nunOy40GLANpOmNvR45xiNevAge08mAvC_-fg== + - 3XqlbVKMFI0DDK1GTjuARYeO9_AMgY-nj12tzUhsHbE_p37lzUumsw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 5663b4af80fd05f01ec6b4b0a68cf6c9 + - 8a885e9bee01c69934bc2f0b2f78b0ff X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2743,9 +2760,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 3b25ec98-6c7d-481a-b728-3cc6a57e62a4 + - 2e8cc28d-98ca-4288-ab0e-0987f56df416 Atl-Traceid: - - 3b25ec986c7d481ab7283cc6a57e62a4 + - 2e8cc28d98ca4288ab0e0987f56df416 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2755,7 +2772,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:20 GMT + - Sat, 24 May 2025 10:32:52 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2765,7 +2782,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="JSBFO-OUmeXdAcAu4x66q7Dt2GylnVhiduwPIx3LaTTf2MPGxrvD8A==",cdn-downstream-fbl;dur=436,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=433,atl-edge;dur=346,atl-edge-internal;dur=16,atl-edge-upstream;dur=330,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=280,atl-edge;dur=273,atl-edge-internal;dur=15,atl-edge-upstream;dur=258,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="2jprA7gDkhGiMmv8dmsn9liyHZbw54jgGRufrp9w_dbiQz0lWYc8sQ==",cdn-downstream-fbl;dur=284 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2775,18 +2792,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f31fa40e0863bae8e02d0ba21cedaeb0.cloudfront.net (CloudFront) + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - JSBFO-OUmeXdAcAu4x66q7Dt2GylnVhiduwPIx3LaTTf2MPGxrvD8A== + - 2jprA7gDkhGiMmv8dmsn9liyHZbw54jgGRufrp9w_dbiQz0lWYc8sQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 13ec505ad168c4a5f3005a8512b520e0 + - a661d14b950ff21d6b9981800fc98763 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2800,20 +2817,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Inactive, Verified, Risk Accepted |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Inactive, Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* May - 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257]\n*Defect - Dojo link:* http://localhost:8080/finding/257 (257)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings + *not* matching the Active, and Severity criteria:\n|| Severity || CVE || CWE + || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Inactive, + Verified, Risk Accepted|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Inactive, + Verified, Risk Accepted|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]\n*Defect + Dojo link:* http://localhost:8080/finding/292 (292)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2823,9 +2840,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2834,7 +2851,7 @@ interactions: Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + [(admin) ()|mailto:]\n", "priority": {"name": "Lowest"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -2845,21 +2862,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3350' + - '3552' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18191 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19657 response: body: string: '' headers: Atl-Request-Id: - - df922305-c684-4fbc-a72d-8f1050645acf + - e04deab4-e4c1-4574-9e35-08a9c526c8dc Atl-Traceid: - - df922305c6844fbca72d8f1050645acf + - e04deab4e4c145749e3508a9c526c8dc Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2867,7 +2884,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:20 GMT + - Sat, 24 May 2025 10:32:53 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2877,7 +2894,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=319,atl-edge;dur=286,atl-edge-internal;dur=35,atl-edge-upstream;dur=249,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="mR6Gz3eGy5wCbg2nk7Jx86nQZlTQ2AAgSPpjPYH6qLNpryUx7zA5SA==",cdn-downstream-fbl;dur=346 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=255,atl-edge;dur=246,atl-edge-internal;dur=14,atl-edge-upstream;dur=232,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="_q-aouaPc9ld_NAndeA5KVROKKF0KCULSFaw8ZDhohexu7me55W1ew==",cdn-downstream-fbl;dur=259 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2885,15 +2902,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a78d8f4a6ccd81221651cd6112d5330a.cloudfront.net (CloudFront) + - 1.1 9835af751c15612a813bbc131d2ce1e6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - mR6Gz3eGy5wCbg2nk7Jx86nQZlTQ2AAgSPpjPYH6qLNpryUx7zA5SA== + - _q-aouaPc9ld_NAndeA5KVROKKF0KCULSFaw8ZDhohexu7me55W1ew== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c7db55fe8b952ebf44f9aba94fb41a1e + - 9c92a6e0f60a33b3ee346fded32db266 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2919,28 +2936,28 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18191 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19657 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18191","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191","key":"NTEST-1848","fields":{"statuscategorychangedate":"2025-04-30T18:25:18.266+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19657","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657","key":"NTEST-2985","fields":{"statuscategorychangedate":"2025-05-24T12:32:51.688+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-04-30T18:25:18.244+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:07.393+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_10873_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t13:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:18.266+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-05-24T12:32:51.661+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:43.318+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_8370_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ef:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:51.688+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Inactive, Verified, Risk Accepted |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Inactive, Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* - May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257]\n*Defect - Dojo link:* http://localhost:8080/finding/257 (257)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings + *not* matching the Active, and Severity criteria:\n|| Severity || CVE || CWE + || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Inactive, + Verified, Risk Accepted|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Inactive, + Verified, Risk Accepted|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]\n*Defect + Dojo link:* http://localhost:8080/finding/292 (292)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2950,9 +2967,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2962,14 +2979,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 9b568cb5-a686-47c0-93e5-783586466a7f + - 28d4889b-4f85-4ef9-9782-9af3434697ec Atl-Traceid: - - 9b568cb5a68647c093e5783586466a7f + - 28d4889b4f854ef997829af3434697ec Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2979,7 +2996,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:21 GMT + - Sat, 24 May 2025 10:32:53 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2989,7 +3006,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="t_gRj2qjww-e_CaFaF54yN-2E2QP6D4DyWqIZRhPfMH1i-zXW7gMzA==",cdn-downstream-fbl;dur=348,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=346,atl-edge;dur=260,atl-edge-internal;dur=17,atl-edge-upstream;dur=244,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=213,atl-edge;dur=205,atl-edge-internal;dur=15,atl-edge-upstream;dur=190,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="_yfth3qE9IZO1wW1RZpmnrsTkI_m7yDzmEgS4iYzYIHT3hdU2UeZ1A==",cdn-downstream-fbl;dur=216 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2999,15 +3016,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 7b64a70fe0edcfd6cd8e281be975ea8a.cloudfront.net (CloudFront) + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - t_gRj2qjww-e_CaFaF54yN-2E2QP6D4DyWqIZRhPfMH1i-zXW7gMzA== + - _yfth3qE9IZO1wW1RZpmnrsTkI_m7yDzmEgS4iYzYIHT3hdU2UeZ1A== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 5274eded0c07d1a5ed0327983064222c + - ec7288b98f4dbd4250cbedc92d029805 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3036,12 +3053,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:21.563+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:53.907+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - b79d3e98-ef0d-4f11-87b5-4d96c8fe7b46 + - db972f3b-f758-4789-8c8c-4886f6498c28 Atl-Traceid: - - b79d3e98ef0d4f1187b54d96c8fe7b46 + - db972f3bf75847898c8c4886f6498c28 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3051,7 +3068,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:21 GMT + - Sat, 24 May 2025 10:32:53 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3061,7 +3078,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=194,atl-edge;dur=161,atl-edge-internal;dur=14,atl-edge-upstream;dur=147,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="EvQI9UyrUKMgE74MeV___tsuYdsvfUI92hI7QZmFTIADzjF8_d548w==",cdn-downstream-fbl;dur=198 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=117,atl-edge;dur=109,atl-edge-internal;dur=17,atl-edge-upstream;dur=93,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="fWB60bmyts2K67z1UznMvnr-BBuvBIK1859NRD40F6W5U0_nzqldvQ==",cdn-downstream-fbl;dur=120 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3071,15 +3088,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9dbecd95f02024b36225d6b521598db6.cloudfront.net (CloudFront) + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - EvQI9UyrUKMgE74MeV___tsuYdsvfUI92hI7QZmFTIADzjF8_d548w== + - fWB60bmyts2K67z1UznMvnr-BBuvBIK1859NRD40F6W5U0_nzqldvQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - dfc2531f06984be110ad623c492c7c9c + - 12c09bc77e814e89243d12930691c3fb X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3105,39 +3122,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18193 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19658 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18193","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193","key":"NTEST-1849","fields":{"statuscategorychangedate":"2025-04-30T18:25:10.376+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19658","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658","key":"NTEST-2986","fields":{"statuscategorychangedate":"2025-05-24T12:32:45.768+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:10.039+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:10.150+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:45.418+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010en:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:45.520+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/5] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/932] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260]\n*Defect - Dojo link:* http://localhost:8080/finding/260 (260)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]\n*Defect + Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -3160,16 +3178,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/258]\n*Defect Dojo link:* - http://localhost:8080/finding/258 (258)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]\n*Defect + Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -3192,16 +3210,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 56342d89-d37f-48f0-b3f3-c0d5b5173def + - 9df9a1d4-6e63-46de-b221-d6de73a3d935 Atl-Traceid: - - 56342d89d37f48f0b3f3c0d5b5173def + - 9df9a1d46e6346deb221d6de73a3d935 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3211,7 +3229,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:22 GMT + - Sat, 24 May 2025 10:32:54 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3221,7 +3239,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="a-aVRGUn9FvdpF5N6i-QYd1gJZq6s9483xQkbBEPGCOJ7eq7_0tqNw==",cdn-downstream-fbl;dur=379,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=58,cdn-upstream-fbl;dur=376,atl-edge;dur=297,atl-edge-internal;dur=19,atl-edge-upstream;dur=279,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=230,atl-edge;dur=222,atl-edge-internal;dur=16,atl-edge-upstream;dur=206,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="u2D6J10La_j4z2vrboWJ4fPg6Wzkx4QfzddO2SpJfZ3kbabzeSJ1qw==",cdn-downstream-fbl;dur=234 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3231,15 +3249,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a9a3eef6ee6df44793fb3d5e366a7238.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - a-aVRGUn9FvdpF5N6i-QYd1gJZq6s9483xQkbBEPGCOJ7eq7_0tqNw== + - u2D6J10La_j4z2vrboWJ4fPg6Wzkx4QfzddO2SpJfZ3kbabzeSJ1qw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 1ac4cf3755b05e296ce3eb4a9e41eb95 + - 03ccb8ddea9b02c53af11da8402eadd8 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3277,9 +3295,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 19ba46d1-feec-477e-a905-b752dc2a2692 + - 66721af3-ea9c-4c84-b922-ba4b1b3ca0a1 Atl-Traceid: - - 19ba46d1feec477ea905b752dc2a2692 + - 66721af3ea9c4c84b922ba4b1b3ca0a1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3289,7 +3307,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:22 GMT + - Sat, 24 May 2025 10:32:54 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3299,7 +3317,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=328,atl-edge;dur=296,atl-edge-internal;dur=15,atl-edge-upstream;dur=280,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="paDd0IR-qx7-mbGLFf1JBZOauscpbeIGtf411LkVBN4iKOAAl8HpRg==",cdn-downstream-fbl;dur=332 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="K40z73ZYajvAKnTWeIpFci5eaN-x7Ak5ApgqkwCRxMgc7eXEDR1ljw==",cdn-downstream-fbl;dur=325,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=323,atl-edge;dur=294,atl-edge-internal;dur=13,atl-edge-upstream;dur=281,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3309,18 +3327,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ad310b4d7c581c35032fa3fce068e53c.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - paDd0IR-qx7-mbGLFf1JBZOauscpbeIGtf411LkVBN4iKOAAl8HpRg== + - K40z73ZYajvAKnTWeIpFci5eaN-x7Ak5ApgqkwCRxMgc7eXEDR1ljw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c21421b32dbc7c3e94e28dfff75a3bb0 + - b46cc7666d0999993dcace9049bd361e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3334,29 +3352,31 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/5] in [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| - Severity || CVE || CWE || Component || Version || Title || Status ||\n| High - | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] - | pg | 5.1.0 | [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < - 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= - 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260] - | Inactive, Verified, Risk Accepted |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/932] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings + *not* matching the Active, and Severity criteria:\n|| Severity || CVE || CWE + || Component || Version || Title || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258] | Inactive, - Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < - 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= - 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260]\n*Defect - Dojo link:* http://localhost:8080/finding/260 (260)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]|Inactive, + Verified, Risk Accepted|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]|Inactive, + Verified, Risk Accepted|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote Code + Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]\n*Defect Dojo + link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due Date:* + June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -3379,15 +3399,15 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/258]\n*Defect Dojo link:* http://localhost:8080/finding/258 - (258)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]\n*Defect Dojo link:* http://localhost:8080/finding/295 + (295)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -3410,8 +3430,8 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Lowest"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -3422,21 +3442,21 @@ interactions: Connection: - keep-alive Content-Length: - - '6820' + - '7022' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18193 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19658 response: body: string: '' headers: Atl-Request-Id: - - cce5292b-4555-42d7-ad7e-1dcf67eb1a03 + - f5499702-c675-45ab-a53d-b09fae9b23a2 Atl-Traceid: - - cce5292b455542d7ad7e1dcf67eb1a03 + - f5499702c67545aba53db09fae9b23a2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3444,7 +3464,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:23 GMT + - Sat, 24 May 2025 10:32:55 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3454,7 +3474,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=541,atl-edge;dur=506,atl-edge-internal;dur=16,atl-edge-upstream;dur=491,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="LsxXLaBzvX-GRotRe-BPK-x8jr0lZ32CqAwsH5zT9phBpQQ0eiw-HQ==",cdn-downstream-fbl;dur=546 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=523,atl-edge;dur=515,atl-edge-internal;dur=15,atl-edge-upstream;dur=499,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="QcuoiKQ9r6AvZ8m45uN0jzOPdYzvmXCWHSq2UeMo4Y0880rSmTYSlg==",cdn-downstream-fbl;dur=528 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3462,15 +3482,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 848ee9f48eafd6caa6bf5371a2f79f28.cloudfront.net (CloudFront) + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - LsxXLaBzvX-GRotRe-BPK-x8jr0lZ32CqAwsH5zT9phBpQQ0eiw-HQ== + - QcuoiKQ9r6AvZ8m45uN0jzOPdYzvmXCWHSq2UeMo4Y0880rSmTYSlg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - dbce342de831af5441d9d40559fbd165 + - f58aca927e5a19e4d3da5fcbf05f6d81 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3496,40 +3516,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18193 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19658 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18193","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193","key":"NTEST-1849","fields":{"statuscategorychangedate":"2025-04-30T18:25:10.376+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19658","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658","key":"NTEST-2986","fields":{"statuscategorychangedate":"2025-05-24T12:32:45.768+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:10.039+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:22.907+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:45.418+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010en:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:55.035+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/5] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/932] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings + *not* matching the Active, and Severity criteria:\n|| Severity || CVE || CWE + || Component || Version || Title || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260] | Inactive, - Verified, Risk Accepted |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]|Inactive, + Verified, Risk Accepted|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258] | Inactive, - Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 - \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/260]\n*Defect Dojo link:* - http://localhost:8080/finding/260 (260)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]|Inactive, + Verified, Risk Accepted|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]\n*Defect + Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -3552,16 +3572,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/258]\n*Defect Dojo link:* - http://localhost:8080/finding/258 (258)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]\n*Defect + Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -3584,16 +3604,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - c8235c6c-7dc8-404b-a4e1-7d3582c36b19 + - 3d23ff05-68d0-4508-9088-22b19605e786 Atl-Traceid: - - c8235c6c7dc8404ba4e17d3582c36b19 + - 3d23ff0568d04508908822b19605e786 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3603,7 +3623,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:23 GMT + - Sat, 24 May 2025 10:32:55 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3613,7 +3633,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="oWtmsaAvI6kxyX9vao4tIkozDh17LveDAZ-FcI19JBOR5iQFVsg8xw==",cdn-downstream-fbl;dur=350,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=60,cdn-upstream-fbl;dur=347,atl-edge;dur=265,atl-edge-internal;dur=18,atl-edge-upstream;dur=246,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="DdDMkogzgbwjLAtiUhApjvIwbhmYIIX1jeC1YUY9ftWjW92oVezyog==",cdn-downstream-fbl;dur=254,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=251,atl-edge;dur=222,atl-edge-internal;dur=18,atl-edge-upstream;dur=205,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3623,15 +3643,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3699bc5ea5aacbe1d32ebe3e874f0c68.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - oWtmsaAvI6kxyX9vao4tIkozDh17LveDAZ-FcI19JBOR5iQFVsg8xw== + - DdDMkogzgbwjLAtiUhApjvIwbhmYIIX1jeC1YUY9ftWjW92oVezyog== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 4940320b2dcc6a526be822a2edb3e0c0 + - c99a118040a8984e3ea36fe2333fecce X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3659,15 +3679,15 @@ interactions: User-Agent: - python-requests/2.32.3 method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/transitions + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/transitions response: body: string: '' headers: Atl-Request-Id: - - f8a3ad81-cffc-4c9e-a302-83ce519d2dce + - aeb20620-afff-4c32-8803-6ea679783543 Atl-Traceid: - - f8a3ad81cffc4c9ea30283ce519d2dce + - aeb20620afff4c3288036ea679783543 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3675,7 +3695,7 @@ interactions: Content-Type: - text/html;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:24 GMT + - Sat, 24 May 2025 10:32:56 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3685,7 +3705,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="rVvT5kawyxmJhyn5WeGBkOnD-1gKHL2lyqZdgIq1kk10piefEFqRDQ==",cdn-downstream-fbl;dur=735,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=71,cdn-upstream-fbl;dur=732,atl-edge;dur=635,atl-edge-internal;dur=22,atl-edge-upstream;dur=614,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=480,atl-edge;dur=472,atl-edge-internal;dur=15,atl-edge-upstream;dur=457,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="8pvWQjP8coBFb-YMPEhOEYvtLc-a9QudMzvQ5pTLl7XbRcu10CJL7Q==",cdn-downstream-fbl;dur=483 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3693,15 +3713,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f82a4020c8fc9b14a403737c65661074.cloudfront.net (CloudFront) + - 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - rVvT5kawyxmJhyn5WeGBkOnD-1gKHL2lyqZdgIq1kk10piefEFqRDQ== + - 8pvWQjP8coBFb-YMPEhOEYvtLc-a9QudMzvQ5pTLl7XbRcu10CJL7Q== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 13b2d9233fb8714075a7ed2becf5e33d + - 96547dcc8ea3b3ef5dbec3c996f6bdc7 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3730,12 +3750,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:24.855+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:32:56.573+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - d02e2df8-f828-42db-8f23-260e84b54085 + - f0ad1681-d5bc-4852-8a23-5d4d33d2448d Atl-Traceid: - - d02e2df8f82842db8f23260e84b54085 + - f0ad1681d5bc48528a235d4d33d2448d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3745,7 +3765,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:24 GMT + - Sat, 24 May 2025 10:32:56 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3755,7 +3775,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=195,atl-edge;dur=163,atl-edge-internal;dur=17,atl-edge-upstream;dur=144,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="zQaNXmVrYbXa9EKfNLGCQy5iji02sFPVEcBN-SUZ4VlvFFdDZvFOxQ==",cdn-downstream-fbl;dur=199 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=153,atl-edge;dur=146,atl-edge-internal;dur=16,atl-edge-upstream;dur=131,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="K5GUOfSr24_7dcm8PdY2hP97HIY_9njMbudnE5FlZ82hAbbDvQPtoQ==",cdn-downstream-fbl;dur=158 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3765,15 +3785,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c7697b9c4955dc41900ab918dddd33e0.cloudfront.net (CloudFront) + - 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - zQaNXmVrYbXa9EKfNLGCQy5iji02sFPVEcBN-SUZ4VlvFFdDZvFOxQ== + - K5GUOfSr24_7dcm8PdY2hP97HIY_9njMbudnE5FlZ82hAbbDvQPtoQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - ac4913a810c01bd34bd75b0554eaeccb + - 7bbd3d9e7130e1abd28b61a6482a1506 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3799,25 +3819,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18195 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19659 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18195","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18195","key":"NTEST-1850","fields":{"statuscategorychangedate":"2025-04-30T18:25:13.029+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19659","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19659","key":"NTEST-2987","fields":{"statuscategorychangedate":"2025-05-24T12:32:47.782+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1850/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:12.710+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:12.797+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2987/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:47.431+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:47.516+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/6] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/933] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259]\n*Defect - Dojo link:* http://localhost:8080/finding/259 (259)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]\n*Defect + Dojo link:* http://localhost:8080/finding/294 (294)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -3826,14 +3848,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1850/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18195/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2987/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19659/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - ddbeb39c-a1aa-48a9-a3fa-2a6893a0fa0b + - b8a40e14-cbf4-440c-8761-3c03a37737b0 Atl-Traceid: - - ddbeb39ca1aa48a9a3fa2a6893a0fa0b + - b8a40e14cbf4440c87613c03a37737b0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3843,7 +3865,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:25 GMT + - Sat, 24 May 2025 10:32:58 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3853,7 +3875,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=291,atl-edge;dur=258,atl-edge-internal;dur=16,atl-edge-upstream;dur=242,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="cpewgVnDKjJPZvEfBuATKMNRTgEMDqMDg5pdo0txkWFxdjYmEMnJdQ==",cdn-downstream-fbl;dur=294 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=235,atl-edge;dur=227,atl-edge-internal;dur=19,atl-edge-upstream;dur=208,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="AwdRWQzBMmEwta6Cx06lHtxkCUu_15NWlLkggS00NZmUR49aGtwqcw==",cdn-downstream-fbl;dur=238 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3863,15 +3885,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2918cacbb3dda2d143059f9b5f341e32.cloudfront.net (CloudFront) + - 1.1 e086ec27af2d3105a1a9fa7efa1be454.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - cpewgVnDKjJPZvEfBuATKMNRTgEMDqMDg5pdo0txkWFxdjYmEMnJdQ== + - AwdRWQzBMmEwta6Cx06lHtxkCUu_15NWlLkggS00NZmUR49aGtwqcw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - dd685a57c79c6aa4ecc5c3f8c5de69e7 + - cc0b7f90e491e22132e7c49bae5f49e6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3909,9 +3931,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 90f41ae9-a47e-4914-8113-0bbe7fc306ea + - cfd4c705-f1ad-4904-b289-a7f1f5e0c6a6 Atl-Traceid: - - 90f41ae9a47e491481130bbe7fc306ea + - cfd4c705f1ad4904b289a7f1f5e0c6a6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3921,7 +3943,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:25 GMT + - Sat, 24 May 2025 10:32:58 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3931,7 +3953,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=386,atl-edge;dur=302,atl-edge-internal;dur=15,atl-edge-upstream;dur=287,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="yTX3ISwEtF3OKOmNB669AzpxcUmkK8zcnZ_ff47YOX-gZO49Wge52w==",cdn-downstream-fbl;dur=390 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=269,atl-edge;dur=259,atl-edge-internal;dur=18,atl-edge-upstream;dur=243,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="1fMK6dS062yf0OjBBNGg1Vp9HOc_EAx8lk1wZW7BRoy9wG0bCRZwIQ==",cdn-downstream-fbl;dur=272 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3941,18 +3963,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 40867fef594010a8d9ec2cb0a5cb2350.cloudfront.net (CloudFront) + - 1.1 1a89beee9d72657437f5e91f57220804.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - yTX3ISwEtF3OKOmNB669AzpxcUmkK8zcnZ_ff47YOX-gZO49Wge52w== + - 1fMK6dS062yf0OjBBNGg1Vp9HOc_EAx8lk1wZW7BRoy9wG0bCRZwIQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 9ee4b5af2e462bfba8d44b9b7688a261 + - c8dd3640e3f3861f165a70a00a3dc589 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3966,17 +3988,18 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/6] in [Security + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/933] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259] - | Inactive, Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* May - 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259]\n*Defect - Dojo link:* http://localhost:8080/finding/259 (259)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* None \n\nFindings matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings + *not* matching the Active, and Severity criteria:\n|| Severity || CVE || CWE + || Component || Version || Title || Status ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]|Inactive, + Verified, Risk Accepted|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression + Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]\n*Defect + Dojo link:* http://localhost:8080/finding/294 (294)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service when @@ -3984,7 +4007,7 @@ interactions: Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + [(admin) ()|mailto:]\n", "priority": {"name": "Lowest"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -3995,21 +4018,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1944' + - '2161' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18195 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19659 response: body: string: '' headers: Atl-Request-Id: - - 6a3c71a2-09e2-465c-939f-fe35635491fd + - b7df9378-d79f-4ee5-a5d5-51acd2fcaa2f Atl-Traceid: - - 6a3c71a209e2465c939ffe35635491fd + - b7df9378d79f4ee5a5d551acd2fcaa2f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4017,7 +4040,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:26 GMT + - Sat, 24 May 2025 10:32:59 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4027,7 +4050,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=505,atl-edge;dur=471,atl-edge-internal;dur=15,atl-edge-upstream;dur=456,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="eWLEW8JD8S3Ek9dAYnggj2uZhGHS0OHYPVhlj5RzRS1C72b_lCAo4w==",cdn-downstream-fbl;dur=511 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=452,atl-edge;dur=444,atl-edge-internal;dur=18,atl-edge-upstream;dur=427,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="FDiwbhKRH-sVrzUKsjIx1g_gE9JyVWclEZyedGQtPwxNFsIAjWYDAA==",cdn-downstream-fbl;dur=456 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4035,15 +4058,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 995d6494814d695ff2add6899f970080.cloudfront.net (CloudFront) + - 1.1 0e12b175c31e0e750266df78bf0e1068.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - eWLEW8JD8S3Ek9dAYnggj2uZhGHS0OHYPVhlj5RzRS1C72b_lCAo4w== + - FDiwbhKRH-sVrzUKsjIx1g_gE9JyVWclEZyedGQtPwxNFsIAjWYDAA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 19e3c18930963f61daabeb8ef135a64e + - f40f85c6e2136ef479d6171cc6d0a8cd X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4069,26 +4092,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18195 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19659 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18195","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18195","key":"NTEST-1850","fields":{"statuscategorychangedate":"2025-04-30T18:25:13.029+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19659","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19659","key":"NTEST-2987","fields":{"statuscategorychangedate":"2025-05-24T12:32:47.782+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1850/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:12.710+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:26.125+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2987/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:47.431+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:58.771+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/6] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/933] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259] - | Inactive, Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* - May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259]\n*Defect - Dojo link:* http://localhost:8080/finding/259 (259)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* None \n\nFindings matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings + *not* matching the Active, and Severity criteria:\n|| Severity || CVE || CWE + || Component || Version || Title || Status ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]|Inactive, + Verified, Risk Accepted|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]\n*Defect + Dojo link:* http://localhost:8080/finding/294 (294)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -4097,14 +4121,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1850/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18195/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2987/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19659/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - ac6119fe-482b-41d5-99b3-b3e254794063 + - 69f1596f-1f62-4d3a-bdc3-5ec62e954724 Atl-Traceid: - - ac6119fe482b41d599b3b3e254794063 + - 69f1596f1f624d3abdc35ec62e954724 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4114,7 +4138,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:26 GMT + - Sat, 24 May 2025 10:32:59 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4124,7 +4148,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=288,atl-edge;dur=255,atl-edge-internal;dur=20,atl-edge-upstream;dur=235,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="FfELzcSNYCi3Ex8dbVIKY22ByuZaKYka9QDF1aY8iwu9_uuKLQqbIQ==",cdn-downstream-fbl;dur=291 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=217,atl-edge;dur=210,atl-edge-internal;dur=17,atl-edge-upstream;dur=193,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="A1LAcjRnUboh6NU_FvaOIDskXzwrEhXs9NZRoWB0z0Qw-hMGpECgiA==",cdn-downstream-fbl;dur=221 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4134,15 +4158,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - FfELzcSNYCi3Ex8dbVIKY22ByuZaKYka9QDF1aY8iwu9_uuKLQqbIQ== + - A1LAcjRnUboh6NU_FvaOIDskXzwrEhXs9NZRoWB0z0Qw-hMGpECgiA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - ff81752237b9afaf80deff108d529d5c + - 0dcdf375b2d06fa7f2d8842e07079d53 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4170,15 +4194,15 @@ interactions: User-Agent: - python-requests/2.32.3 method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1850/transitions + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2987/transitions response: body: string: '' headers: Atl-Request-Id: - - 8cf62239-4d02-40cf-8545-0115ba2c11d3 + - f621a8d8-d380-481a-8f15-53ca29235593 Atl-Traceid: - - 8cf622394d0240cf85450115ba2c11d3 + - f621a8d8d380481a8f1553ca29235593 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4186,7 +4210,7 @@ interactions: Content-Type: - text/html;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:27 GMT + - Sat, 24 May 2025 10:32:59 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4196,7 +4220,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=522,atl-edge;dur=489,atl-edge-internal;dur=18,atl-edge-upstream;dur=471,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="Wa4zTAhgPLmZeNYaiFwHNKj6dfKYEHvyZFcNQPlBi8XMKYd2TJaEUA==",cdn-downstream-fbl;dur=526 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=455,atl-edge;dur=448,atl-edge-internal;dur=16,atl-edge-upstream;dur=432,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="8_TYgm-GBxvm79N15HmIbcLXqBbNsb72Mm6kkofLQATSqeKi97K2_w==",cdn-downstream-fbl;dur=459 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4204,15 +4228,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 848ee9f48eafd6caa6bf5371a2f79f28.cloudfront.net (CloudFront) + - 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Wa4zTAhgPLmZeNYaiFwHNKj6dfKYEHvyZFcNQPlBi8XMKYd2TJaEUA== + - 8_TYgm-GBxvm79N15HmIbcLXqBbNsb72Mm6kkofLQATSqeKi97K2_w== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - b46bc19eb57d8ab8f6a6139282630f9b + - bfb8f2f571e66d45eaee48ab628a8a95 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4241,12 +4265,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:27.821+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:00.117+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 3803a85e-1b2b-4d6b-b8fb-9842ac5cda1e + - a386eb3d-887b-487c-b6cf-371883080b4e Atl-Traceid: - - 3803a85e1b2b4d6bb8fb9842ac5cda1e + - a386eb3d887b487cb6cf371883080b4e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4256,7 +4280,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:27 GMT + - Sat, 24 May 2025 10:33:00 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4266,7 +4290,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="SkK-tKb5KppIX3MftNtM2tp4DulXoEWl_pWn2yWq_KLZQdjS1un7Yw==",cdn-downstream-fbl;dur=225,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=223,atl-edge;dur=149,atl-edge-internal;dur=17,atl-edge-upstream;dur=132,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=126,atl-edge;dur=118,atl-edge-internal;dur=17,atl-edge-upstream;dur=101,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="i-wK0lL8qbG5BFntjwIE5UEpuytTK3yF7GMizi9QXuUpX4f0yuuQhw==",cdn-downstream-fbl;dur=131 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4276,15 +4300,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c973663b623c0e82cd366d5ae7837bf4.cloudfront.net (CloudFront) + - 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - SkK-tKb5KppIX3MftNtM2tp4DulXoEWl_pWn2yWq_KLZQdjS1un7Yw== + - i-wK0lL8qbG5BFntjwIE5UEpuytTK3yF7GMizi9QXuUpX4f0yuuQhw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 20c84b84bca8d4df20d513618895ccf1 + - edd03f3fe529c90396bd7bc00a81724a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4310,39 +4334,39 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18193 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19658 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18193","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193","key":"NTEST-1849","fields":{"statuscategorychangedate":"2025-04-30T18:25:24.135+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19658","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658","key":"NTEST-2986","fields":{"statuscategorychangedate":"2025-05-24T12:32:55.912+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-04-30T18:25:24.108+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:10.039+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_14095_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:24.134+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-05-24T12:32:55.886+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:45.418+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_10493_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010en:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:55.911+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/5] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/932] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings + *not* matching the Active, and Severity criteria:\n|| Severity || CVE || CWE + || Component || Version || Title || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260] | Inactive, - Verified, Risk Accepted |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]|Inactive, + Verified, Risk Accepted|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258] | Inactive, - Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 - \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/260]\n*Defect Dojo link:* - http://localhost:8080/finding/260 (260)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]|Inactive, + Verified, Risk Accepted|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]\n*Defect + Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -4365,16 +4389,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/258]\n*Defect Dojo link:* - http://localhost:8080/finding/258 (258)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]\n*Defect + Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -4397,16 +4421,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 00672268-5730-4e55-bd0a-214bcdd5f87d + - fa5b6cdc-8cd7-4838-bd44-ec16813498f6 Atl-Traceid: - - 0067226857304e55bd0a214bcdd5f87d + - fa5b6cdc8cd74838bd44ec16813498f6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4416,7 +4440,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:28 GMT + - Sat, 24 May 2025 10:33:00 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4426,7 +4450,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=312,atl-edge;dur=279,atl-edge-internal;dur=14,atl-edge-upstream;dur=265,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="p8FSK5hEjolnsUua-7194iiTby0V1DQvypvKwv2oTiHHGjAbnd4Ajw==",cdn-downstream-fbl;dur=315 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=239,atl-edge;dur=232,atl-edge-internal;dur=16,atl-edge-upstream;dur=215,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="DN9JZqcHmjQ8circGXrVSJd06G-4d57_wZWbVVgILZ1LV684t9t6KA==",cdn-downstream-fbl;dur=243 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4436,15 +4460,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1918cab433d8a05c792c3cff85897f3c.cloudfront.net (CloudFront) + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - p8FSK5hEjolnsUua-7194iiTby0V1DQvypvKwv2oTiHHGjAbnd4Ajw== + - DN9JZqcHmjQ8circGXrVSJd06G-4d57_wZWbVVgILZ1LV684t9t6KA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 42a2135ef66e5cbba56be59d9199e34f + - 4c6fe513943248971c12300b09e7b7a4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4482,9 +4506,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - e4dc9fc2-3fb6-4b5a-aece-dcde8038ceba + - a63d9b19-7dea-4fcc-a0cb-78e2d3180d4e Atl-Traceid: - - e4dc9fc23fb64b5aaecedcde8038ceba + - a63d9b197dea4fcca0cb78e2d3180d4e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4494,7 +4518,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:28 GMT + - Sat, 24 May 2025 10:33:00 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4504,7 +4528,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=352,atl-edge;dur=319,atl-edge-internal;dur=17,atl-edge-upstream;dur=302,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="2PmuCaVC90Bwf9Xhp7Rms7Cl-I9qvqnul9eYSPi5TD711k0PNx0VoQ==",cdn-downstream-fbl;dur=357 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=224,atl-edge;dur=216,atl-edge-internal;dur=17,atl-edge-upstream;dur=200,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="MbowLFwKqcEHbgYTHObaqfEnoG5CKRLRYSwvgdxzI7ZPOhdpZXYIeA==",cdn-downstream-fbl;dur=228 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4514,18 +4538,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 771067dca4682f83a6c9963c412d66cc.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 2PmuCaVC90Bwf9Xhp7Rms7Cl-I9qvqnul9eYSPi5TD711k0PNx0VoQ== + - MbowLFwKqcEHbgYTHObaqfEnoG5CKRLRYSwvgdxzI7ZPOhdpZXYIeA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 1997e1b970f0b2be738be99a00737f10 + - ba3da200c25bfd3b8696c382da3b870a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4539,29 +4563,31 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/5] in [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| - Severity || CVE || CWE || Component || Version || Title || Status ||\n| High - | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] - | pg | 5.1.0 | [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < - 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= - 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260] - | Inactive, Verified, Risk Accepted |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/932] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings + *not* matching the Active, and Severity criteria:\n|| Severity || CVE || CWE + || Component || Version || Title || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258] | Inactive, - Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < - 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= - 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260]\n*Defect - Dojo link:* http://localhost:8080/finding/260 (260)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]|Inactive, + Verified, Risk Accepted|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]|Inactive, + Verified, Risk Accepted|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote Code + Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]\n*Defect Dojo + link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due Date:* + June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -4584,15 +4610,15 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/258]\n*Defect Dojo link:* http://localhost:8080/finding/258 - (258)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]\n*Defect Dojo link:* http://localhost:8080/finding/295 + (295)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -4615,8 +4641,8 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Lowest"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -4627,21 +4653,21 @@ interactions: Connection: - keep-alive Content-Length: - - '6820' + - '7022' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18193 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19658 response: body: string: '' headers: Atl-Request-Id: - - 28ae6d91-bdab-4c22-9944-aa2316551c5e + - a7095686-8676-4453-a30b-f021bc4ae3e1 Atl-Traceid: - - 28ae6d91bdab4c229944aa2316551c5e + - a709568686764453a30bf021bc4ae3e1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4649,7 +4675,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:29 GMT + - Sat, 24 May 2025 10:33:01 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4659,7 +4685,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=324,atl-edge;dur=290,atl-edge-internal;dur=15,atl-edge-upstream;dur=275,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="A2AML7rcLXHBLWibXck0CGtLvLq_Ff9xzg1CaoKH6t2dIlxrtl4T_w==",cdn-downstream-fbl;dur=329 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=308,atl-edge;dur=301,atl-edge-internal;dur=16,atl-edge-upstream;dur=284,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ML7W1tclLMCk_OwF1Rnw-aOOefQE-QBPM3ITWmP9YqoJz4eY-AzNUQ==",cdn-downstream-fbl;dur=313 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4667,15 +4693,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 223f95455b0bb3057583bfe63e0d5c7a.cloudfront.net (CloudFront) + - 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - A2AML7rcLXHBLWibXck0CGtLvLq_Ff9xzg1CaoKH6t2dIlxrtl4T_w== + - ML7W1tclLMCk_OwF1Rnw-aOOefQE-QBPM3ITWmP9YqoJz4eY-AzNUQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c8b1328e2c10064052e4cee821804fdf + - cefeab2dcf6e35c2f67999fb862be0aa X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4701,39 +4727,39 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18193 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19658 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18193","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193","key":"NTEST-1849","fields":{"statuscategorychangedate":"2025-04-30T18:25:24.135+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19658","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658","key":"NTEST-2986","fields":{"statuscategorychangedate":"2025-05-24T12:32:55.912+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-04-30T18:25:24.108+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:10.039+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_14095_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:24.134+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-05-24T12:32:55.886+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:45.418+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_10493_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010en:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:55.911+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/5] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/932] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings + *not* matching the Active, and Severity criteria:\n|| Severity || CVE || CWE + || Component || Version || Title || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260] | Inactive, - Verified, Risk Accepted |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]|Inactive, + Verified, Risk Accepted|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258] | Inactive, - Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 - \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/260]\n*Defect Dojo link:* - http://localhost:8080/finding/260 (260)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]|Inactive, + Verified, Risk Accepted|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]\n*Defect + Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -4756,16 +4782,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/258]\n*Defect Dojo link:* - http://localhost:8080/finding/258 (258)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]\n*Defect + Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -4788,16 +4814,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 48f2b856-2641-4a1e-a8de-211ecac8438f + - 2de2e843-af30-4bc6-bdf8-df4f0cfa7d9b Atl-Traceid: - - 48f2b85626414a1ea8de211ecac8438f + - 2de2e843af304bc6bdf8df4f0cfa7d9b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4807,7 +4833,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:29 GMT + - Sat, 24 May 2025 10:33:01 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4817,7 +4843,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="A2F9B6zp-0nyw6_2fnn0davOi1sfNJ0-xG79xiuWu5lUzvfZFp2Ldw==",cdn-downstream-fbl;dur=336,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=55,cdn-upstream-fbl;dur=334,atl-edge;dur=259,atl-edge-internal;dur=17,atl-edge-upstream;dur=242,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=240,atl-edge;dur=232,atl-edge-internal;dur=16,atl-edge-upstream;dur=217,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="6Vj3auUDL4DLYSzZT4aPBgdBQQxxj7dbb2OC_uDkjfEQUcfSSz2UFQ==",cdn-downstream-fbl;dur=244 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4827,15 +4853,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9832e15ad117dafc81b031983cbde91e.cloudfront.net (CloudFront) + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - A2F9B6zp-0nyw6_2fnn0davOi1sfNJ0-xG79xiuWu5lUzvfZFp2Ldw== + - 6Vj3auUDL4DLYSzZT4aPBgdBQQxxj7dbb2OC_uDkjfEQUcfSSz2UFQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - f0e4588d85d5166da2df599793956721 + - 78d6116aa2bbc8bdca6d3ff30b1c5115 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4864,12 +4890,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:29.991+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:01.741+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 1fd49068-353b-4dc7-8f61-7282004148dc + - 396d7aab-0f4b-42ac-85c1-165a22773e50 Atl-Traceid: - - 1fd49068353b4dc78f617282004148dc + - 396d7aab0f4b42ac85c1165a22773e50 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4879,7 +4905,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:30 GMT + - Sat, 24 May 2025 10:33:01 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4889,7 +4915,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="dzfLtqB-3OdsdApQIP30Rl1nui-hU65DYhnknKY3bzUE0DrXWjrJ1w==",cdn-downstream-fbl;dur=257,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=255,atl-edge;dur=169,atl-edge-internal;dur=16,atl-edge-upstream;dur=154,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=110,atl-edge;dur=102,atl-edge-internal;dur=15,atl-edge-upstream;dur=88,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="4a1M649IwStfZPXvsXxmN_WPGuSBsqxOLpMVNf0rTR2EsLyDafRASw==",cdn-downstream-fbl;dur=114 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4899,15 +4925,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 40867fef594010a8d9ec2cb0a5cb2350.cloudfront.net (CloudFront) + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - dzfLtqB-3OdsdApQIP30Rl1nui-hU65DYhnknKY3bzUE0DrXWjrJ1w== + - 4a1M649IwStfZPXvsXxmN_WPGuSBsqxOLpMVNf0rTR2EsLyDafRASw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 455b7ec3afe8f60f450cfa51743f2df6 + - 4a9ecebed1b6fe38eaf5112587ed2290 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4933,28 +4959,28 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18191 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19657 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18191","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191","key":"NTEST-1848","fields":{"statuscategorychangedate":"2025-04-30T18:25:18.266+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19657","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657","key":"NTEST-2985","fields":{"statuscategorychangedate":"2025-05-24T12:32:51.688+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-04-30T18:25:18.244+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:07.393+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_10873_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t13:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:18.266+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-05-24T12:32:51.661+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:43.318+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_8370_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ef:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:51.688+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Inactive, Verified, Risk Accepted |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Inactive, Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* - May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257]\n*Defect - Dojo link:* http://localhost:8080/finding/257 (257)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings + *not* matching the Active, and Severity criteria:\n|| Severity || CVE || CWE + || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Inactive, + Verified, Risk Accepted|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Inactive, + Verified, Risk Accepted|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]\n*Defect + Dojo link:* http://localhost:8080/finding/292 (292)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4964,9 +4990,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4976,14 +5002,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - ab5af273-88e5-45aa-92d1-232a373d5480 + - 2fc974d9-8ee6-4ec3-8459-6cb5cec136da Atl-Traceid: - - ab5af27388e545aa92d1232a373d5480 + - 2fc974d98ee64ec384596cb5cec136da Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4993,7 +5019,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:30 GMT + - Sat, 24 May 2025 10:33:02 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5003,7 +5029,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=291,atl-edge;dur=258,atl-edge-internal;dur=15,atl-edge-upstream;dur=244,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="r60QjgEZwylBElP1rUBcT_mZuSyW2pNVQerhpTJJUQH8VwWTKxXlRg==",cdn-downstream-fbl;dur=295 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=226,atl-edge;dur=219,atl-edge-internal;dur=18,atl-edge-upstream;dur=201,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="7_9egGU-ESNBp5BbBkwbC6hzhGt6sU-8ih8XA2qhf-33uOWq3uLF9Q==",cdn-downstream-fbl;dur=230 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5013,15 +5039,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 223f95455b0bb3057583bfe63e0d5c7a.cloudfront.net (CloudFront) + - 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - r60QjgEZwylBElP1rUBcT_mZuSyW2pNVQerhpTJJUQH8VwWTKxXlRg== + - 7_9egGU-ESNBp5BbBkwbC6hzhGt6sU-8ih8XA2qhf-33uOWq3uLF9Q== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - fbe226db5f5acde40c545218da1fa969 + - 14a077706d664840827434ffb69657d2 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5050,12 +5076,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:31.093+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:02.594+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 0772f9ab-2802-4456-8bc5-f5c7010cd779 + - c6c0f872-b885-4454-bfc4-2eb139598d4e Atl-Traceid: - - 0772f9ab280244568bc5f5c7010cd779 + - c6c0f872b8854454bfc42eb139598d4e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5065,7 +5091,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:31 GMT + - Sat, 24 May 2025 10:33:02 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5075,7 +5101,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="AWTIQzKvvf5ZFJ9Xkh3680TRwrrhR27G8ZZ6_bIHDJkO8DOwxjzSPQ==",cdn-downstream-fbl;dur=241,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=239,atl-edge;dur=155,atl-edge-internal;dur=14,atl-edge-upstream;dur=141,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=108,atl-edge;dur=100,atl-edge-internal;dur=14,atl-edge-upstream;dur=85,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="oJvMcsgykb0MJ3Vg9abH6gooFL7cn2C22LAqveHLD0jvO3Wf5liaCg==",cdn-downstream-fbl;dur=111 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5085,15 +5111,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c4fd63432996b55c90ff4db02c11a616.cloudfront.net (CloudFront) + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - AWTIQzKvvf5ZFJ9Xkh3680TRwrrhR27G8ZZ6_bIHDJkO8DOwxjzSPQ== + - oJvMcsgykb0MJ3Vg9abH6gooFL7cn2C22LAqveHLD0jvO3Wf5liaCg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 33190c3695268ff0793ed79dc7cd8646 + - 0259ad1a998f9108fe9a0220d2ccc6d6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5119,28 +5145,28 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18191 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19657 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18191","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191","key":"NTEST-1848","fields":{"statuscategorychangedate":"2025-04-30T18:25:18.266+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19657","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657","key":"NTEST-2985","fields":{"statuscategorychangedate":"2025-05-24T12:32:51.688+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-04-30T18:25:18.244+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:07.393+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_10873_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t13:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:18.266+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-05-24T12:32:51.661+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:43.318+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_8370_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ef:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:51.688+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Inactive, Verified, Risk Accepted |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Inactive, Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* - May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257]\n*Defect - Dojo link:* http://localhost:8080/finding/257 (257)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings + *not* matching the Active, and Severity criteria:\n|| Severity || CVE || CWE + || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Inactive, + Verified, Risk Accepted|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Inactive, + Verified, Risk Accepted|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]\n*Defect + Dojo link:* http://localhost:8080/finding/292 (292)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5150,9 +5176,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5162,14 +5188,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 3144fcff-653c-48cf-8b7d-c3aed96ab323 + - 7873b321-7639-4843-86a2-0cc158f1f85f Atl-Traceid: - - 3144fcff653c48cf8b7dc3aed96ab323 + - 7873b3217639484386a20cc158f1f85f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5179,7 +5205,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:31 GMT + - Sat, 24 May 2025 10:33:02 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5189,7 +5215,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="aXVMcKMzbFvBbuUq2PRCe0ITKB2F3rPod-DzPZFBCUP5rUexOd0zCw==",cdn-downstream-fbl;dur=357,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=354,atl-edge;dur=281,atl-edge-internal;dur=18,atl-edge-upstream;dur=264,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=241,atl-edge;dur=233,atl-edge-internal;dur=16,atl-edge-upstream;dur=218,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="wtxjKoku7CuiHs4aG4gc3SbNI7usR0VK9bKvuccARaQ2HHZUr0aNFg==",cdn-downstream-fbl;dur=245 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5199,15 +5225,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 dd3ca66f64c2ab5745848b5787ca747a.cloudfront.net (CloudFront) + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - aXVMcKMzbFvBbuUq2PRCe0ITKB2F3rPod-DzPZFBCUP5rUexOd0zCw== + - wtxjKoku7CuiHs4aG4gc3SbNI7usR0VK9bKvuccARaQ2HHZUr0aNFg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - b4eb8576ba244995ecf6f6243c3eeaf1 + - 947b6aa8598010be45abac7a0bbd97f3 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5245,9 +5271,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 8f787235-4d47-42f9-8650-a6d07008b5c5 + - bac94b4d-3c35-4991-aa8a-a59ad51ae029 Atl-Traceid: - - 8f7872354d4742f98650a6d07008b5c5 + - bac94b4d3c354991aa8aa59ad51ae029 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5257,7 +5283,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:32 GMT + - Sat, 24 May 2025 10:33:03 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5267,7 +5293,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=329,atl-edge;dur=297,atl-edge-internal;dur=17,atl-edge-upstream;dur=280,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="7aRLrs87DTBVhE6_3wWTDonTASYqTEDEq1qDpSyar0nymEVo_TrEkA==",cdn-downstream-fbl;dur=332 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=235,atl-edge;dur=228,atl-edge-internal;dur=15,atl-edge-upstream;dur=213,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Rd1IPb-aXzkvGr-aftrgJX_wbbaZ7UUN0Icji5CBD7QM-_Pe1RIYXA==",cdn-downstream-fbl;dur=239 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5277,18 +5303,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a65725dd05dc27eea7ae75a2e122228e.cloudfront.net (CloudFront) + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 7aRLrs87DTBVhE6_3wWTDonTASYqTEDEq1qDpSyar0nymEVo_TrEkA== + - Rd1IPb-aXzkvGr-aftrgJX_wbbaZ7UUN0Icji5CBD7QM-_Pe1RIYXA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - f618f6c00e51e333ff877d632f32f61a + - d7b8fb8cd745115b9a7bd3812aad16db X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5302,19 +5328,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/257]\n*Defect Dojo link:* http://localhost:8080/finding/257 - (257)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/292]\n*Defect Dojo link:* http://localhost:8080/finding/292 + (292)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5324,9 +5351,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5335,7 +5362,7 @@ interactions: Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -5346,21 +5373,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3316' + - '3525' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18191 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19657 response: body: string: '' headers: Atl-Request-Id: - - 3c548949-ab5d-49f9-8e58-dcd05b870bc3 + - 4f32e322-28cc-46db-88e8-6e43899854c6 Atl-Traceid: - - 3c548949ab5d49f98e58dcd05b870bc3 + - 4f32e32228cc46db88e86e43899854c6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5368,7 +5395,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:32 GMT + - Sat, 24 May 2025 10:33:03 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5378,7 +5405,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=496,atl-edge;dur=463,atl-edge-internal;dur=17,atl-edge-upstream;dur=444,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="r8DwgrEeOw861BIdIyYgOSbLf50ToU_z7F9-_LanLTxjL40YTn47Tw==",cdn-downstream-fbl;dur=500 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=474,atl-edge;dur=465,atl-edge-internal;dur=15,atl-edge-upstream;dur=450,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="1MtLGOtK4waTPfHlpYeix7_3-OIfzMl1CXjHbXnO6VsPZ16PnYtQyg==",cdn-downstream-fbl;dur=478 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5386,15 +5413,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9dbecd95f02024b36225d6b521598db6.cloudfront.net (CloudFront) + - 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - r8DwgrEeOw861BIdIyYgOSbLf50ToU_z7F9-_LanLTxjL40YTn47Tw== + - 1MtLGOtK4waTPfHlpYeix7_3-OIfzMl1CXjHbXnO6VsPZ16PnYtQyg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - e5a9dacd88e4fd918f0db8a726ae01ea + - aa54e7a20a0b5dd312d09f536ca4901b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5420,27 +5447,28 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18191 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19657 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18191","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191","key":"NTEST-1848","fields":{"statuscategorychangedate":"2025-04-30T18:25:18.266+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19657","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657","key":"NTEST-2985","fields":{"statuscategorychangedate":"2025-05-24T12:32:51.688+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-04-30T18:25:18.244+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:07.393+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_10873_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t13:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:32.381+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-05-24T12:32:51.661+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:43.318+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_8370_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ef:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:03.604+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/257]\n*Defect Dojo link:* http://localhost:8080/finding/257 - (257)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/292]\n*Defect Dojo link:* http://localhost:8080/finding/292 + (292)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5450,9 +5478,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5462,14 +5490,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 8f5fbbe1-7b98-4dec-a091-fd18f298219b + - 958b67cc-1997-4cb5-a3e4-ecdaf11b9b7f Atl-Traceid: - - 8f5fbbe17b984deca091fd18f298219b + - 958b67cc19974cb5a3e4ecdaf11b9b7f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5479,7 +5507,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:32 GMT + - Sat, 24 May 2025 10:33:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5489,7 +5517,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=270,atl-edge;dur=236,atl-edge-internal;dur=16,atl-edge-upstream;dur=221,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="LAd1z_SCAKEnEDfquDShzV3Hfg1vyKnWSbbDYp1fUPByGO_vVc8wgw==",cdn-downstream-fbl;dur=274 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=271,atl-edge;dur=264,atl-edge-internal;dur=17,atl-edge-upstream;dur=247,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="nY1jt-mJctg9p5zX5j1xVmDIr7lDTOLlo1GBXwuvMMwwAZHDk5dGMA==",cdn-downstream-fbl;dur=276 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5499,15 +5527,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5538280951642fc71308aa997730220e.cloudfront.net (CloudFront) + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - LAd1z_SCAKEnEDfquDShzV3Hfg1vyKnWSbbDYp1fUPByGO_vVc8wgw== + - nY1jt-mJctg9p5zX5j1xVmDIr7lDTOLlo1GBXwuvMMwwAZHDk5dGMA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 62c865a8f9bea90e27a080927b48d401 + - 4aa29935db6ae49ab03b4d9db8b2d21e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5535,15 +5563,15 @@ interactions: User-Agent: - python-requests/2.32.3 method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/transitions + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/transitions response: body: string: '' headers: Atl-Request-Id: - - 11368b03-3889-43e2-8ca5-353d51f20d5a + - 90f0c177-3789-42e0-94ca-a8ac3ea6b030 Atl-Traceid: - - 11368b03388943e28ca5353d51f20d5a + - 90f0c177378942e094caa8ac3ea6b030 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5551,7 +5579,7 @@ interactions: Content-Type: - text/html;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:33 GMT + - Sat, 24 May 2025 10:33:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5561,7 +5589,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="_yQ4Ybhd1ldn_OnE2JvhnG5LKL2epZyeYt1vxnLYTRs9pn2LqqM3rw==",cdn-downstream-fbl;dur=634,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=56,cdn-upstream-fbl;dur=632,atl-edge;dur=556,atl-edge-internal;dur=25,atl-edge-upstream;dur=532,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=464,atl-edge;dur=456,atl-edge-internal;dur=20,atl-edge-upstream;dur=437,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="xh9wkgflU2GbMzVwzzSU4Ou2On4DgFSDbqH2HByPo_fp7kJpL4CcdA==",cdn-downstream-fbl;dur=468 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5569,15 +5597,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 d4aa84013921cdd269ab20fbd29fbe1e.cloudfront.net (CloudFront) + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - _yQ4Ybhd1ldn_OnE2JvhnG5LKL2epZyeYt1vxnLYTRs9pn2LqqM3rw== + - xh9wkgflU2GbMzVwzzSU4Ou2On4DgFSDbqH2HByPo_fp7kJpL4CcdA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 3240ea1f661e810daf51d547f6112a50 + - f2710652bd4b94b9b8139c19651f34aa X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5606,12 +5634,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:34.172+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:04.968+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 0664f2a0-1022-4f5e-af33-389667af552a + - 198f461a-cba2-4dd2-ba6c-7e3bee6eb8a2 Atl-Traceid: - - 0664f2a010224f5eaf33389667af552a + - 198f461acba24dd2ba6c7e3bee6eb8a2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5621,7 +5649,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:34 GMT + - Sat, 24 May 2025 10:33:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5631,7 +5659,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=242,atl-edge;dur=155,atl-edge-internal;dur=15,atl-edge-upstream;dur=141,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="waUjs4EpE9dnz4P_CnsISozmz1MbLuqlVcFyjz9DAxxozeIq8wtSwA==",cdn-downstream-fbl;dur=245 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=112,atl-edge;dur=103,atl-edge-internal;dur=16,atl-edge-upstream;dur=87,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="csgbe8Xu2qCaUSJmxQG0bLZWsN4ATUiJnermQwFagShEE6wV5FE7oA==",cdn-downstream-fbl;dur=116 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5641,15 +5669,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ed78483d37e5338746e5a4b545e5818e.cloudfront.net (CloudFront) + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - waUjs4EpE9dnz4P_CnsISozmz1MbLuqlVcFyjz9DAxxozeIq8wtSwA== + - csgbe8Xu2qCaUSJmxQG0bLZWsN4ATUiJnermQwFagShEE6wV5FE7oA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 75cfc6c62aee2a3af24a78b07acdc4ee + - 0ed549584628cfdcd429696eb2ef2241 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5675,28 +5703,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18191 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19657 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18191","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191","key":"NTEST-1848","fields":{"statuscategorychangedate":"2025-04-30T18:25:33.443+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19657","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657","key":"NTEST-2985","fields":{"statuscategorychangedate":"2025-05-24T12:33:04.446+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:07.393+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t13:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:33.442+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:43.318+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ef:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:04.445+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/257]\n*Defect Dojo link:* http://localhost:8080/finding/257 - (257)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/292]\n*Defect Dojo link:* http://localhost:8080/finding/292 + (292)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5706,9 +5735,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5718,14 +5747,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 17f5b17d-1005-4ea9-bf39-62933c07a02e + - 2a0317e7-a82d-4c37-84d3-53c741fad131 Atl-Traceid: - - 17f5b17d10054ea9bf3962933c07a02e + - 2a0317e7a82d4c3784d353c741fad131 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5735,7 +5764,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:34 GMT + - Sat, 24 May 2025 10:33:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5745,7 +5774,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=303,atl-edge;dur=270,atl-edge-internal;dur=13,atl-edge-upstream;dur=257,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="3-YXd7fPFYr2zQOTXZayBhAE7rpPwwlXG3STmuo_wlOmiq6YrW8brg==",cdn-downstream-fbl;dur=307 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=207,atl-edge;dur=200,atl-edge-internal;dur=16,atl-edge-upstream;dur=184,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="lYVtqBuvnVJTGSpeE38315DTudKzpNa3Myp-Bx18Bfp22Mygu72XpA==",cdn-downstream-fbl;dur=211 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5755,15 +5784,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront) + - 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 3-YXd7fPFYr2zQOTXZayBhAE7rpPwwlXG3STmuo_wlOmiq6YrW8brg== + - lYVtqBuvnVJTGSpeE38315DTudKzpNa3Myp-Bx18Bfp22Mygu72XpA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 89edea0a4c59a15080236ef24f321729 + - 99709fa330e1564ea4cc47978fb2e14d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5801,9 +5830,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - f79f1e78-2469-4410-92bc-67f97188cec4 + - bd9825cc-f8a6-4924-971c-29a5f4e9d581 Atl-Traceid: - - f79f1e782469441092bc67f97188cec4 + - bd9825ccf8a64924971c29a5f4e9d581 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5813,7 +5842,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:35 GMT + - Sat, 24 May 2025 10:33:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5823,7 +5852,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="BvbbzR5xVrIHwpIGI9r33C6apS6C86thr3CuNiFCVCH512UZQtv_mg==",cdn-downstream-fbl;dur=396,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=393,atl-edge;dur=306,atl-edge-internal;dur=32,atl-edge-upstream;dur=266,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="eEeFSr8J2DCgTDz8ZxfdHk6yCnFE8r5PXAvY1WndmPxy0TSIxibhog==",cdn-downstream-fbl;dur=317,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=314,atl-edge;dur=285,atl-edge-internal;dur=21,atl-edge-upstream;dur=264,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5833,18 +5862,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 dd759629cc514da7a59a47ab24885b18.cloudfront.net (CloudFront) + - 1.1 c337a55bb25a3540411fbbf6c8ad1b46.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - BvbbzR5xVrIHwpIGI9r33C6apS6C86thr3CuNiFCVCH512UZQtv_mg== + - eEeFSr8J2DCgTDz8ZxfdHk6yCnFE8r5PXAvY1WndmPxy0TSIxibhog== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 3a1dc2748a96c6fc33fbe9e8f1b08fee + - b2c7c1a48f9417bf038ed22b38de9670 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5858,19 +5887,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/257]\n*Defect Dojo link:* http://localhost:8080/finding/257 - (257)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/292]\n*Defect Dojo link:* http://localhost:8080/finding/292 + (292)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5880,9 +5910,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5891,7 +5921,7 @@ interactions: Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -5902,21 +5932,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3316' + - '3525' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18191 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19657 response: body: string: '' headers: Atl-Request-Id: - - a248cbea-a05f-4a07-9680-16d784689dbe + - da9b96d5-df36-4923-8651-9974363fe99f Atl-Traceid: - - a248cbeaa05f4a07968016d784689dbe + - da9b96d5df36492386519974363fe99f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5924,7 +5954,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:35 GMT + - Sat, 24 May 2025 10:33:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5934,7 +5964,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=292,atl-edge;dur=259,atl-edge-internal;dur=14,atl-edge-upstream;dur=244,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="6cmhwiF-y5Ydgx4YEEncuNoKe-KGee8c0eWKqzJRHIRu3GZAZedazQ==",cdn-downstream-fbl;dur=296 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=291,atl-edge;dur=283,atl-edge-internal;dur=15,atl-edge-upstream;dur=269,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="5Ebwo1tXp0Iw2-zNx2-vgEyAFKtXydPLh72e7BxnZKRRWmdRRo0aZA==",cdn-downstream-fbl;dur=295 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5942,15 +5972,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 771067dca4682f83a6c9963c412d66cc.cloudfront.net (CloudFront) + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 6cmhwiF-y5Ydgx4YEEncuNoKe-KGee8c0eWKqzJRHIRu3GZAZedazQ== + - 5Ebwo1tXp0Iw2-zNx2-vgEyAFKtXydPLh72e7BxnZKRRWmdRRo0aZA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 318928042f65573f6449a6791b836fdc + - 7cf8736dfa2b7a15beb1d0d01b82cfdc X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5976,28 +6006,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18191 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19657 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18191","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191","key":"NTEST-1848","fields":{"statuscategorychangedate":"2025-04-30T18:25:33.443+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19657","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657","key":"NTEST-2985","fields":{"statuscategorychangedate":"2025-05-24T12:33:04.446+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:07.393+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t13:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:33.442+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:43.318+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ef:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:04.445+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/257]\n*Defect Dojo link:* http://localhost:8080/finding/257 - (257)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/292]\n*Defect Dojo link:* http://localhost:8080/finding/292 + (292)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6007,9 +6038,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6019,14 +6050,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - be462415-35de-45f1-b6d6-f4be34657610 + - 87948b11-cf91-40ac-90a1-dcae8536dd18 Atl-Traceid: - - be46241535de45f1b6d6f4be34657610 + - 87948b11cf9140ac90a1dcae8536dd18 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6036,7 +6067,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:36 GMT + - Sat, 24 May 2025 10:33:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6046,7 +6077,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="tzmHWlqONzYBXXqlEZFhCmKNkTqwUyqQx2-PeZgtd3dTWmzWP8WrVQ==",cdn-downstream-fbl;dur=371,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=368,atl-edge;dur=281,atl-edge-internal;dur=17,atl-edge-upstream;dur=264,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=274,atl-edge;dur=266,atl-edge-internal;dur=16,atl-edge-upstream;dur=250,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="DBNtkgo8rfxYJ2llYYOsf2E82on4hL6Ca6Lwz5wwEYSwn5oa_y-bHg==",cdn-downstream-fbl;dur=279 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6056,15 +6087,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9832e15ad117dafc81b031983cbde91e.cloudfront.net (CloudFront) + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - tzmHWlqONzYBXXqlEZFhCmKNkTqwUyqQx2-PeZgtd3dTWmzWP8WrVQ== + - DBNtkgo8rfxYJ2llYYOsf2E82on4hL6Ca6Lwz5wwEYSwn5oa_y-bHg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 9c3c8ddc2d89414b7d93e48d0cec54e1 + - 417b87bb48e8a8b43ff43f6e72015204 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6093,12 +6124,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:36.470+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:06.690+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 868daadc-f67a-4abd-a4ad-44d54f5d3c8f + - b6ea1944-bc8f-4802-8b98-d0e99d28785b Atl-Traceid: - - 868daadcf67a4abda4ad44d54f5d3c8f + - b6ea1944bc8f48028b98d0e99d28785b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6108,7 +6139,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:36 GMT + - Sat, 24 May 2025 10:33:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6118,7 +6149,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=197,atl-edge;dur=163,atl-edge-internal;dur=15,atl-edge-upstream;dur=148,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="4V9YsMmni3XgGoxsz3ISlNQM1aeK_4VQQgobNKK-do0W62uzas4Ttg==",cdn-downstream-fbl;dur=201 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=112,atl-edge;dur=104,atl-edge-internal;dur=16,atl-edge-upstream;dur=90,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="A9uH3eD85T5kLY2zK8qYy6_tVs5ejfJ3I2BvHceIM9t4cESjk2SeDQ==",cdn-downstream-fbl;dur=116 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6128,15 +6159,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4bbf91f2f9edc22eb68408b6405ae452.cloudfront.net (CloudFront) + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 4V9YsMmni3XgGoxsz3ISlNQM1aeK_4VQQgobNKK-do0W62uzas4Ttg== + - A9uH3eD85T5kLY2zK8qYy6_tVs5ejfJ3I2BvHceIM9t4cESjk2SeDQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c2ecc7937faf1fe55ea2cc7b7a3fd835 + - e0d2585d7aaf02027a22a1877314e8ce X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6162,39 +6193,39 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18193 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19658 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18193","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193","key":"NTEST-1849","fields":{"statuscategorychangedate":"2025-04-30T18:25:24.135+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19658","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658","key":"NTEST-2986","fields":{"statuscategorychangedate":"2025-05-24T12:32:55.912+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-04-30T18:25:24.108+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:10.039+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_14095_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:24.134+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-05-24T12:32:55.886+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:45.418+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_10493_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010en:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:55.911+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/5] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/932] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* None \n\nFindings matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings + *not* matching the Active, and Severity criteria:\n|| Severity || CVE || CWE + || Component || Version || Title || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260] | Inactive, - Verified, Risk Accepted |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]|Inactive, + Verified, Risk Accepted|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258] | Inactive, - Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 - \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/260]\n*Defect Dojo link:* - http://localhost:8080/finding/260 (260)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]|Inactive, + Verified, Risk Accepted|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]\n*Defect + Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -6217,16 +6248,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/258]\n*Defect Dojo link:* - http://localhost:8080/finding/258 (258)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]\n*Defect + Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -6249,16 +6280,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 44aec7a5-ca8b-4495-b794-b13b4b23dd9d + - a3ce2a9f-f010-4263-b384-5eb70821cfc8 Atl-Traceid: - - 44aec7a5ca8b4495b794b13b4b23dd9d + - a3ce2a9ff0104263b3845eb70821cfc8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6268,7 +6299,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:36 GMT + - Sat, 24 May 2025 10:33:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6278,7 +6309,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=313,atl-edge;dur=280,atl-edge-internal;dur=14,atl-edge-upstream;dur=266,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="NBs6eU_paryLzRhgcZxGzcdAgylKbrGo_ZHUySXdnsC8Bj70ckuvEQ==",cdn-downstream-fbl;dur=316 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=200,atl-edge;dur=192,atl-edge-internal;dur=15,atl-edge-upstream;dur=177,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="7pMBMLaN_qSXUZrVblizSbbUcNqsBwvW5uS5O-_ztJsMRerWPBAdcA==",cdn-downstream-fbl;dur=207 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6288,15 +6319,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1918cab433d8a05c792c3cff85897f3c.cloudfront.net (CloudFront) + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - NBs6eU_paryLzRhgcZxGzcdAgylKbrGo_ZHUySXdnsC8Bj70ckuvEQ== + - 7pMBMLaN_qSXUZrVblizSbbUcNqsBwvW5uS5O-_ztJsMRerWPBAdcA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 9faa208fb358925a5af1f0e977053b37 + - 15a9b8190963cc54b66fc2e477d77645 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6334,9 +6365,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - c36c4e59-b8bd-4372-be5b-3f879bb7b4b3 + - f9996b5c-d0bc-460a-8931-084196348710 Atl-Traceid: - - c36c4e59b8bd4372be5b3f879bb7b4b3 + - f9996b5cd0bc460a8931084196348710 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6346,7 +6377,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:37 GMT + - Sat, 24 May 2025 10:33:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6356,7 +6387,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="U8NDeClRBfAhYg7yeeofbn4aSzZGqbvkJ_XIXd1OsHtWY2q4Be1jMw==",cdn-downstream-fbl;dur=450,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=448,atl-edge;dur=363,atl-edge-internal;dur=16,atl-edge-upstream;dur=345,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=261,atl-edge;dur=254,atl-edge-internal;dur=14,atl-edge-upstream;dur=240,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="6tsHryx0TisRR-FRKP3OUsr5BPRpjO06c4urTQPz0MGNaAYtc1JWrg==",cdn-downstream-fbl;dur=266 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6366,18 +6397,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c80d7d73c19744418338fdf12216d306.cloudfront.net (CloudFront) + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - U8NDeClRBfAhYg7yeeofbn4aSzZGqbvkJ_XIXd1OsHtWY2q4Be1jMw== + - 6tsHryx0TisRR-FRKP3OUsr5BPRpjO06c4urTQPz0MGNaAYtc1JWrg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 62eb802bf1bd59ecd8bf6bd6e9316dbd + - bf049b69c371bcd30a3b7cbc5f91141c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6391,29 +6422,31 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/5] in [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| - Severity || CVE || CWE || Component || Version || Title || Status ||\n| High - | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] - | pg | 5.1.0 | [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < - 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= - 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260] - | Active, Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/932] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260]\n*Defect - Dojo link:* http://localhost:8080/finding/260 (260)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]\n*Defect + Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -6436,15 +6469,15 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/258]\n*Defect Dojo link:* http://localhost:8080/finding/258 - (258)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]\n*Defect Dojo link:* http://localhost:8080/finding/295 + (295)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -6467,8 +6500,8 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -6479,21 +6512,21 @@ interactions: Connection: - keep-alive Content-Length: - - '6786' + - '6995' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18193 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19658 response: body: string: '' headers: Atl-Request-Id: - - cf2c1c52-7da0-48b2-9bd9-503e9725966b + - cb297080-325d-4563-bc5f-bfb9fc76063a Atl-Traceid: - - cf2c1c527da048b29bd9503e9725966b + - cb297080325d4563bc5fbfb9fc76063a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6501,7 +6534,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:38 GMT + - Sat, 24 May 2025 10:33:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6511,7 +6544,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="c6h1HKQFP0Qj1f7j0Hdt-b81DW5Qg35mC5_5ZFHz98tXUOfX-AboQg==",cdn-downstream-fbl;dur=602,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=598,atl-edge;dur=513,atl-edge-internal;dur=16,atl-edge-upstream;dur=496,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=496,atl-edge;dur=487,atl-edge-internal;dur=15,atl-edge-upstream;dur=472,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="aVPheABAeI6rt3jEEzouTkndSRZBHMvrsgGOFlDnFv8yOKRLlr5XEA==",cdn-downstream-fbl;dur=499 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6519,15 +6552,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f497fa2422d5b3ba3b34ed87ffef89a6.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - c6h1HKQFP0Qj1f7j0Hdt-b81DW5Qg35mC5_5ZFHz98tXUOfX-AboQg== + - aVPheABAeI6rt3jEEzouTkndSRZBHMvrsgGOFlDnFv8yOKRLlr5XEA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - db88438dc5eefd82cf47e341ae3506b8 + - 2f90241b4e82161b41a03c831ec87093 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6553,38 +6586,39 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18193 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19658 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18193","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193","key":"NTEST-1849","fields":{"statuscategorychangedate":"2025-04-30T18:25:24.135+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19658","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658","key":"NTEST-2986","fields":{"statuscategorychangedate":"2025-05-24T12:32:55.912+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-04-30T18:25:24.108+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:10.039+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_14095_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:38.071+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-05-24T12:32:55.886+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:45.418+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_10493_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010en:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:07.678+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/5] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/932] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260]\n*Defect - Dojo link:* http://localhost:8080/finding/260 (260)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]\n*Defect + Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -6607,16 +6641,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/258]\n*Defect Dojo link:* - http://localhost:8080/finding/258 (258)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]\n*Defect + Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -6639,16 +6673,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - aecfdb29-48e1-44f4-96c1-d03a6bbdca52 + - c9b18710-34e3-4f9d-9354-b5df703caef8 Atl-Traceid: - - aecfdb2948e144f496c1d03a6bbdca52 + - c9b1871034e34f9d9354b5df703caef8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6658,7 +6692,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:38 GMT + - Sat, 24 May 2025 10:33:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6668,7 +6702,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=281,atl-edge;dur=248,atl-edge-internal;dur=13,atl-edge-upstream;dur=235,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="nIqRRCGGTlMzeNpo6g0Zn0N5L6FyopMWmfdeLYAl9r0xoMcqDsm7aA==",cdn-downstream-fbl;dur=285 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="SL4j_L0Ss24cN9iHQDTR9wtI4MnK4tCDxa6iPw_x128Mb0IoVYb3Zg==",cdn-downstream-fbl;dur=266,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=262,atl-edge;dur=233,atl-edge-internal;dur=17,atl-edge-upstream;dur=216,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6678,15 +6712,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 73e04d645babcbb9ee8f20cc865b009c.cloudfront.net (CloudFront) + - 1.1 e086ec27af2d3105a1a9fa7efa1be454.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - nIqRRCGGTlMzeNpo6g0Zn0N5L6FyopMWmfdeLYAl9r0xoMcqDsm7aA== + - SL4j_L0Ss24cN9iHQDTR9wtI4MnK4tCDxa6iPw_x128Mb0IoVYb3Zg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - a4a55d50fb67a55aa1e3957cea6275aa + - 35818adbb8b27ba09897b53b512dfb4c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6714,15 +6748,15 @@ interactions: User-Agent: - python-requests/2.32.3 method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/transitions + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/transitions response: body: string: '' headers: Atl-Request-Id: - - 0b058833-c8b9-4c92-85f3-307203a1f453 + - 63ad15bb-9659-434b-bc51-1e87f99d8e46 Atl-Traceid: - - 0b058833c8b94c9285f3307203a1f453 + - 63ad15bb9659434bbc511e87f99d8e46 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6730,7 +6764,7 @@ interactions: Content-Type: - text/html;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:39 GMT + - Sat, 24 May 2025 10:33:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6740,7 +6774,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="llTdNCugFM5vV2w-qUIPCFzaKFB9pYxKDJ0fFKbEQ2QU9mmjYDiZTA==",cdn-downstream-fbl;dur=652,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=58,cdn-upstream-fbl;dur=648,atl-edge;dur=569,atl-edge-internal;dur=18,atl-edge-upstream;dur=550,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=583,atl-edge;dur=575,atl-edge-internal;dur=16,atl-edge-upstream;dur=560,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="feU6iRq1cpTaa20WHwpP1KgNVUgH6udQ1zfpp65KIDfIo7MC0DJ6Mw==",cdn-downstream-fbl;dur=587 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6748,15 +6782,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2e5e63ac90c6eb4f962029f46116f994.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - llTdNCugFM5vV2w-qUIPCFzaKFB9pYxKDJ0fFKbEQ2QU9mmjYDiZTA== + - feU6iRq1cpTaa20WHwpP1KgNVUgH6udQ1zfpp65KIDfIo7MC0DJ6Mw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 070c0cbf43916c3675f8530668c04bb9 + - d25d33fdd3f29d872b342d9f4a332a88 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6785,12 +6819,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:39.814+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:09.262+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - e0131558-4612-4325-a786-911db62f8f34 + - 4975ed42-ac31-4b76-8425-fceb34d6f1d1 Atl-Traceid: - - e013155846124325a786911db62f8f34 + - 4975ed42ac314b768425fceb34d6f1d1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6800,7 +6834,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:39 GMT + - Sat, 24 May 2025 10:33:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6810,7 +6844,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=204,atl-edge;dur=170,atl-edge-internal;dur=15,atl-edge-upstream;dur=156,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="xb4gQjscBSUBxmsaGCDdgbtPN1xPJZ3YMVidrC6-BUx688gqKLnRqQ==",cdn-downstream-fbl;dur=207 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=109,atl-edge;dur=101,atl-edge-internal;dur=16,atl-edge-upstream;dur=86,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="uTebj4Y25BJoeRoKPKwuAxXJ2OmSD5V4Dg2jWji_DtIXFuzToXJiTg==",cdn-downstream-fbl;dur=113 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6820,15 +6854,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f9c7cdbfd821ee3522abb640c0e0a228.cloudfront.net (CloudFront) + - 1.1 c337a55bb25a3540411fbbf6c8ad1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - xb4gQjscBSUBxmsaGCDdgbtPN1xPJZ3YMVidrC6-BUx688gqKLnRqQ== + - uTebj4Y25BJoeRoKPKwuAxXJ2OmSD5V4Dg2jWji_DtIXFuzToXJiTg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 4b1e9e10edef4671c49f4878ab9583e1 + - a6fbaa8d5cdca75c649515a17383fdbc X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6854,25 +6888,26 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18195 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19659 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18195","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18195","key":"NTEST-1850","fields":{"statuscategorychangedate":"2025-04-30T18:25:27.134+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19659","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19659","key":"NTEST-2987","fields":{"statuscategorychangedate":"2025-05-24T12:32:59.589+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-04-30T18:25:27.123+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1850/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:12.710+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_14424_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:27.134+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-05-24T12:32:59.565+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2987/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:47.431+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_12158_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:32:59.589+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/6] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/933] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259] - | Inactive, Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* - May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259]\n*Defect - Dojo link:* http://localhost:8080/finding/259 (259)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* None \n\nFindings matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings + *not* matching the Active, and Severity criteria:\n|| Severity || CVE || CWE + || Component || Version || Title || Status ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]|Inactive, + Verified, Risk Accepted|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]\n*Defect + Dojo link:* http://localhost:8080/finding/294 (294)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -6881,14 +6916,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1850/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18195/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2987/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19659/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 30d07c07-e551-4e71-a819-5f5064548627 + - fbf6e310-c24a-49d5-9f72-fad867fb1527 Atl-Traceid: - - 30d07c07e5514e71a8195f5064548627 + - fbf6e310c24a49d59f72fad867fb1527 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6898,7 +6933,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:40 GMT + - Sat, 24 May 2025 10:33:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6908,7 +6943,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="BfNd3MenLpNvCrUumMRMzp7SZQHdeTwNHREvQo50-pO3AnEo_lG3AA==",cdn-downstream-fbl;dur=307,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=53,cdn-upstream-fbl;dur=305,atl-edge;dur=233,atl-edge-internal;dur=15,atl-edge-upstream;dur=218,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=256,atl-edge;dur=248,atl-edge-internal;dur=16,atl-edge-upstream;dur=232,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="DOarNquDhhPJGns1SlvGfxTFrzvG2alK7_oGvYSu5eC6DO9uAQ-9kA==",cdn-downstream-fbl;dur=260 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6918,15 +6953,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 35f3ad5aa26e63a13ffedf420998e698.cloudfront.net (CloudFront) + - 1.1 4ab1227a56c7dfaf7a8f7750683df1be.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - BfNd3MenLpNvCrUumMRMzp7SZQHdeTwNHREvQo50-pO3AnEo_lG3AA== + - DOarNquDhhPJGns1SlvGfxTFrzvG2alK7_oGvYSu5eC6DO9uAQ-9kA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - e752ff054dd4a0bb80a5fee09483f930 + - 0494209c188f38fa97b85c8581c527dc X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6964,9 +6999,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - a3fc4e76-e9e7-4e38-a30e-65b44be3c6da + - 736f8b0f-a8b8-4500-b06b-e8bd30e2c247 Atl-Traceid: - - a3fc4e76e9e74e38a30e65b44be3c6da + - 736f8b0fa8b84500b06be8bd30e2c247 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6976,7 +7011,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:40 GMT + - Sat, 24 May 2025 10:33:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6986,7 +7021,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="Ip7T2SUNhbRlmsU3OppGTK96Z6T318Flv52AbtU9uMymH0CkMgINGQ==",cdn-downstream-fbl;dur=357,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=354,atl-edge;dur=269,atl-edge-internal;dur=15,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=275,atl-edge;dur=268,atl-edge-internal;dur=18,atl-edge-upstream;dur=250,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="TkPkfkPpYwGSICxipZvSM7BR88P4g5aa14bIIvLbdBg5FzmIbpaLLQ==",cdn-downstream-fbl;dur=279 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6996,18 +7031,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a9a3eef6ee6df44793fb3d5e366a7238.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Ip7T2SUNhbRlmsU3OppGTK96Z6T318Flv52AbtU9uMymH0CkMgINGQ== + - TkPkfkPpYwGSICxipZvSM7BR88P4g5aa14bIIvLbdBg5FzmIbpaLLQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - cf4e4fc8ec24014b74d37f23cc0cbdbe + - 1a7f8fcced432454c526abb3bbaae49a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7021,16 +7056,18 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/6] in [Security + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/933] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259]\n*Defect - Dojo link:* http://localhost:8080/finding/259 (259)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]\n*Defect + Dojo link:* http://localhost:8080/finding/294 (294)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service when @@ -7038,7 +7075,7 @@ interactions: Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -7049,21 +7086,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1927' + - '2153' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18195 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19659 response: body: string: '' headers: Atl-Request-Id: - - ae375aa9-6a26-4616-9aef-a420d1bd3e4a + - 63211710-27af-438b-9837-323897f82ea1 Atl-Traceid: - - ae375aa96a2646169aefa420d1bd3e4a + - 6321171027af438b9837323897f82ea1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7071,7 +7108,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:41 GMT + - Sat, 24 May 2025 10:33:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7081,7 +7118,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=510,atl-edge;dur=477,atl-edge-internal;dur=15,atl-edge-upstream;dur=462,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="THvb0ca_sYwxEpeXQxCByBI7hgQHhurnQkrdFlCl-EjxfTDw-fz8Gw==",cdn-downstream-fbl;dur=517 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="z9x_xcNl6vllitj5VMGCjC2sJug43FvWNYRh88IwdChsLEn0zxU_5Q==",cdn-downstream-fbl;dur=524,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=19,cdn-upstream-fbl;dur=522,atl-edge;dur=494,atl-edge-internal;dur=17,atl-edge-upstream;dur=478,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7089,15 +7126,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 995d6494814d695ff2add6899f970080.cloudfront.net (CloudFront) + - 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - THvb0ca_sYwxEpeXQxCByBI7hgQHhurnQkrdFlCl-EjxfTDw-fz8Gw== + - z9x_xcNl6vllitj5VMGCjC2sJug43FvWNYRh88IwdChsLEn0zxU_5Q== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 8bb2f2457e8c4afa04b73facd45ff150 + - 2713a4be18445213e42ee4ab365a2ff6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7123,24 +7160,26 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18195 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19659 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18195","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18195","key":"NTEST-1850","fields":{"statuscategorychangedate":"2025-04-30T18:25:27.134+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19659","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19659","key":"NTEST-2987","fields":{"statuscategorychangedate":"2025-05-24T12:32:59.589+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"customfield_10035":null,"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-04-30T18:25:27.123+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1850/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:12.710+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_14424_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:41.188+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + has been completed on this issue.","name":"Done"},"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-05-24T12:32:59.565+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2987/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:47.431+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_12158_*|*_10002_*:*_1_*:*_0","priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ev:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:10.388+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/6] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/933] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/259]\n*Defect - Dojo link:* http://localhost:8080/finding/259 (259)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/294]\n*Defect + Dojo link:* http://localhost:8080/finding/294 (294)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -7149,14 +7188,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1850/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18195/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2987/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19659/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 03d72ed3-54ef-40a9-a702-747d0647d9e4 + - e9d4a7d4-9eb6-48c6-ac64-03e0eb09544e Atl-Traceid: - - 03d72ed354ef40a9a702747d0647d9e4 + - e9d4a7d49eb648c6ac6403e0eb09544e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7166,7 +7205,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:41 GMT + - Sat, 24 May 2025 10:33:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7176,7 +7215,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=308,atl-edge;dur=275,atl-edge-internal;dur=16,atl-edge-upstream;dur=260,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="ZSmreBAWlF0N_uJqsjnI2aF4EbViqHizdroI-r06XZAlFJhbdP9AqA==",cdn-downstream-fbl;dur=313 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="8GECAzq5mfZQSx4kmKCFKrpGlDSNllPcUKBo53v9NpJX5aSiW2CXXA==",cdn-downstream-fbl;dur=233,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=18,cdn-upstream-fbl;dur=231,atl-edge;dur=205,atl-edge-internal;dur=16,atl-edge-upstream;dur=189,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7186,15 +7225,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c7697b9c4955dc41900ab918dddd33e0.cloudfront.net (CloudFront) + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ZSmreBAWlF0N_uJqsjnI2aF4EbViqHizdroI-r06XZAlFJhbdP9AqA== + - 8GECAzq5mfZQSx4kmKCFKrpGlDSNllPcUKBo53v9NpJX5aSiW2CXXA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 41ead92f5369ef5b951f3cc8f2b50e80 + - bb9c3fa6d9130fa52428dd1ffbe2ed03 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7222,15 +7261,15 @@ interactions: User-Agent: - python-requests/2.32.3 method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1850/transitions + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2987/transitions response: body: string: '' headers: Atl-Request-Id: - - dece76e9-f5d5-4903-a0d0-b368e4cfea73 + - b1d59398-babf-4d06-95ad-8f03b064c0c5 Atl-Traceid: - - dece76e9f5d54903a0d0b368e4cfea73 + - b1d59398babf4d0695ad8f03b064c0c5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7238,7 +7277,7 @@ interactions: Content-Type: - text/html;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:42 GMT + - Sat, 24 May 2025 10:33:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7248,7 +7287,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=637,atl-edge;dur=603,atl-edge-internal;dur=17,atl-edge-upstream;dur=587,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="mbOaSVxe_ee35YqoRGlelFmOn-WzBGDeXbcTW_5FtK2Bft15gEGkXQ==",cdn-downstream-fbl;dur=642 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=432,atl-edge;dur=424,atl-edge-internal;dur=15,atl-edge-upstream;dur=408,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="g46LT86wUATi_P7AiXe3JW4TkMBi3urjkwFLKYgYCUYM91kdcPUmTg==",cdn-downstream-fbl;dur=435 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7256,15 +7295,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ae39d1ac6bb931d0ff3d636fc3e249de.cloudfront.net (CloudFront) + - 1.1 0e12b175c31e0e750266df78bf0e1068.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - mbOaSVxe_ee35YqoRGlelFmOn-WzBGDeXbcTW_5FtK2Bft15gEGkXQ== + - g46LT86wUATi_P7AiXe3JW4TkMBi3urjkwFLKYgYCUYM91kdcPUmTg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 8f0afaa6d7c94497db2897920c63e3fb + - 0e8c3fbc831fd5f2f430d1cd84781140 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7293,12 +7332,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:42.944+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:11.723+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - d965b00a-817f-4870-bc7c-b8e06dc09735 + - 38608283-f39b-4d3d-bcec-a347d734d04b Atl-Traceid: - - d965b00a817f4870bc7cb8e06dc09735 + - 38608283f39b4d3dbceca347d734d04b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7308,7 +7347,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:42 GMT + - Sat, 24 May 2025 10:33:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7318,7 +7357,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=218,atl-edge;dur=185,atl-edge-internal;dur=13,atl-edge-upstream;dur=170,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="9nlN03wwezWHAAH99ui8h1RFrmAfY7A23iAGrwldhg_dB1J7Lkxktg==",cdn-downstream-fbl;dur=223 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=109,atl-edge;dur=101,atl-edge-internal;dur=16,atl-edge-upstream;dur=86,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="PLtsiIRF2uOEnQtJ1XNYZ2x3didWBQwKdmn8qsIaoBKUL0A6MHpM-A==",cdn-downstream-fbl;dur=112 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7328,15 +7367,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f9c7cdbfd821ee3522abb640c0e0a228.cloudfront.net (CloudFront) + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 9nlN03wwezWHAAH99ui8h1RFrmAfY7A23iAGrwldhg_dB1J7Lkxktg== + - PLtsiIRF2uOEnQtJ1XNYZ2x3didWBQwKdmn8qsIaoBKUL0A6MHpM-A== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - d10f894fff6e0e6308b2fa9599de872f + - de276df6522aae8fa356a8f848b2588d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7362,39 +7401,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18193 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19658 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18193","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193","key":"NTEST-1849","fields":{"statuscategorychangedate":"2025-04-30T18:25:39.163+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19658","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658","key":"NTEST-2986","fields":{"statuscategorychangedate":"2025-05-24T12:33:08.536+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:10.039+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:39.163+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:45.418+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010en:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:08.535+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/5] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/932] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260]\n*Defect - Dojo link:* http://localhost:8080/finding/260 (260)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]\n*Defect + Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -7417,16 +7457,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/258]\n*Defect Dojo link:* - http://localhost:8080/finding/258 (258)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]\n*Defect + Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -7449,16 +7489,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 3757980e-8a1c-4060-bb53-dffe1f597db3 + - d718e9e8-b24f-43c1-a17b-c66df3968fdc Atl-Traceid: - - 3757980e8a1c4060bb53dffe1f597db3 + - d718e9e8b24f43c1a17bc66df3968fdc Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7468,7 +7508,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:43 GMT + - Sat, 24 May 2025 10:33:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7478,7 +7518,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="2kJF5_kaHDbt9y6BLu-R91l6Z-XiqtwU-d_DESXFrQtYuxQhUnpXmA==",cdn-downstream-fbl;dur=327,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=325,atl-edge;dur=242,atl-edge-internal;dur=15,atl-edge-upstream;dur=227,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=229,atl-edge;dur=222,atl-edge-internal;dur=15,atl-edge-upstream;dur=207,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="i1TFeQB7Efc7lju3icDpUkvkLUIihk6Y56S5XjxiC2kpY9nRP5LlqA==",cdn-downstream-fbl;dur=232 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7488,15 +7528,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 dd3ca66f64c2ab5745848b5787ca747a.cloudfront.net (CloudFront) + - 1.1 1a89beee9d72657437f5e91f57220804.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 2kJF5_kaHDbt9y6BLu-R91l6Z-XiqtwU-d_DESXFrQtYuxQhUnpXmA== + - i1TFeQB7Efc7lju3icDpUkvkLUIihk6Y56S5XjxiC2kpY9nRP5LlqA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 34c5a2259c157bcdcbda186982009763 + - a25006ba77818fa787b1bcfebd7f600c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7534,9 +7574,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 63424d6b-8c68-4697-9e29-b54e2fdbac2e + - 6bc88de4-5e12-460b-8508-96717f74accb Atl-Traceid: - - 63424d6b8c6846979e29b54e2fdbac2e + - 6bc88de45e12460b850896717f74accb Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7546,7 +7586,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:43 GMT + - Sat, 24 May 2025 10:33:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7556,7 +7596,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="rgbFQMP5twFLvcqQoNf1EsZQka8oA_IpalfMTZCgHmczefZzi3URkg==",cdn-downstream-fbl;dur=394,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=389,atl-edge;dur=306,atl-edge-internal;dur=16,atl-edge-upstream;dur=290,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=282,atl-edge;dur=274,atl-edge-internal;dur=17,atl-edge-upstream;dur=257,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="gSm7AGulANSC9Hg50-IPeAub7cgUF4F9Xd6ncRk2S_9qFcnEoUwjxA==",cdn-downstream-fbl;dur=285 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7566,18 +7606,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 603f7fca6e96da4aaee2b5219f231c92.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - rgbFQMP5twFLvcqQoNf1EsZQka8oA_IpalfMTZCgHmczefZzi3URkg== + - gSm7AGulANSC9Hg50-IPeAub7cgUF4F9Xd6ncRk2S_9qFcnEoUwjxA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 81df23db505dbf55485f0232f14c7493 + - 109b2be9c7e9967847401628558e32e7 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7591,29 +7631,31 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/5] in [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| - Severity || CVE || CWE || Component || Version || Title || Status ||\n| High - | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] - | pg | 5.1.0 | [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < - 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= - 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260] - | Active, Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/932] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260]\n*Defect - Dojo link:* http://localhost:8080/finding/260 (260)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]\n*Defect + Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -7636,15 +7678,15 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/258]\n*Defect Dojo link:* http://localhost:8080/finding/258 - (258)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]\n*Defect Dojo link:* http://localhost:8080/finding/295 + (295)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -7667,8 +7709,8 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -7679,21 +7721,21 @@ interactions: Connection: - keep-alive Content-Length: - - '6786' + - '6995' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18193 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19658 response: body: string: '' headers: Atl-Request-Id: - - 7b52759c-4830-4a86-b030-071371ad3fd2 + - 31ffe26a-5753-4347-a809-8465fc8e45c9 Atl-Traceid: - - 7b52759c48304a86b030071371ad3fd2 + - 31ffe26a57534347a8098465fc8e45c9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7701,7 +7743,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:44 GMT + - Sat, 24 May 2025 10:33:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7711,7 +7753,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="2VsQ-IDe2h3xMwPQ1djsHZKfoKyD_hZu7dmObU688f2znNCo5LpNGQ==",cdn-downstream-fbl;dur=386,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=71,cdn-upstream-fbl;dur=382,atl-edge;dur=288,atl-edge-internal;dur=24,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=261,atl-edge;dur=253,atl-edge-internal;dur=18,atl-edge-upstream;dur=235,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="L_e7I5yCMTrEUneQd-8QKdcFSjnRqvPCzBnpErPsJi6FdXuE7Hv_cg==",cdn-downstream-fbl;dur=265 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7719,15 +7761,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a4888bfa57444daa340ca8dc53629170.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 2VsQ-IDe2h3xMwPQ1djsHZKfoKyD_hZu7dmObU688f2znNCo5LpNGQ== + - L_e7I5yCMTrEUneQd-8QKdcFSjnRqvPCzBnpErPsJi6FdXuE7Hv_cg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - ae44e1e462c2399d94c76d23a6961fa5 + - 168739b021004661a2dfcb1a7052c776 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7753,39 +7795,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18193 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19658 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18193","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193","key":"NTEST-1849","fields":{"statuscategorychangedate":"2025-04-30T18:25:39.163+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19658","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658","key":"NTEST-2986","fields":{"statuscategorychangedate":"2025-05-24T12:33:08.536+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:10.039+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:39.163+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:45.418+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010en:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:08.535+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/5] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/932] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/258] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/260]\n*Defect - Dojo link:* http://localhost:8080/finding/260 (260)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/293]\n*Defect + Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -7808,16 +7851,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/258]\n*Defect Dojo link:* - http://localhost:8080/finding/258 (258)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/295]\n*Defect + Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -7840,16 +7883,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1849/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18193/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2986/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19658/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 38ab8b22-d755-43c7-bb68-b60f217e1aef + - 2c437c8e-6f12-4518-8a8e-96124957b58a Atl-Traceid: - - 38ab8b22d75543c7bb68b60f217e1aef + - 2c437c8e6f1245188a8e96124957b58a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7859,7 +7902,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:44 GMT + - Sat, 24 May 2025 10:33:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7869,7 +7912,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=283,atl-edge;dur=251,atl-edge-internal;dur=13,atl-edge-upstream;dur=237,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="AMigyvEaAqwRxCcAOLpW4ZTnBCk3F_MAf7jx6zM0QbtMtlUHO6Qikw==",cdn-downstream-fbl;dur=287 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=217,atl-edge;dur=209,atl-edge-internal;dur=16,atl-edge-upstream;dur=194,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="RqicB-gsezm0pilgkiPTulNQLIOyzpJuqkPOKfzy7D3lDciit84BFw==",cdn-downstream-fbl;dur=221 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7879,15 +7922,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b3ac893abff0a2c3dda216fe4cd9157a.cloudfront.net (CloudFront) + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - AMigyvEaAqwRxCcAOLpW4ZTnBCk3F_MAf7jx6zM0QbtMtlUHO6Qikw== + - RqicB-gsezm0pilgkiPTulNQLIOyzpJuqkPOKfzy7D3lDciit84BFw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 04641e041aa2e03c9bbfb9356c0f9cfb + - fa24ff484c3170fe0abcb9f4b27b20ae X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7916,12 +7959,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:45.239+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:13.285+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - eb910215-808a-48bd-8368-ca03456f7187 + - e3529727-df31-4208-8114-b45178f5b040 Atl-Traceid: - - eb910215808a48bd8368ca03456f7187 + - e3529727df3142088114b45178f5b040 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7931,7 +7974,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:45 GMT + - Sat, 24 May 2025 10:33:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7941,7 +7984,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=191,atl-edge;dur=159,atl-edge-internal;dur=14,atl-edge-upstream;dur=145,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="JvZHQk6NEbaTNLPMSewEJaI7R_SQdIMMs0sJKnKvHfmYL4iEUKn_fQ==",cdn-downstream-fbl;dur=197 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=113,atl-edge;dur=105,atl-edge-internal;dur=12,atl-edge-upstream;dur=92,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="FvICC65lNzshNyNlxaHt-nrMWJvypoiD54LdDJxd39fChzwp_2o_NA==",cdn-downstream-fbl;dur=117 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7951,15 +7994,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9dbecd95f02024b36225d6b521598db6.cloudfront.net (CloudFront) + - 1.1 9835af751c15612a813bbc131d2ce1e6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - JvZHQk6NEbaTNLPMSewEJaI7R_SQdIMMs0sJKnKvHfmYL4iEUKn_fQ== + - FvICC65lNzshNyNlxaHt-nrMWJvypoiD54LdDJxd39fChzwp_2o_NA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 367d852d576722f6709fd2c13ed88579 + - 6da49b7123b105423b934aaae50a63de X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7985,28 +8028,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18191 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19657 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18191","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191","key":"NTEST-1848","fields":{"statuscategorychangedate":"2025-04-30T18:25:33.443+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19657","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657","key":"NTEST-2985","fields":{"statuscategorychangedate":"2025-05-24T12:33:04.446+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:07.393+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t13:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:33.442+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:32:43.318+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ef:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:04.445+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/4] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/931] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/97]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/257] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/104]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/292]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/257]\n*Defect Dojo link:* http://localhost:8080/finding/257 - (257)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/292]\n*Defect Dojo link:* http://localhost:8080/finding/292 + (292)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8016,9 +8060,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/256]\n*Defect - Dojo link:* http://localhost:8080/finding/256 (256)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291]\n*Defect + Dojo link:* http://localhost:8080/finding/291 (291)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8028,14 +8072,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1848/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18191/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2985/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19657/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 42f56751-bc5a-46be-b88a-9c0e83f852db + - 739d8433-f3fe-4b01-a7f6-3a53b29f6f26 Atl-Traceid: - - 42f56751bc5a46beb88a9c0e83f852db + - 739d8433f3fe4b01a7f63a53b29f6f26 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8045,7 +8089,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:45 GMT + - Sat, 24 May 2025 10:33:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8055,7 +8099,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="l5Hbb2edRfWPrHdvcmf-sE6D5M92TMjAaMZqrLayNxedy0pMUUdUfA==",cdn-downstream-fbl;dur=312,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=310,atl-edge;dur=224,atl-edge-internal;dur=15,atl-edge-upstream;dur=209,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=216,atl-edge;dur=208,atl-edge-internal;dur=17,atl-edge-upstream;dur=192,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="sJw_vskszjNxgmTfOw_i0G4CWsGkOMI9JPRQpK294lDqwzJz3OW22w==",cdn-downstream-fbl;dur=220 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8065,15 +8109,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2e5e63ac90c6eb4f962029f46116f994.cloudfront.net (CloudFront) + - 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - l5Hbb2edRfWPrHdvcmf-sE6D5M92TMjAaMZqrLayNxedy0pMUUdUfA== + - sJw_vskszjNxgmTfOw_i0G4CWsGkOMI9JPRQpK294lDqwzJz3OW22w== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - d7854d07453969a75ff5190428bb40a7 + - 7b4d25e0adaa7fa5aae839a1e173f2ae X-Cache: - Miss from cloudfront X-Content-Type-Options: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira.yaml index f574ab6f5d6..b1a1b8bb156 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira.yaml @@ -2,14 +2,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/98", "url_api": "http://localhost:8080/api/v2/tests/98/", + "http://localhost:8080/test/105", "url_api": "http://localhost:8080/api/v2/tests/105/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 98, "url_ui": "http://localhost:8080/test/98", "url_api": "http://localhost:8080/api/v2/tests/98/"}}' + 105, "url_ui": "http://localhost:8080/test/105", "url_api": "http://localhost:8080/api/v2/tests/105/"}}' headers: Accept: - application/json @@ -20,11 +20,11 @@ interactions: Connection: - keep-alive Content-Length: - - '838' + - '843' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -36,15 +36,15 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"838\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:42964\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:43552\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/98\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/98/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/105\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/105/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -52,8 +52,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 98, \\\"url_ui\\\": \\\"http://localhost:8080/test/98\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/98/\\\"}}\",\n \"files\": + null, \\\"id\\\": 105, \\\"url_ui\\\": \\\"http://localhost:8080/test/105\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/105/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -63,11 +63,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 98,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/98/\",\n - \ \"url_ui\": \"http://localhost:8080/test/98\"\n },\n \"title\": + 105,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/105/\",\n + \ \"url_ui\": \"http://localhost:8080/test/105\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/98/\",\n \"url_ui\": - \"http://localhost:8080/test/98\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/105/\",\n \"url_ui\": + \"http://localhost:8080/test/105\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -76,7 +76,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:25:45 GMT + - Sat, 24 May 2025 10:33:12 GMT Transfer-Encoding: - chunked status: @@ -85,19 +85,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/98", "url_api": "http://localhost:8080/api/v2/tests/98/", + "url_ui": "http://localhost:8080/test/105", "url_api": "http://localhost:8080/api/v2/tests/105/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 98, "url_ui": "http://localhost:8080/test/98", "url_api": "http://localhost:8080/api/v2/tests/98/"}, - "finding_count": 2, "findings": {"new": [{"id": 261, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/261", - "url_api": "http://localhost:8080/api/v2/findings/261/"}, {"id": 262, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/262", - "url_api": "http://localhost:8080/api/v2/findings/262/"}], "reactivated": [], + 105, "url_ui": "http://localhost:8080/test/105", "url_api": "http://localhost:8080/api/v2/tests/105/"}, + "finding_count": 2, "findings": {"new": [{"id": 296, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/296", + "url_api": "http://localhost:8080/api/v2/findings/296/"}, {"id": 297, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/297", + "url_api": "http://localhost:8080/api/v2/findings/297/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -109,11 +109,11 @@ interactions: Connection: - keep-alive Content-Length: - - '1310' + - '1315' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -125,53 +125,54 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"1310\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:42972\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:43554\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/98\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/98/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/105\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/105/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 98, \\\"url_ui\\\": \\\"http://localhost:8080/test/98\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/98/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 261, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 105, \\\"url_ui\\\": \\\"http://localhost:8080/test/105\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/105/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 296, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/261\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/261/\\\"}, - {\\\"id\\\": 262, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/262\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/262/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/296\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/296/\\\"}, + {\\\"id\\\": 297, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/297\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/297/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 261,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/261/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/261\"\n },\n - \ {\n \"id\": 262,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/262/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/262\"\n }\n ],\n + \ \"id\": 296,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/296/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/296\"\n },\n + \ {\n \"id\": 297,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/297/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/297\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 98,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/98/\",\n - \ \"url_ui\": \"http://localhost:8080/test/98\"\n },\n \"title\": + 105,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/105/\",\n + \ \"url_ui\": \"http://localhost:8080/test/105\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/98/\",\n - \ \"url_ui\": \"http://localhost:8080/test/98\",\n \"user\": null\n }\n}\n" + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/105/\",\n + \ \"url_ui\": \"http://localhost:8080/test/105\",\n \"user\": null\n + \ }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -180,7 +181,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:25:45 GMT + - Sat, 24 May 2025 10:33:12 GMT Transfer-Encoding: - chunked status: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_but_push_all.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_but_push_all.yaml index 8b8a26c1f0d..3b1ef197626 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_but_push_all.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_but_push_all.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:46.307+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:14.048+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - a1eb0eeb-128c-474e-b22e-51d39ec8abfe + - 62dd4193-6551-475e-b5c6-e4eaf5e7b50f Atl-Traceid: - - a1eb0eeb128c474eb22e51d39ec8abfe + - 62dd41936551475eb5c6e4eaf5e7b50f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:46 GMT + - Sat, 24 May 2025 10:33:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="I9vwyciRp2gEM26o7b6OvjMCZiIpud5WNPXllk5doiu4p4QV8RZ9Nw==",cdn-downstream-fbl;dur=241,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=59,cdn-upstream-fbl;dur=238,atl-edge;dur=159,atl-edge-internal;dur=16,atl-edge-upstream;dur=144,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=116,atl-edge;dur=109,atl-edge-internal;dur=16,atl-edge-upstream;dur=93,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Wg9s94QGa6zE-94VHI3V6wyTDrQTNNrQ9Dj-xSQ2w9YizoWmOzE4WA==",cdn-downstream-fbl;dur=120 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 04a2159f61dab28d4b7610df116a191a.cloudfront.net (CloudFront) + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - I9vwyciRp2gEM26o7b6OvjMCZiIpud5WNPXllk5doiu4p4QV8RZ9Nw== + - Wg9s94QGa6zE-94VHI3V6wyTDrQTNNrQ9Dj-xSQ2w9YizoWmOzE4WA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 4f08c9ccd305a21ddfaf3ef5d735f4b5 + - 86f75db32af72d8128cc253ede327952 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 91f6dacf-c1da-4cb5-945a-d6de016009fd + - 1d1f7a9d-f2d1-4d48-bd7a-37eeb1e43134 Atl-Traceid: - - 91f6dacfc1da4cb5945ad6de016009fd + - 1d1f7a9df2d14d48bd7a37eeb1e43134 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:46 GMT + - Sat, 24 May 2025 10:33:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="5X9Jv12v-gQYK-b9S6H9JXRNBtjZpMihFqVhCcjLJPdntgAMpu7-Xg==",cdn-downstream-fbl;dur=337,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=335,atl-edge;dur=262,atl-edge-internal;dur=16,atl-edge-upstream;dur=247,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=255,atl-edge;dur=247,atl-edge-internal;dur=17,atl-edge-upstream;dur=231,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="BEfv_zDUe5pgjGEtXXIFwIjCjn5IIfEAg0u4VXOT5FI48znHtdOVaw==",cdn-downstream-fbl;dur=260 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 72fcd81c14e3eb0facf41fedad65e9e4.cloudfront.net (CloudFront) + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 5X9Jv12v-gQYK-b9S6H9JXRNBtjZpMihFqVhCcjLJPdntgAMpu7-Xg== + - BEfv_zDUe5pgjGEtXXIFwIjCjn5IIfEAg0u4VXOT5FI48znHtdOVaw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - b619e9f3ce34157570e61336e5643d9a + - 60698278c40b82dcdb35b3108c80ff28 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -155,11 +155,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/263]\n\n*Defect - Dojo link:* http://localhost:8080/finding/263 (263)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/298]\n\n*Defect + Dojo link:* http://localhost:8080/finding/298 (298)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/99]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/106]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -177,7 +177,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1322' + - '1324' Content-Type: - application/json User-Agent: @@ -186,12 +186,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18197","key":"NTEST-1851","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18197"}' + string: '{"id":"19660","key":"NTEST-2988","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19660"}' headers: Atl-Request-Id: - - 09a3e2a8-7238-47bf-8685-f0f32c0575a7 + - 2209ba68-08d4-4af1-a1cf-147e06a81a0a Atl-Traceid: - - 09a3e2a8723847bf8685f0f32c0575a7 + - 2209ba6808d44af1a1cf147e06a81a0a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -199,7 +199,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:47 GMT + - Sat, 24 May 2025 10:33:15 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -209,7 +209,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=738,atl-edge;dur=706,atl-edge-internal;dur=16,atl-edge-upstream;dur=690,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="bCH5LBzvpHuKGhs2xnP9WBh_UbH6N5K0mMSiErl3QlSiM62YbXZFOg==",cdn-downstream-fbl;dur=743 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="yUsRIXmT7i19dJGG1RdgGZB1VDxQaot5YNXCD0FDDhvoOvUtDAbDsg==",cdn-downstream-fbl;dur=711,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=708,atl-edge;dur=680,atl-edge-internal;dur=17,atl-edge-upstream;dur=663,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -219,15 +219,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e9bcf307d6ed54e3e501e39bc538dcfc.cloudfront.net (CloudFront) + - 1.1 e086ec27af2d3105a1a9fa7efa1be454.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - bCH5LBzvpHuKGhs2xnP9WBh_UbH6N5K0mMSiErl3QlSiM62YbXZFOg== + - yUsRIXmT7i19dJGG1RdgGZB1VDxQaot5YNXCD0FDDhvoOvUtDAbDsg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 339e5e8ba8a9ed9745e18d79131cbdfc + - 5bcb0c9f7dc5fbe27341ab8659e1677d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -253,19 +253,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1851 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2988 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18197","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18197","key":"NTEST-1851","fields":{"statuscategorychangedate":"2025-04-30T18:25:47.646+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19660","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19660","key":"NTEST-2988","fields":{"statuscategorychangedate":"2025-05-24T12:33:15.090+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1851/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:47.341+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1r:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:47.428+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2988/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:14.767+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010f3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:14.850+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/263]\n\n*Defect - Dojo link:* http://localhost:8080/finding/263 (263)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/298]\n\n*Defect + Dojo link:* http://localhost:8080/finding/298 (298)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/99]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/106]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -273,14 +273,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1851/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18197/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2988/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19660/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 82c08659-679e-42fa-9823-181e7e37e505 + - 225a2ab2-15e1-43da-bbcc-ccbde44a205c Atl-Traceid: - - 82c08659679e42fa9823181e7e37e505 + - 225a2ab215e143dabbccccbde44a205c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -290,7 +290,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:48 GMT + - Sat, 24 May 2025 10:33:15 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -300,7 +300,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=324,atl-edge;dur=292,atl-edge-internal;dur=19,atl-edge-upstream;dur=272,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="mABwK6D-SingVTUtRtWtS5omJVuidqYqOdRBFLt3L2gYwIAmLv4gAQ==",cdn-downstream-fbl;dur=329 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=318,atl-edge;dur=311,atl-edge-internal;dur=18,atl-edge-upstream;dur=293,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="x2o-NA75BrlfXw0oE5mOHp5mvLos4wvUL6fq1SJa-dD_4DPoo81iXg==",cdn-downstream-fbl;dur=321 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -310,15 +310,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 771067dca4682f83a6c9963c412d66cc.cloudfront.net (CloudFront) + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - mABwK6D-SingVTUtRtWtS5omJVuidqYqOdRBFLt3L2gYwIAmLv4gAQ== + - x2o-NA75BrlfXw0oE5mOHp5mvLos4wvUL6fq1SJa-dD_4DPoo81iXg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 9a427da558585e30b7bd735e0a438a67 + - 6d1981b70e730faa26a02c2c7244e375 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -344,19 +344,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18197 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19660 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18197","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18197","key":"NTEST-1851","fields":{"statuscategorychangedate":"2025-04-30T18:25:47.646+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19660","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19660","key":"NTEST-2988","fields":{"statuscategorychangedate":"2025-05-24T12:33:15.090+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1851/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:47.341+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1r:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:47.428+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2988/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:14.767+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010f3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:14.850+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/263]\n\n*Defect - Dojo link:* http://localhost:8080/finding/263 (263)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/298]\n\n*Defect + Dojo link:* http://localhost:8080/finding/298 (298)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/99]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/106]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -364,14 +364,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1851/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18197/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2988/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19660/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - a9edd810-4408-4023-8fcb-26d37cd69982 + - d500804e-34c1-4b52-b4f5-4e0ca4d6a33e Atl-Traceid: - - a9edd810440840238fcb26d37cd69982 + - d500804e34c14b52b4f54e0ca4d6a33e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -381,7 +381,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:48 GMT + - Sat, 24 May 2025 10:33:15 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -391,7 +391,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="4KEYHWqBvRb37qUXMTAyXK902AclcHFi_BE0RmyZq6N7Q0oiSC3AMA==",cdn-downstream-fbl;dur=503,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=500,atl-edge;dur=415,atl-edge-internal;dur=14,atl-edge-upstream;dur=400,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=266,atl-edge;dur=258,atl-edge-internal;dur=16,atl-edge-upstream;dur=243,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="mIvnKAnk2OqvBQMzbS60C7vrq5pDZASTq0bvDdcEfyhKzlCT6yvAxQ==",cdn-downstream-fbl;dur=271 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -401,15 +401,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 57f0537bdb26692a5be92bbbe93e4ea2.cloudfront.net (CloudFront) + - 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 4KEYHWqBvRb37qUXMTAyXK902AclcHFi_BE0RmyZq6N7Q0oiSC3AMA== + - mIvnKAnk2OqvBQMzbS60C7vrq5pDZASTq0bvDdcEfyhKzlCT6yvAxQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 41c01f988292fac52906b2d36d18c081 + - 77febe010d71882c2455e5a2bedfba2e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -438,12 +438,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:49.321+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:16.139+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - ba0e8568-f21d-4489-bd2b-4a7f88f11e27 + - 5f6ca9fd-35af-45c7-a784-0fd06d7fc028 Atl-Traceid: - - ba0e8568f21d4489bd2b4a7f88f11e27 + - 5f6ca9fd35af45c7a7840fd06d7fc028 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -453,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:49 GMT + - Sat, 24 May 2025 10:33:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -463,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=176,atl-edge;dur=143,atl-edge-internal;dur=15,atl-edge-upstream;dur=129,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="SYhPPRybGbdTnMo7iDodAdPS5xcEakb0laL6XYxF_du2RjWQ38zz6Q==",cdn-downstream-fbl;dur=179 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=113,atl-edge;dur=105,atl-edge-internal;dur=15,atl-edge-upstream;dur=90,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="IzjfQXeMjW2BttNaQ6f4WMnTuY85tvFeLxcpKP9-Owe1Xg54B_oHEw==",cdn-downstream-fbl;dur=118 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -473,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a183b6545fea485604515ba7931cb9b8.cloudfront.net (CloudFront) + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - SYhPPRybGbdTnMo7iDodAdPS5xcEakb0laL6XYxF_du2RjWQ38zz6Q== + - IzjfQXeMjW2BttNaQ6f4WMnTuY85tvFeLxcpKP9-Owe1Xg54B_oHEw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 72ea4759aee751b8a2a155e9881ffda7 + - 3cee67e3dec0f0731f5cfb213ce37e5f X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -519,9 +519,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 367477bf-4de3-479a-9517-30348af63c4e + - 9a5e5418-6769-4649-b745-d4f15451699f Atl-Traceid: - - 367477bf4de3479a951730348af63c4e + - 9a5e541867694649b745d4f15451699f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -531,7 +531,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:49 GMT + - Sat, 24 May 2025 10:33:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -541,7 +541,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=332,atl-edge;dur=299,atl-edge-internal;dur=17,atl-edge-upstream;dur=282,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="HDo7FrhZw_tDDe0i4lCQRxFgDKe9qE1m-Uy3ugXgF4MvZhXMnwJ-1A==",cdn-downstream-fbl;dur=336 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=288,atl-edge;dur=280,atl-edge-internal;dur=17,atl-edge-upstream;dur=264,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="u_7l5rp0VFXexDDxjubXOfjlY3w6JEjC2kyTs14OHgUt2y1ZfBQxSw==",cdn-downstream-fbl;dur=293 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -551,18 +551,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1b7fa09f50c08a88d619f90eef5ee94a.cloudfront.net (CloudFront) + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - HDo7FrhZw_tDDe0i4lCQRxFgDKe9qE1m-Uy3ugXgF4MvZhXMnwJ-1A== + - u_7l5rp0VFXexDDxjubXOfjlY3w6JEjC2kyTs14OHgUt2y1ZfBQxSw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - cb68eec149bf5710ec075902af517d4b + - 552bb97550b633127fd5eb819857c085 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -575,11 +575,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/264]\n\n*Defect - Dojo link:* http://localhost:8080/finding/264 (264)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/299]\n\n*Defect + Dojo link:* http://localhost:8080/finding/299 (299)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/99]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/106]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -597,7 +597,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1322' + - '1324' Content-Type: - application/json User-Agent: @@ -606,12 +606,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18199","key":"NTEST-1852","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18199"}' + string: '{"id":"19661","key":"NTEST-2989","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19661"}' headers: Atl-Request-Id: - - b6ce82b6-d7ec-4b26-8e79-b2f78e911b23 + - dc83bc29-80b7-4ef3-9fc8-edefdac3ae12 Atl-Traceid: - - b6ce82b6d7ec4b268e79b2f78e911b23 + - dc83bc2980b74ef39fc8edefdac3ae12 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -619,7 +619,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:50 GMT + - Sat, 24 May 2025 10:33:17 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -629,7 +629,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="cU4J2O01Ch14sMIRwgaLXmuOhykilt41kOJHAlwvODq0TsgF3lojiw==",cdn-downstream-fbl;dur=779,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=775,atl-edge;dur=690,atl-edge-internal;dur=17,atl-edge-upstream;dur=674,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=635,atl-edge;dur=628,atl-edge-internal;dur=16,atl-edge-upstream;dur=612,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ak0JHaAAxuTwlgQ42FMRCddr73furzUiyXom6FchJdiecck_MMiaiA==",cdn-downstream-fbl;dur=640 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -639,15 +639,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0730d54c3f7ca2a2e0c1b4cda1ebc0aa.cloudfront.net (CloudFront) + - 1.1 f5d6b2021b5a22554c0e7f5b20207324.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - cU4J2O01Ch14sMIRwgaLXmuOhykilt41kOJHAlwvODq0TsgF3lojiw== + - ak0JHaAAxuTwlgQ42FMRCddr73furzUiyXom6FchJdiecck_MMiaiA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - a9b301f7ccd90c8ce862aea6b08546f6 + - bc406b1833f54cea47f5af38b830b21e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -673,19 +673,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1852 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2989 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18199","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18199","key":"NTEST-1852","fields":{"statuscategorychangedate":"2025-04-30T18:25:50.653+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19661","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19661","key":"NTEST-2989","fields":{"statuscategorychangedate":"2025-05-24T12:33:17.170+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1852/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:50.366+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:50.453+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2989/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:16.892+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010fb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:16.960+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/264]\n\n*Defect - Dojo link:* http://localhost:8080/finding/264 (264)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/299]\n\n*Defect + Dojo link:* http://localhost:8080/finding/299 (299)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/99]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/106]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -693,14 +693,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1852/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18199/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2989/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19661/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - cd18d5e2-4642-44c5-bd2a-7aa3c2546b25 + - 034e991b-7488-431b-893d-894a8413d5c9 Atl-Traceid: - - cd18d5e2464244c5bd2a7aa3c2546b25 + - 034e991b7488431b893d894a8413d5c9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -710,7 +710,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:51 GMT + - Sat, 24 May 2025 10:33:17 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -720,7 +720,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=302,atl-edge;dur=269,atl-edge-internal;dur=15,atl-edge-upstream;dur=255,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="qsBkjTD2-KrnV6sWPT6KN5tYJ_VO71QsWCNvlSNpVYHopAUGAe8jhg==",cdn-downstream-fbl;dur=305 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=250,atl-edge;dur=242,atl-edge-internal;dur=16,atl-edge-upstream;dur=227,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="iXnjH9voASibH80MZPKzdDhJVzBJczwaZRtbgPWTZEHz-Yp4F9005g==",cdn-downstream-fbl;dur=253 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -730,15 +730,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 22067fb5d7eb764108747a104222f50a.cloudfront.net (CloudFront) + - 1.1 b0062bb33b961b53be87d688f2bdd9f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - qsBkjTD2-KrnV6sWPT6KN5tYJ_VO71QsWCNvlSNpVYHopAUGAe8jhg== + - iXnjH9voASibH80MZPKzdDhJVzBJczwaZRtbgPWTZEHz-Yp4F9005g== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - bf4c281268de91a7d9c39d2a58753a4c + - ea5664521c7d9b0065f5ec6fcade8566 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -764,19 +764,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18199 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19661 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18199","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18199","key":"NTEST-1852","fields":{"statuscategorychangedate":"2025-04-30T18:25:50.653+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19661","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19661","key":"NTEST-2989","fields":{"statuscategorychangedate":"2025-05-24T12:33:17.170+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1852/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:50.366+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t1z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:50.453+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2989/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:16.892+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010fb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:16.960+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/264]\n\n*Defect - Dojo link:* http://localhost:8080/finding/264 (264)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/299]\n\n*Defect + Dojo link:* http://localhost:8080/finding/299 (299)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/99]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/106]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -784,14 +784,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1852/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18199/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2989/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19661/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 63d08bc5-1d33-453e-b3b5-497593ebc64e + - 4d398937-7890-4729-9ce9-492558d0c31d Atl-Traceid: - - 63d08bc51d33453eb3b5497593ebc64e + - 4d398937789047299ce9492558d0c31d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -801,7 +801,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:51 GMT + - Sat, 24 May 2025 10:33:17 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -811,7 +811,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="zfooMFI38V4CuOkbtwTHnOk7lNwRLwGp8FozffcJfknMZ4lpckAK6A==",cdn-downstream-fbl;dur=359,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=61,cdn-upstream-fbl;dur=356,atl-edge;dur=274,atl-edge-internal;dur=18,atl-edge-upstream;dur=256,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=243,atl-edge;dur=236,atl-edge-internal;dur=17,atl-edge-upstream;dur=219,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="k4PPavzs5Cs0iDktId9QsUrdK_aJclSZWFSUeebDW2ul49hQ_6jjSw==",cdn-downstream-fbl;dur=247 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -821,15 +821,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 40867fef594010a8d9ec2cb0a5cb2350.cloudfront.net (CloudFront) + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - zfooMFI38V4CuOkbtwTHnOk7lNwRLwGp8FozffcJfknMZ4lpckAK6A== + - k4PPavzs5Cs0iDktId9QsUrdK_aJclSZWFSUeebDW2ul49hQ_6jjSw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 5e4a382eae385c7443f46b8a9bfef409 + - 7fdd55fe01a6003de1dedba6c2fc6605 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -842,14 +842,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/99", "url_api": "http://localhost:8080/api/v2/tests/99/", + "http://localhost:8080/test/106", "url_api": "http://localhost:8080/api/v2/tests/106/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 99, "url_ui": "http://localhost:8080/test/99", "url_api": "http://localhost:8080/api/v2/tests/99/"}}' + 106, "url_ui": "http://localhost:8080/test/106", "url_api": "http://localhost:8080/api/v2/tests/106/"}}' headers: Accept: - application/json @@ -860,11 +860,11 @@ interactions: Connection: - keep-alive Content-Length: - - '838' + - '843' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -876,15 +876,15 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"838\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:47952\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:43562\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/99\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/99/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/106\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/106/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -892,8 +892,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 99, \\\"url_ui\\\": \\\"http://localhost:8080/test/99\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/99/\\\"}}\",\n \"files\": + null, \\\"id\\\": 106, \\\"url_ui\\\": \\\"http://localhost:8080/test/106\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/106/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -903,11 +903,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 99,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/99/\",\n - \ \"url_ui\": \"http://localhost:8080/test/99\"\n },\n \"title\": + 106,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/106/\",\n + \ \"url_ui\": \"http://localhost:8080/test/106\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/99/\",\n \"url_ui\": - \"http://localhost:8080/test/99\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/106/\",\n \"url_ui\": + \"http://localhost:8080/test/106\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -916,7 +916,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:25:51 GMT + - Sat, 24 May 2025 10:33:16 GMT Transfer-Encoding: - chunked status: @@ -925,19 +925,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/99", "url_api": "http://localhost:8080/api/v2/tests/99/", + "url_ui": "http://localhost:8080/test/106", "url_api": "http://localhost:8080/api/v2/tests/106/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 99, "url_ui": "http://localhost:8080/test/99", "url_api": "http://localhost:8080/api/v2/tests/99/"}, - "finding_count": 2, "findings": {"new": [{"id": 263, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/263", - "url_api": "http://localhost:8080/api/v2/findings/263/"}, {"id": 264, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/264", - "url_api": "http://localhost:8080/api/v2/findings/264/"}], "reactivated": [], + 106, "url_ui": "http://localhost:8080/test/106", "url_api": "http://localhost:8080/api/v2/tests/106/"}, + "finding_count": 2, "findings": {"new": [{"id": 298, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/298", + "url_api": "http://localhost:8080/api/v2/findings/298/"}, {"id": 299, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/299", + "url_api": "http://localhost:8080/api/v2/findings/299/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -949,11 +949,11 @@ interactions: Connection: - keep-alive Content-Length: - - '1310' + - '1315' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -965,53 +965,54 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"1310\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:47956\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:43572\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/99\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/99/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/106\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/106/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 99, \\\"url_ui\\\": \\\"http://localhost:8080/test/99\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/99/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 263, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 106, \\\"url_ui\\\": \\\"http://localhost:8080/test/106\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/106/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 298, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/263\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/263/\\\"}, - {\\\"id\\\": 264, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/264\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/264/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/298\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/298/\\\"}, + {\\\"id\\\": 299, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/299\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/299/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 263,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/263/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/263\"\n },\n - \ {\n \"id\": 264,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/264/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/264\"\n }\n ],\n + \ \"id\": 298,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/298/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/298\"\n },\n + \ {\n \"id\": 299,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/299/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/299\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 99,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/99/\",\n - \ \"url_ui\": \"http://localhost:8080/test/99\"\n },\n \"title\": + 106,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/106/\",\n + \ \"url_ui\": \"http://localhost:8080/test/106\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/99/\",\n - \ \"url_ui\": \"http://localhost:8080/test/99\",\n \"user\": null\n }\n}\n" + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/106/\",\n + \ \"url_ui\": \"http://localhost:8080/test/106\",\n \"user\": null\n + \ }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -1020,7 +1021,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:25:51 GMT + - Sat, 24 May 2025 10:33:16 GMT Transfer-Encoding: - chunked status: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_no_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_no_push_to_jira.yaml index 84c63ed6d0c..e64978efa4f 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_no_push_to_jira.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_no_push_to_jira.yaml @@ -2,14 +2,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/100", "url_api": "http://localhost:8080/api/v2/tests/100/", + "http://localhost:8080/test/107", "url_api": "http://localhost:8080/api/v2/tests/107/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 100, "url_ui": "http://localhost:8080/test/100", "url_api": "http://localhost:8080/api/v2/tests/100/"}}' + 107, "url_ui": "http://localhost:8080/test/107", "url_api": "http://localhost:8080/api/v2/tests/107/"}}' headers: Accept: - application/json @@ -24,7 +24,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -38,13 +38,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:47958\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:43586\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/100\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/100/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/107\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/107/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -52,8 +52,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 100, \\\"url_ui\\\": \\\"http://localhost:8080/test/100\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/100/\\\"}}\",\n \"files\": + null, \\\"id\\\": 107, \\\"url_ui\\\": \\\"http://localhost:8080/test/107\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/107/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -63,11 +63,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 100,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/100/\",\n - \ \"url_ui\": \"http://localhost:8080/test/100\"\n },\n \"title\": + 107,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/107/\",\n + \ \"url_ui\": \"http://localhost:8080/test/107\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/100/\",\n \"url_ui\": - \"http://localhost:8080/test/100\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/107/\",\n \"url_ui\": + \"http://localhost:8080/test/107\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -76,7 +76,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:25:51 GMT + - Sat, 24 May 2025 10:33:16 GMT Transfer-Encoding: - chunked status: @@ -85,19 +85,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/100", "url_api": "http://localhost:8080/api/v2/tests/100/", + "url_ui": "http://localhost:8080/test/107", "url_api": "http://localhost:8080/api/v2/tests/107/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 100, "url_ui": "http://localhost:8080/test/100", "url_api": "http://localhost:8080/api/v2/tests/100/"}, - "finding_count": 2, "findings": {"new": [{"id": 265, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/265", - "url_api": "http://localhost:8080/api/v2/findings/265/"}, {"id": 266, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/266", - "url_api": "http://localhost:8080/api/v2/findings/266/"}], "reactivated": [], + 107, "url_ui": "http://localhost:8080/test/107", "url_api": "http://localhost:8080/api/v2/tests/107/"}, + "finding_count": 2, "findings": {"new": [{"id": 300, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/300", + "url_api": "http://localhost:8080/api/v2/findings/300/"}, {"id": 301, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/301", + "url_api": "http://localhost:8080/api/v2/findings/301/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -113,7 +113,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -127,51 +127,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:47970\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:43588\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/100\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/100/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/107\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/107/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 100, \\\"url_ui\\\": \\\"http://localhost:8080/test/100\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/100/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 265, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 107, \\\"url_ui\\\": \\\"http://localhost:8080/test/107\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/107/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 300, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/265\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/265/\\\"}, - {\\\"id\\\": 266, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/266\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/266/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/300\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/300/\\\"}, + {\\\"id\\\": 301, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/301\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/301/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 265,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/265/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/265\"\n },\n - \ {\n \"id\": 266,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/266/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/266\"\n }\n ],\n + \ \"id\": 300,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/300/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/300\"\n },\n + \ {\n \"id\": 301,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/301/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/301\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 100,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/100/\",\n - \ \"url_ui\": \"http://localhost:8080/test/100\"\n },\n \"title\": + 107,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/107/\",\n + \ \"url_ui\": \"http://localhost:8080/test/107\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/100/\",\n - \ \"url_ui\": \"http://localhost:8080/test/100\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/107/\",\n + \ \"url_ui\": \"http://localhost:8080/test/107\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -181,28 +181,14 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:25:51 GMT + - Sat, 24 May 2025 10:33:16 GMT Transfer-Encoding: - chunked status: code: 200 message: OK - request: - body: '{"description": "Event scan_added_empty has occurred.", "title": "Created/Updated - 0 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/100", "url_api": "http://localhost:8080/api/v2/tests/100/", - "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", - "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": - "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": - "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter - Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": - "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 100, "url_ui": "http://localhost:8080/test/100", "url_api": "http://localhost:8080/api/v2/tests/100/"}, - "finding_count": 0, "findings": {"new": [], "reactivated": [], "mitigated": - [], "untouched": [{"id": 265, "title": "Zap1: Cookie Without Secure Flag", "severity": - "Low", "url_ui": "http://localhost:8080/finding/265", "url_api": "http://localhost:8080/api/v2/findings/265/"}, - {"id": 266, "title": "Zap2: Cookie Without Secure Flag", "severity": "Low", - "url_ui": "http://localhost:8080/finding/266", "url_api": "http://localhost:8080/api/v2/findings/266/"}]}}' + body: '"scan_added.tpl"' headers: Accept: - application/json @@ -213,11 +199,11 @@ interactions: Connection: - keep-alive Content-Length: - - '1321' + - '16' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added_empty X-DefectDojo-Instance: @@ -229,64 +215,25 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"1321\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"16\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added_empty\"\n ],\n \"X-Defectdojo-Instance\": [\n \ \"http://localhost:8080\"\n ]\n },\n \"method\": \"POST\",\n \"origin\": - \"172.18.0.9:47976\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n - \ \"data\": \"{\\\"description\\\": \\\"Event scan_added_empty has occurred.\\\", - \\\"title\\\": \\\"Created/Updated 0 findings for Security How-to: 1st Quarter - Engagement: ZAP Scan\\\", \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/100\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/100/\\\", \\\"product_type\\\": - {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": - {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": - {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": - \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 100, \\\"url_ui\\\": \\\"http://localhost:8080/test/100\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/100/\\\"}, \\\"finding_count\\\": - 0, \\\"findings\\\": {\\\"new\\\": [], \\\"reactivated\\\": [], \\\"mitigated\\\": - [], \\\"untouched\\\": [{\\\"id\\\": 265, \\\"title\\\": \\\"Zap1: Cookie - Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/265\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/265/\\\"}, {\\\"id\\\": - 266, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", \\\"severity\\\": - \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/266\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/266/\\\"}]}}\",\n \"files\": {},\n - \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added_empty - has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": - \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n - \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": - 0,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [],\n \"reactivated\": - [],\n \"untouched\": [\n {\n \"id\": 265,\n \"severity\": - \"Low\",\n \"title\": \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/265/\",\n \"url_ui\": \"http://localhost:8080/finding/265\"\n - \ },\n {\n \"id\": 266,\n \"severity\": \"Low\",\n - \ \"title\": \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/266/\",\n \"url_ui\": \"http://localhost:8080/finding/266\"\n - \ }\n ]\n },\n \"product\": {\n \"id\": 2,\n \"name\": - \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n - \ \"url_ui\": \"http://localhost:8080/product/2\"\n },\n \"product_type\": - {\n \"id\": 2,\n \"name\": \"ebooks\",\n \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n - \ \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": - {\n \"id\": 100,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/100/\",\n - \ \"url_ui\": \"http://localhost:8080/test/100\"\n },\n \"title\": - \"Created/Updated 0 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/100/\",\n - \ \"url_ui\": \"http://localhost:8080/test/100\",\n \"user\": null\n - \ }\n}\n" + \"10.250.1.6:43592\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n + \ \"data\": \"\\\"scan_added.tpl\\\"\",\n \"files\": {},\n \"form\": {},\n + \ \"json\": \"scan_added.tpl\"\n}\n" headers: Access-Control-Allow-Credentials: - 'true' Access-Control-Allow-Origin: - '*' + Content-Length: + - '738' Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:25:51 GMT - Transfer-Encoding: - - chunked + - Sat, 24 May 2025 10:33:16 GMT status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues.yaml index e2672c49517..8300ca93298 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:52.373+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:18.539+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - ce8a05aa-be87-4e9b-92b8-41359747a923 + - cdf223c0-e7b2-4305-9146-3d8791624a20 Atl-Traceid: - - ce8a05aabe874e9b92b841359747a923 + - cdf223c0e7b2430591463d8791624a20 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:52 GMT + - Sat, 24 May 2025 10:33:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="N-lM2T8ef-HzfGmYOQMGFvLFnxlXUoBGLQ9sPkVXhOAsUlXh0FfkWQ==",cdn-downstream-fbl;dur=250,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=248,atl-edge;dur=162,atl-edge-internal;dur=16,atl-edge-upstream;dur=146,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=107,atl-edge;dur=99,atl-edge-internal;dur=16,atl-edge-upstream;dur=84,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="GfzlIgvB_D5nWzkMOFuzXA6cqDnTN1Fj0T5ED9SLjZprbCYKUr4byQ==",cdn-downstream-fbl;dur=111 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9d71affbaf22baf23eab459f3d2ee77a.cloudfront.net (CloudFront) + - 1.1 5de5e66003332bec09dff893114ac06c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - N-lM2T8ef-HzfGmYOQMGFvLFnxlXUoBGLQ9sPkVXhOAsUlXh0FfkWQ== + - GfzlIgvB_D5nWzkMOFuzXA6cqDnTN1Fj0T5ED9SLjZprbCYKUr4byQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 853865838dbf24342bf391b4dae1ab54 + - b8dd7842620d0b5ebc49e1902320c7f4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 89d7f4ba-6f18-4349-a16c-cc28c4bdcd43 + - 8d94fe65-1950-4f6f-b544-036568fb9a08 Atl-Traceid: - - 89d7f4ba6f184349a16ccc28c4bdcd43 + - 8d94fe6519504f6fb544036568fb9a08 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:52 GMT + - Sat, 24 May 2025 10:33:19 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=344,atl-edge;dur=311,atl-edge-internal;dur=16,atl-edge-upstream;dur=295,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="VHIpWCg_Wnl17mTKJ08Q-vSlk-WvYt2d7LLJX1sJds5IAE1GUmhSJg==",cdn-downstream-fbl;dur=347 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=238,atl-edge;dur=230,atl-edge-internal;dur=16,atl-edge-upstream;dur=215,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="InDGGS19I-ECPxHkA3ZK0m4U6vKnLIn79-J28O6QG6iuda_9FM2k4g==",cdn-downstream-fbl;dur=242 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront) + - 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - VHIpWCg_Wnl17mTKJ08Q-vSlk-WvYt2d7LLJX1sJds5IAE1GUmhSJg== + - InDGGS19I-ECPxHkA3ZK0m4U6vKnLIn79-J28O6QG6iuda_9FM2k4g== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 64f6cd87f64a33e7b301cae9bc48bc92 + - 818c70fef69d53ed34744cef14fdc3df X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -155,11 +155,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/267]\n\n*Defect - Dojo link:* http://localhost:8080/finding/267 (267)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/302]\n\n*Defect + Dojo link:* http://localhost:8080/finding/302 (302)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/101]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -177,7 +177,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -186,12 +186,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18201","key":"NTEST-1853","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18201"}' + string: '{"id":"19662","key":"NTEST-2990","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19662"}' headers: Atl-Request-Id: - - 9e29963f-6fc2-4d3c-a21c-a5ef0b07199d + - e55402b3-4e8d-41a0-8f13-f2aaa23b23c6 Atl-Traceid: - - 9e29963f6fc24d3ca21ca5ef0b07199d + - e55402b34e8d41a08f13f2aaa23b23c6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -199,7 +199,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:53 GMT + - Sat, 24 May 2025 10:33:19 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -209,7 +209,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="zbC-sHTDKlVhq1matjCZweIehewWyTyChJ4Oa4PGbO3uDWOA76TUOA==",cdn-downstream-fbl;dur=756,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=753,atl-edge;dur=680,atl-edge-internal;dur=22,atl-edge-upstream;dur=659,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=621,atl-edge;dur=613,atl-edge-internal;dur=15,atl-edge-upstream;dur=599,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="rtaQa3bxvru2eIV4OcQ7uqjUOXf1BFt4C3zIH6f4qKBMrVcHfQo59w==",cdn-downstream-fbl;dur=624 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -219,15 +219,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 64d5385c423c2207e3680beec4636de8.cloudfront.net (CloudFront) + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - zbC-sHTDKlVhq1matjCZweIehewWyTyChJ4Oa4PGbO3uDWOA76TUOA== + - rtaQa3bxvru2eIV4OcQ7uqjUOXf1BFt4C3zIH6f4qKBMrVcHfQo59w== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 315543f832a2d8ce4dde2595cd976e61 + - 8f885fd7ceaa32cd0a0e3c189c2eb6ae X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -253,19 +253,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1853 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2990 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18201","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18201","key":"NTEST-1853","fields":{"statuscategorychangedate":"2025-04-30T18:25:53.620+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19662","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19662","key":"NTEST-2990","fields":{"statuscategorychangedate":"2025-05-24T12:33:19.748+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1853/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:53.353+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t27:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:53.433+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2990/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:19.475+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010fj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:19.542+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/267]\n\n*Defect - Dojo link:* http://localhost:8080/finding/267 (267)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/302]\n\n*Defect + Dojo link:* http://localhost:8080/finding/302 (302)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/101]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -273,14 +273,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1853/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18201/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2990/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19662/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 3c67ae84-9827-4fdd-828d-27968a917349 + - c4fdea9d-7510-4892-83b2-7621a323f630 Atl-Traceid: - - 3c67ae8498274fdd828d27968a917349 + - c4fdea9d7510489283b27621a323f630 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -290,7 +290,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:54 GMT + - Sat, 24 May 2025 10:33:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -300,7 +300,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=288,atl-edge;dur=255,atl-edge-internal;dur=14,atl-edge-upstream;dur=241,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="4h9lw7KhhtWck7bM9QCrHb2Uc5-A9JkZzFym3x0okxcWw_SJysofzw==",cdn-downstream-fbl;dur=292 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=222,atl-edge;dur=213,atl-edge-internal;dur=20,atl-edge-upstream;dur=193,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="_T3XBgsA4NaNoVanXWRtOXO8sgoH8xmcciVSICV9q0cqJ0kT8l20aw==",cdn-downstream-fbl;dur=226 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -310,15 +310,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 1a89beee9d72657437f5e91f57220804.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 4h9lw7KhhtWck7bM9QCrHb2Uc5-A9JkZzFym3x0okxcWw_SJysofzw== + - _T3XBgsA4NaNoVanXWRtOXO8sgoH8xmcciVSICV9q0cqJ0kT8l20aw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 56200b731b472d7dc953ede9c4ef2b71 + - ea01174ecf34b099367fa8c8506dfd55 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -344,19 +344,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18201 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19662 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18201","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18201","key":"NTEST-1853","fields":{"statuscategorychangedate":"2025-04-30T18:25:53.620+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19662","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19662","key":"NTEST-2990","fields":{"statuscategorychangedate":"2025-05-24T12:33:19.748+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1853/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:53.353+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t27:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:53.433+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2990/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:19.475+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010fj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:19.542+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/267]\n\n*Defect - Dojo link:* http://localhost:8080/finding/267 (267)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/302]\n\n*Defect + Dojo link:* http://localhost:8080/finding/302 (302)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/101]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -364,14 +364,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1853/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18201/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2990/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19662/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 10bdb329-8c69-45c2-b892-d429f5b13924 + - 355430c0-d265-4a55-b692-fd72ba445ec8 Atl-Traceid: - - 10bdb3298c6945c2b892d429f5b13924 + - 355430c0d2654a55b692fd72ba445ec8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -381,7 +381,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:54 GMT + - Sat, 24 May 2025 10:33:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -391,7 +391,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="UOt4ftFH3IVHPdzi13779PalgKy5palXQFH83fB3uzOSYcsUw_6gTg==",cdn-downstream-fbl;dur=332,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=56,cdn-upstream-fbl;dur=330,atl-edge;dur=254,atl-edge-internal;dur=22,atl-edge-upstream;dur=233,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=241,atl-edge;dur=234,atl-edge-internal;dur=15,atl-edge-upstream;dur=219,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="gOwe7BTCiBX0XgAl9T_lfGQn12crhX-j-om4cGDgRRh4diUEqbkeZw==",cdn-downstream-fbl;dur=245 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -401,15 +401,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f82a4020c8fc9b14a403737c65661074.cloudfront.net (CloudFront) + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - UOt4ftFH3IVHPdzi13779PalgKy5palXQFH83fB3uzOSYcsUw_6gTg== + - gOwe7BTCiBX0XgAl9T_lfGQn12crhX-j-om4cGDgRRh4diUEqbkeZw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - b2be2d76fd72ec076afb18982bb8f546 + - be140bd27e3a53822b24da089d8fe49d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -438,12 +438,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:54.922+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:20.956+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - cd392491-2293-4afa-a8ec-e86eb69d204a + - 2f22204d-8658-4553-b10c-447862c188d9 Atl-Traceid: - - cd39249122934afaa8ece86eb69d204a + - 2f22204d86584553b10c447862c188d9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -453,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:54 GMT + - Sat, 24 May 2025 10:33:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -463,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="RXHQehAdblUOTogSQcpbDDcamjZyifSTb1uaNro6N55zH0Rl_AenDQ==",cdn-downstream-fbl;dur=255,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=252,atl-edge;dur=166,atl-edge-internal;dur=17,atl-edge-upstream;dur=149,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=116,atl-edge;dur=108,atl-edge-internal;dur=13,atl-edge-upstream;dur=95,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="fbdFpPASAFdOjQZWP_ZlOzUKgbBKMzR4U1mxNxgyl8dD_9xXUkb6NA==",cdn-downstream-fbl;dur=119 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -473,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ed78483d37e5338746e5a4b545e5818e.cloudfront.net (CloudFront) + - 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - RXHQehAdblUOTogSQcpbDDcamjZyifSTb1uaNro6N55zH0Rl_AenDQ== + - fbdFpPASAFdOjQZWP_ZlOzUKgbBKMzR4U1mxNxgyl8dD_9xXUkb6NA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 6da0288aeb611de26ec1187732228831 + - 2fdc67013a13a0edbd921b441f9ce3b3 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -519,9 +519,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - fbc00e08-a996-4896-899e-bff2dfee55a2 + - f472518c-aecc-428f-a72a-7813edf5c81c Atl-Traceid: - - fbc00e08a9964896899ebff2dfee55a2 + - f472518caecc428fa72a7813edf5c81c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -531,7 +531,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:55 GMT + - Sat, 24 May 2025 10:33:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -541,7 +541,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=359,atl-edge;dur=327,atl-edge-internal;dur=13,atl-edge-upstream;dur=314,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="TENArDj5YgUWFDRwZ0mrWVtSzvaWuS7IU6b4u8euVQpYbo6dQ4T0fg==",cdn-downstream-fbl;dur=364 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=262,atl-edge;dur=254,atl-edge-internal;dur=16,atl-edge-upstream;dur=239,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Fu8961VR1yJenQqGXF8LlELKYmVPf6TSbiZ7MzLgMeUfXWP3R11KJg==",cdn-downstream-fbl;dur=266 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -551,18 +551,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 895116b5366f3f5264f7b6361d3fd564.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - TENArDj5YgUWFDRwZ0mrWVtSzvaWuS7IU6b4u8euVQpYbo6dQ4T0fg== + - Fu8961VR1yJenQqGXF8LlELKYmVPf6TSbiZ7MzLgMeUfXWP3R11KJg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - afbd4d69586ca88c3889c288b29c49c1 + - 7cd49f43e79ec407895fbb3d782d3bdf X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -575,11 +575,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/268]\n\n*Defect - Dojo link:* http://localhost:8080/finding/268 (268)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/303]\n\n*Defect + Dojo link:* http://localhost:8080/finding/303 (303)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/101]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -597,7 +597,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -606,12 +606,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18203","key":"NTEST-1854","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18203"}' + string: '{"id":"19663","key":"NTEST-2991","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19663"}' headers: Atl-Request-Id: - - 2e56b896-934a-4b05-addb-fbc796e0dbf8 + - 9084dc09-19a2-4882-b199-48a58c87961e Atl-Traceid: - - 2e56b896934a4b05addbfbc796e0dbf8 + - 9084dc0919a24882b19948a58c87961e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -619,7 +619,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:56 GMT + - Sat, 24 May 2025 10:33:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -629,7 +629,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="vtcSK0tTLdRMlB9PtqmuCyzJ1xiM9bHPvX9CpCi-xsb-jedWhSt_Lw==",cdn-downstream-fbl;dur=717,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=60,cdn-upstream-fbl;dur=715,atl-edge;dur=633,atl-edge-internal;dur=16,atl-edge-upstream;dur=618,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=747,atl-edge;dur=739,atl-edge-internal;dur=16,atl-edge-upstream;dur=724,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="-lDmfDMFBc0fB3cXXtp2g4Y48bzHKy-b_2IaJIE0Zuf3LAldOs4fUQ==",cdn-downstream-fbl;dur=750 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -639,15 +639,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 05df0d22c8cc3d4b946b6f2dc43d6b9c.cloudfront.net (CloudFront) + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - vtcSK0tTLdRMlB9PtqmuCyzJ1xiM9bHPvX9CpCi-xsb-jedWhSt_Lw== + - -lDmfDMFBc0fB3cXXtp2g4Y48bzHKy-b_2IaJIE0Zuf3LAldOs4fUQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - f512abd5ff57690689b92248659694cb + - f7f5e52d00f7bc679d45af18bc5e13b3 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -673,19 +673,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1854 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2991 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18203","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18203","key":"NTEST-1854","fields":{"statuscategorychangedate":"2025-04-30T18:25:56.133+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19663","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19663","key":"NTEST-2991","fields":{"statuscategorychangedate":"2025-05-24T12:33:22.214+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1854/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:55.896+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t2f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:55.971+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2991/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:21.858+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010fr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:21.938+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/268]\n\n*Defect - Dojo link:* http://localhost:8080/finding/268 (268)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/303]\n\n*Defect + Dojo link:* http://localhost:8080/finding/303 (303)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/101]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -693,14 +693,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1854/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18203/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2991/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19663/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 5e3a7099-e0e8-414b-88ee-be347490ac3e + - 818f06bc-7cf7-442e-8ff7-a3f7952053e8 Atl-Traceid: - - 5e3a7099e0e8414b88eebe347490ac3e + - 818f06bc7cf7442e8ff7a3f7952053e8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -710,7 +710,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:56 GMT + - Sat, 24 May 2025 10:33:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -720,7 +720,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=293,atl-edge;dur=260,atl-edge-internal;dur=16,atl-edge-upstream;dur=244,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="H5FGtnA_AU4Ce3O4YDL897ko_G-9ifK4J4aF-_9RyLWWLqKcojHR6A==",cdn-downstream-fbl;dur=298 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="C-WVK-cfxePOpY2qWMRoAUZW4NTBz6gim9kpokO8zjBIWyC1NWJ9MQ==",cdn-downstream-fbl;dur=253,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=250,atl-edge;dur=221,atl-edge-internal;dur=16,atl-edge-upstream;dur=206,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -730,15 +730,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8139bc666c011a53bdc5037ba6d5931e.cloudfront.net (CloudFront) + - 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - H5FGtnA_AU4Ce3O4YDL897ko_G-9ifK4J4aF-_9RyLWWLqKcojHR6A== + - C-WVK-cfxePOpY2qWMRoAUZW4NTBz6gim9kpokO8zjBIWyC1NWJ9MQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - f8f52a4418f5095388a13dba465ac88c + - a198d8872c970f14e85e6554a4a427e5 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -764,19 +764,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18203 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19663 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18203","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18203","key":"NTEST-1854","fields":{"statuscategorychangedate":"2025-04-30T18:25:56.133+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19663","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19663","key":"NTEST-2991","fields":{"statuscategorychangedate":"2025-05-24T12:33:22.214+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1854/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:55.896+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t2f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:55.971+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2991/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:21.858+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010fr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:21.938+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/268]\n\n*Defect - Dojo link:* http://localhost:8080/finding/268 (268)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/303]\n\n*Defect + Dojo link:* http://localhost:8080/finding/303 (303)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/101]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -784,14 +784,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1854/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18203/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2991/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19663/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 7d0820e7-00a5-49ba-8710-a0f09c14679b + - dab7dbec-43d5-48ea-96ad-1ac52696774c Atl-Traceid: - - 7d0820e700a549ba8710a0f09c14679b + - dab7dbec43d548ea96ad1ac52696774c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -801,7 +801,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:57 GMT + - Sat, 24 May 2025 10:33:23 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -811,7 +811,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="LxceReoEDufGa_Xn1P8ugxHgFLYFBo7KtEkLUOKOGpn_aGTFWbli3A==",cdn-downstream-fbl;dur=323,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=321,atl-edge;dur=247,atl-edge-internal;dur=18,atl-edge-upstream;dur=230,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=216,atl-edge;dur=209,atl-edge-internal;dur=16,atl-edge-upstream;dur=193,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="346xky9cJkSgSp4HTyrIthxhyj_9qPJX-5sqlUfUox90b5EsDjO2OA==",cdn-downstream-fbl;dur=221 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -821,15 +821,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9d71affbaf22baf23eab459f3d2ee77a.cloudfront.net (CloudFront) + - 1.1 0e12b175c31e0e750266df78bf0e1068.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - LxceReoEDufGa_Xn1P8ugxHgFLYFBo7KtEkLUOKOGpn_aGTFWbli3A== + - 346xky9cJkSgSp4HTyrIthxhyj_9qPJX-5sqlUfUox90b5EsDjO2OA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 16a19ddf2d39b19667810ff878a8f033 + - 20ffec2960a4b34eefe09ac34bcb06f5 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -842,14 +842,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/101", "url_api": "http://localhost:8080/api/v2/tests/101/", + "http://localhost:8080/test/108", "url_api": "http://localhost:8080/api/v2/tests/108/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 101, "url_ui": "http://localhost:8080/test/101", "url_api": "http://localhost:8080/api/v2/tests/101/"}}' + 108, "url_ui": "http://localhost:8080/test/108", "url_api": "http://localhost:8080/api/v2/tests/108/"}}' headers: Accept: - application/json @@ -864,7 +864,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -878,13 +878,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:47978\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:41340\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/101\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/101/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/108\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/108/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -892,8 +892,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 101, \\\"url_ui\\\": \\\"http://localhost:8080/test/101\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/101/\\\"}}\",\n \"files\": + null, \\\"id\\\": 108, \\\"url_ui\\\": \\\"http://localhost:8080/test/108\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/108/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -903,11 +903,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 101,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/101/\",\n - \ \"url_ui\": \"http://localhost:8080/test/101\"\n },\n \"title\": + 108,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/108/\",\n + \ \"url_ui\": \"http://localhost:8080/test/108\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/101/\",\n \"url_ui\": - \"http://localhost:8080/test/101\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/108/\",\n \"url_ui\": + \"http://localhost:8080/test/108\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -916,7 +916,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:25:57 GMT + - Sat, 24 May 2025 10:33:20 GMT Transfer-Encoding: - chunked status: @@ -925,19 +925,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/101", "url_api": "http://localhost:8080/api/v2/tests/101/", + "url_ui": "http://localhost:8080/test/108", "url_api": "http://localhost:8080/api/v2/tests/108/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 101, "url_ui": "http://localhost:8080/test/101", "url_api": "http://localhost:8080/api/v2/tests/101/"}, - "finding_count": 2, "findings": {"new": [{"id": 267, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/267", - "url_api": "http://localhost:8080/api/v2/findings/267/"}, {"id": 268, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/268", - "url_api": "http://localhost:8080/api/v2/findings/268/"}], "reactivated": [], + 108, "url_ui": "http://localhost:8080/test/108", "url_api": "http://localhost:8080/api/v2/tests/108/"}, + "finding_count": 2, "findings": {"new": [{"id": 302, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/302", + "url_api": "http://localhost:8080/api/v2/findings/302/"}, {"id": 303, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/303", + "url_api": "http://localhost:8080/api/v2/findings/303/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -953,7 +953,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -967,51 +967,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:47994\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:41354\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/101\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/101/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/108\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/108/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 101, \\\"url_ui\\\": \\\"http://localhost:8080/test/101\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/101/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 267, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 108, \\\"url_ui\\\": \\\"http://localhost:8080/test/108\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/108/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 302, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/267\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/267/\\\"}, - {\\\"id\\\": 268, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/268\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/268/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/302\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/302/\\\"}, + {\\\"id\\\": 303, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/303\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/303/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 267,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/267/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/267\"\n },\n - \ {\n \"id\": 268,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/268/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/268\"\n }\n ],\n + \ \"id\": 302,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/302/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/302\"\n },\n + \ {\n \"id\": 303,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/303/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/303\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 101,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/101/\",\n - \ \"url_ui\": \"http://localhost:8080/test/101\"\n },\n \"title\": + 108,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/108/\",\n + \ \"url_ui\": \"http://localhost:8080/test/108\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/101/\",\n - \ \"url_ui\": \"http://localhost:8080/test/101\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/108/\",\n + \ \"url_ui\": \"http://localhost:8080/test/108\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1021,7 +1021,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:25:57 GMT + - Sat, 24 May 2025 10:33:20 GMT Transfer-Encoding: - chunked status: @@ -1046,12 +1046,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:57.468+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:23.414+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 8e87b336-5261-489b-92e4-e98a9d5e6383 + - 0211bfd7-d949-4b97-9951-5c8a67712a6a Atl-Traceid: - - 8e87b3365261489b92e4e98a9d5e6383 + - 0211bfd7d9494b9799515c8a67712a6a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1061,7 +1061,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:57 GMT + - Sat, 24 May 2025 10:33:23 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1071,7 +1071,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=183,atl-edge;dur=150,atl-edge-internal;dur=16,atl-edge-upstream;dur=134,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="eICMfGlfipST20ThJ5mpZjBHB251h6OH2Sf8ZBKgtsHV3xMdD0w5Kw==",cdn-downstream-fbl;dur=186 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=112,atl-edge;dur=104,atl-edge-internal;dur=16,atl-edge-upstream;dur=88,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="KlFImn6IMoe8WU7wyGhG2I2ny9B7Zt99Ef8GjNDZmWXjyH6kynDNLQ==",cdn-downstream-fbl;dur=117 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1081,15 +1081,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1918cab433d8a05c792c3cff85897f3c.cloudfront.net (CloudFront) + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - eICMfGlfipST20ThJ5mpZjBHB251h6OH2Sf8ZBKgtsHV3xMdD0w5Kw== + - KlFImn6IMoe8WU7wyGhG2I2ny9B7Zt99Ef8GjNDZmWXjyH6kynDNLQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 0d16bf58bd4f55f9a98bf93cef02d7df + - 690ddc1a818620c44149331674d404f1 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1115,19 +1115,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18201 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19662 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18201","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18201","key":"NTEST-1853","fields":{"statuscategorychangedate":"2025-04-30T18:25:53.620+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19662","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19662","key":"NTEST-2990","fields":{"statuscategorychangedate":"2025-05-24T12:33:19.748+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1853/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:53.353+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t27:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:53.433+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2990/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:19.475+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010fj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:19.542+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/267]\n\n*Defect - Dojo link:* http://localhost:8080/finding/267 (267)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/302]\n\n*Defect + Dojo link:* http://localhost:8080/finding/302 (302)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/101]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1135,14 +1135,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1853/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18201/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2990/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19662/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 96c489e3-8c8b-4b45-9c80-a60897e5c83f + - 8c27d126-dfea-4a88-badd-2d917d0f9932 Atl-Traceid: - - 96c489e38c8b4b459c80a60897e5c83f + - 8c27d126dfea4a88badd2d917d0f9932 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1152,7 +1152,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:57 GMT + - Sat, 24 May 2025 10:33:23 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1162,7 +1162,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="VhIcHrec922lQeGSeGVKTvbacJnmi21zMnGtlcaLFUYQl38xFp3OMw==",cdn-downstream-fbl;dur=354,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=61,cdn-upstream-fbl;dur=352,atl-edge;dur=269,atl-edge-internal;dur=14,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="sfvswjs0A7_rhnjENtNycBpJXJ9CLXDf7lYyBCzxLn7Lm5tRaBcbLQ==",cdn-downstream-fbl;dur=254,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=252,atl-edge;dur=224,atl-edge-internal;dur=17,atl-edge-upstream;dur=207,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1172,15 +1172,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f4931915c262d78fa3e94b48faa4f55a.cloudfront.net (CloudFront) + - 1.1 0e12b175c31e0e750266df78bf0e1068.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - VhIcHrec922lQeGSeGVKTvbacJnmi21zMnGtlcaLFUYQl38xFp3OMw== + - sfvswjs0A7_rhnjENtNycBpJXJ9CLXDf7lYyBCzxLn7Lm5tRaBcbLQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 80feaeb46ecd9faf91fd081bb20889e7 + - 039174580bde91443a5cd67683676398 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1218,9 +1218,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 40b21243-d262-4935-bd8f-5d64604f72b1 + - 09b08307-1e8f-4487-b796-4d326b7e7175 Atl-Traceid: - - 40b21243d2624935bd8f5d64604f72b1 + - 09b083071e8f4487b7964d326b7e7175 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1230,7 +1230,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:58 GMT + - Sat, 24 May 2025 10:33:24 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1240,7 +1240,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=320,atl-edge;dur=286,atl-edge-internal;dur=19,atl-edge-upstream;dur=269,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="0KIcQ37oWGsREV3aOR9_QdONN63pPJU8hIf_yOgBRcM5uLXEh5_Cfw==",cdn-downstream-fbl;dur=323 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=286,atl-edge;dur=279,atl-edge-internal;dur=17,atl-edge-upstream;dur=262,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Wm5AF_-SUlmjSe8ZhnZfWMQxWSb3VS_j8PD1tJpq2H0Ci0Q4A2ZA4g==",cdn-downstream-fbl;dur=291 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1250,18 +1250,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 535c2b5354e6ba6798fd64420ee97a2c.cloudfront.net (CloudFront) + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 0KIcQ37oWGsREV3aOR9_QdONN63pPJU8hIf_yOgBRcM5uLXEh5_Cfw== + - Wm5AF_-SUlmjSe8ZhnZfWMQxWSb3VS_j8PD1tJpq2H0Ci0Q4A2ZA4g== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c0318c6e03857bceba01c726b3fc2f8e + - 7e6868cd6e280c49f2cee6fd59c44357 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1274,11 +1274,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/267]\n\n*Defect - Dojo link:* http://localhost:8080/finding/267 (267)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/302]\n\n*Defect + Dojo link:* http://localhost:8080/finding/302 (302)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/101]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1296,21 +1296,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1308' + - '1309' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18201 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19662 response: body: string: '' headers: Atl-Request-Id: - - ae5a9139-6013-46b9-8455-4087049db188 + - ac907853-e9ec-4397-a8cc-daa0ffa1c911 Atl-Traceid: - - ae5a9139601346b984554087049db188 + - ac907853e9ec4397a8ccdaa0ffa1c911 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1318,7 +1318,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:58 GMT + - Sat, 24 May 2025 10:33:24 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1328,7 +1328,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=316,atl-edge;dur=284,atl-edge-internal;dur=17,atl-edge-upstream;dur=267,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="Gj-1UPdBZnGHAwsIrvjKsTnJGAdxq929GSFbP8ONROYqi2firuFo9Q==",cdn-downstream-fbl;dur=320 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=276,atl-edge;dur=268,atl-edge-internal;dur=16,atl-edge-upstream;dur=252,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Q4gzH-3V0yCTQNxqMjuXBif5kdsMv2m41ipwrxPlZgpmVdHCEy-9ng==",cdn-downstream-fbl;dur=282 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1336,15 +1336,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 848ee9f48eafd6caa6bf5371a2f79f28.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Gj-1UPdBZnGHAwsIrvjKsTnJGAdxq929GSFbP8ONROYqi2firuFo9Q== + - Q4gzH-3V0yCTQNxqMjuXBif5kdsMv2m41ipwrxPlZgpmVdHCEy-9ng== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 13c1db5e6471961cd6d5a9ac184e80c5 + - b2f99a8240fe9c4d9fcc408729df12a1 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1370,19 +1370,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18201 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19662 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18201","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18201","key":"NTEST-1853","fields":{"statuscategorychangedate":"2025-04-30T18:25:53.620+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19662","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19662","key":"NTEST-2990","fields":{"statuscategorychangedate":"2025-05-24T12:33:19.748+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1853/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:53.353+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t27:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:53.433+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2990/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:19.475+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010fj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:19.542+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/267]\n\n*Defect - Dojo link:* http://localhost:8080/finding/267 (267)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/302]\n\n*Defect + Dojo link:* http://localhost:8080/finding/302 (302)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/101]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1390,14 +1390,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1853/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18201/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2990/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19662/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 5c7d381a-b10c-43cc-aeb4-1e9613b56c0c + - 83a6055a-6eb0-4291-8fe0-d5e2d76e51cb Atl-Traceid: - - 5c7d381ab10c43ccaeb41e9613b56c0c + - 83a6055a6eb042918fe0d5e2d76e51cb Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1407,7 +1407,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:59 GMT + - Sat, 24 May 2025 10:33:24 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1417,7 +1417,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=299,atl-edge;dur=266,atl-edge-internal;dur=14,atl-edge-upstream;dur=252,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="-wjLoxVeB8wPkuWO9TziqEtUIDcf-tW70xsJ68rtLQUBDwh4JspCyg==",cdn-downstream-fbl;dur=302 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=237,atl-edge;dur=230,atl-edge-internal;dur=19,atl-edge-upstream;dur=210,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="1Dcsae_t9Zz4wt6JRnpbD5Xtj_rau39IYsDS8NMpHV65ejN9dsd2iQ==",cdn-downstream-fbl;dur=241 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1427,15 +1427,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 995d6494814d695ff2add6899f970080.cloudfront.net (CloudFront) + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - -wjLoxVeB8wPkuWO9TziqEtUIDcf-tW70xsJ68rtLQUBDwh4JspCyg== + - 1Dcsae_t9Zz4wt6JRnpbD5Xtj_rau39IYsDS8NMpHV65ejN9dsd2iQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 3c450836e3c083d15b66b0420c3a7e39 + - e08c677cacc0d68a03ee0a69fc2dde8a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1464,12 +1464,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:25:59.741+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:25.018+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - ce2fa487-a9ed-4daa-8e7e-4054599aec9e + - 072aabf4-c4ad-4735-aa65-742fab085a9f Atl-Traceid: - - ce2fa487a9ed4daa8e7e4054599aec9e + - 072aabf4c4ad4735aa65742fab085a9f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1479,7 +1479,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:25:59 GMT + - Sat, 24 May 2025 10:33:25 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1489,7 +1489,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="olDypmnvFcSuKsvu1quldiyH_-zaGjKoZ7TRcHSvMnzLtop1H60uGA==",cdn-downstream-fbl;dur=247,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=59,cdn-upstream-fbl;dur=244,atl-edge;dur=158,atl-edge-internal;dur=20,atl-edge-upstream;dur=143,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="wIQpB6z5UpmRfqWdI5BuTaTQDDECxmQrmv807f66NjiYtimB3mko7w==",cdn-downstream-fbl;dur=118,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=116,atl-edge;dur=107,atl-edge-internal;dur=15,atl-edge-upstream;dur=94,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1499,15 +1499,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0835ebd52ef8594cd8aa4dac9cfbd9a8.cloudfront.net (CloudFront) + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - olDypmnvFcSuKsvu1quldiyH_-zaGjKoZ7TRcHSvMnzLtop1H60uGA== + - wIQpB6z5UpmRfqWdI5BuTaTQDDECxmQrmv807f66NjiYtimB3mko7w== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 1bd9a3d78cb703d12edb57ae95f6b068 + - d1964ffc3ee452b9dedab5575404d8a7 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1533,19 +1533,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18203 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19663 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18203","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18203","key":"NTEST-1854","fields":{"statuscategorychangedate":"2025-04-30T18:25:56.133+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19663","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19663","key":"NTEST-2991","fields":{"statuscategorychangedate":"2025-05-24T12:33:22.214+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1854/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:55.896+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t2f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:55.971+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2991/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:21.858+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010fr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:21.938+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/268]\n\n*Defect - Dojo link:* http://localhost:8080/finding/268 (268)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/303]\n\n*Defect + Dojo link:* http://localhost:8080/finding/303 (303)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/101]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1553,14 +1553,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1854/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18203/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2991/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19663/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 2094b0c0-544f-4577-a9c2-a31a9c1fcf75 + - f5a9b6f0-ad92-49d8-a55a-9a997d92e2c5 Atl-Traceid: - - 2094b0c0544f4577a9c2a31a9c1fcf75 + - f5a9b6f0ad9249d8a55a9a997d92e2c5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1570,7 +1570,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:00 GMT + - Sat, 24 May 2025 10:33:25 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1580,7 +1580,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=351,atl-edge;dur=318,atl-edge-internal;dur=14,atl-edge-upstream;dur=304,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="dI2_wl6qU673ZsIUC8P8-BtbPNJzOS10dNGo9pLyb0kNisqPQZ-KAQ==",cdn-downstream-fbl;dur=355 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="iOnijlXOsUC2rc_A5-b5oRR7B3SW8Ppys1xxmA2aziE8mcuYRRBbnQ==",cdn-downstream-fbl;dur=246,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=19,cdn-upstream-fbl;dur=243,atl-edge;dur=217,atl-edge-internal;dur=15,atl-edge-upstream;dur=202,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1590,15 +1590,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e9bcf307d6ed54e3e501e39bc538dcfc.cloudfront.net (CloudFront) + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - dI2_wl6qU673ZsIUC8P8-BtbPNJzOS10dNGo9pLyb0kNisqPQZ-KAQ== + - iOnijlXOsUC2rc_A5-b5oRR7B3SW8Ppys1xxmA2aziE8mcuYRRBbnQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 932ce84e45ecd502abc4ef47c0174e5d + - 91d7e773679360eda8d870a4544cf5b6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1636,9 +1636,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - bc90808d-f970-4daa-b99f-6dda68581baa + - c66f70e4-70af-40cf-92d7-ddc06039a4c8 Atl-Traceid: - - bc90808df9704daab99f6dda68581baa + - c66f70e470af40cf92d7ddc06039a4c8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1648,7 +1648,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:00 GMT + - Sat, 24 May 2025 10:33:25 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1658,7 +1658,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=342,atl-edge;dur=310,atl-edge-internal;dur=17,atl-edge-upstream;dur=293,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="H_1T1GFCKvWBjF0OffKoAKz9fN2PvVtMooi2_tFXu-YQQe9iVnlxRg==",cdn-downstream-fbl;dur=346 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=270,atl-edge;dur=263,atl-edge-internal;dur=18,atl-edge-upstream;dur=245,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="AhZkcRw4sWcYWHERgmDgaBx7nQ5_Yr17eNKznJVlj93h_NG7ToxVjw==",cdn-downstream-fbl;dur=275 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1668,18 +1668,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e665d09233240df4d3172e59222e0ba2.cloudfront.net (CloudFront) + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - H_1T1GFCKvWBjF0OffKoAKz9fN2PvVtMooi2_tFXu-YQQe9iVnlxRg== + - AhZkcRw4sWcYWHERgmDgaBx7nQ5_Yr17eNKznJVlj93h_NG7ToxVjw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 3d4ef91eaccb37699332af19aa33d0d6 + - e1f49da6f873311c49fb86cc833cc055 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1692,11 +1692,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/268]\n\n*Defect - Dojo link:* http://localhost:8080/finding/268 (268)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/303]\n\n*Defect + Dojo link:* http://localhost:8080/finding/303 (303)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/101]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1714,21 +1714,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1308' + - '1309' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18203 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19663 response: body: string: '' headers: Atl-Request-Id: - - f562e007-28dd-490a-af3b-70ec4235e81d + - a8d6e5f4-027b-430d-be5d-2fd59c0fd231 Atl-Traceid: - - f562e00728dd490aaf3b70ec4235e81d + - a8d6e5f4027b430dbe5d2fd59c0fd231 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1736,7 +1736,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:01 GMT + - Sat, 24 May 2025 10:33:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1746,7 +1746,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=294,atl-edge;dur=261,atl-edge-internal;dur=19,atl-edge-upstream;dur=242,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="G6kJU51h0YDioS9BApc2ZTYPUwgED-rIRgOTco_XvohEX1a5J-aOJA==",cdn-downstream-fbl;dur=298 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=230,atl-edge;dur=223,atl-edge-internal;dur=16,atl-edge-upstream;dur=207,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ZiMPcypGss0XbsU64KCwxmnzHXQp2lOs5xCPfVytPZKtoHIgtvOvkQ==",cdn-downstream-fbl;dur=235 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1754,15 +1754,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5538280951642fc71308aa997730220e.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - G6kJU51h0YDioS9BApc2ZTYPUwgED-rIRgOTco_XvohEX1a5J-aOJA== + - ZiMPcypGss0XbsU64KCwxmnzHXQp2lOs5xCPfVytPZKtoHIgtvOvkQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - e2244d190f22d0635c206f36cde3ce05 + - 33b0625326aaa5cf9595a7076956a8f8 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1788,19 +1788,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18203 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19663 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18203","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18203","key":"NTEST-1854","fields":{"statuscategorychangedate":"2025-04-30T18:25:56.133+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19663","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19663","key":"NTEST-2991","fields":{"statuscategorychangedate":"2025-05-24T12:33:22.214+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1854/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:25:55.896+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t2f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:25:55.971+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2991/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:21.858+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010fr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:21.938+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/268]\n\n*Defect - Dojo link:* http://localhost:8080/finding/268 (268)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/303]\n\n*Defect + Dojo link:* http://localhost:8080/finding/303 (303)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/101]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1808,14 +1808,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1854/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18203/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2991/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19663/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 2d7fb5d6-eb9b-467b-8197-e40475cdf5e3 + - 764816eb-4a5b-4b47-b1d4-a9df462bce6c Atl-Traceid: - - 2d7fb5d6eb9b467b8197e40475cdf5e3 + - 764816eb4a5b4b47b1d4a9df462bce6c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1825,7 +1825,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:01 GMT + - Sat, 24 May 2025 10:33:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1835,7 +1835,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="a_rXMU0DRQpeJ7l0U6FUylbl07nr43n_OrZKZtgYNSpdX-SCZW0dbQ==",cdn-downstream-fbl;dur=330,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=56,cdn-upstream-fbl;dur=327,atl-edge;dur=251,atl-edge-internal;dur=19,atl-edge-upstream;dur=232,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=243,atl-edge;dur=235,atl-edge-internal;dur=16,atl-edge-upstream;dur=220,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="4fA_7YECDqknLUOBamxprNKpPfuRrT4pNOE4rAxx5M0ELCJz7y_DBA==",cdn-downstream-fbl;dur=247 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1845,15 +1845,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 476cbc24d5f1a673aca06385c3863276.cloudfront.net (CloudFront) + - 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - a_rXMU0DRQpeJ7l0U6FUylbl07nr43n_OrZKZtgYNSpdX-SCZW0dbQ== + - 4fA_7YECDqknLUOBamxprNKpPfuRrT4pNOE4rAxx5M0ELCJz7y_DBA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - dd84aab8b51a186b9a7f68c6f60f91b2 + - bc85adb2b46afa357239ffa6eb373cf6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1864,21 +1864,7 @@ interactions: code: 200 message: OK - request: - body: '{"description": "Event scan_added_empty has occurred.", "title": "Created/Updated - 0 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/101", "url_api": "http://localhost:8080/api/v2/tests/101/", - "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", - "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": - "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": - "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter - Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": - "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 101, "url_ui": "http://localhost:8080/test/101", "url_api": "http://localhost:8080/api/v2/tests/101/"}, - "finding_count": 0, "findings": {"new": [], "reactivated": [], "mitigated": - [], "untouched": [{"id": 267, "title": "Zap1: Cookie Without Secure Flag", "severity": - "Low", "url_ui": "http://localhost:8080/finding/267", "url_api": "http://localhost:8080/api/v2/findings/267/"}, - {"id": 268, "title": "Zap2: Cookie Without Secure Flag", "severity": "Low", - "url_ui": "http://localhost:8080/finding/268", "url_api": "http://localhost:8080/api/v2/findings/268/"}]}}' + body: '"scan_added.tpl"' headers: Accept: - application/json @@ -1889,11 +1875,11 @@ interactions: Connection: - keep-alive Content-Length: - - '1321' + - '16' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added_empty X-DefectDojo-Instance: @@ -1905,64 +1891,25 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"1321\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"16\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added_empty\"\n ],\n \"X-Defectdojo-Instance\": [\n \ \"http://localhost:8080\"\n ]\n },\n \"method\": \"POST\",\n \"origin\": - \"172.18.0.9:47318\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n - \ \"data\": \"{\\\"description\\\": \\\"Event scan_added_empty has occurred.\\\", - \\\"title\\\": \\\"Created/Updated 0 findings for Security How-to: 1st Quarter - Engagement: ZAP Scan\\\", \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/101\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/101/\\\", \\\"product_type\\\": - {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": - {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": - {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": - \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 101, \\\"url_ui\\\": \\\"http://localhost:8080/test/101\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/101/\\\"}, \\\"finding_count\\\": - 0, \\\"findings\\\": {\\\"new\\\": [], \\\"reactivated\\\": [], \\\"mitigated\\\": - [], \\\"untouched\\\": [{\\\"id\\\": 267, \\\"title\\\": \\\"Zap1: Cookie - Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/267\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/267/\\\"}, {\\\"id\\\": - 268, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", \\\"severity\\\": - \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/268\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/268/\\\"}]}}\",\n \"files\": {},\n - \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added_empty - has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": - \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n - \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": - 0,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [],\n \"reactivated\": - [],\n \"untouched\": [\n {\n \"id\": 267,\n \"severity\": - \"Low\",\n \"title\": \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/267/\",\n \"url_ui\": \"http://localhost:8080/finding/267\"\n - \ },\n {\n \"id\": 268,\n \"severity\": \"Low\",\n - \ \"title\": \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/268/\",\n \"url_ui\": \"http://localhost:8080/finding/268\"\n - \ }\n ]\n },\n \"product\": {\n \"id\": 2,\n \"name\": - \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n - \ \"url_ui\": \"http://localhost:8080/product/2\"\n },\n \"product_type\": - {\n \"id\": 2,\n \"name\": \"ebooks\",\n \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n - \ \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": - {\n \"id\": 101,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/101/\",\n - \ \"url_ui\": \"http://localhost:8080/test/101\"\n },\n \"title\": - \"Created/Updated 0 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/101/\",\n - \ \"url_ui\": \"http://localhost:8080/test/101\",\n \"user\": null\n - \ }\n}\n" + \"10.250.1.6:41370\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n + \ \"data\": \"\\\"scan_added.tpl\\\"\",\n \"files\": {},\n \"form\": {},\n + \ \"json\": \"scan_added.tpl\"\n}\n" headers: Access-Control-Allow-Credentials: - 'true' Access-Control-Allow-Origin: - '*' + Content-Length: + - '738' Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:01 GMT - Transfer-Encoding: - - chunked + - Sat, 24 May 2025 10:33:23 GMT status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_push_to_jira_false.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_push_to_jira_false.yaml index 9533c1d1d24..746b23d3822 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_push_to_jira_false.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_push_to_jira_false.yaml @@ -2,14 +2,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/102", "url_api": "http://localhost:8080/api/v2/tests/102/", + "http://localhost:8080/test/109", "url_api": "http://localhost:8080/api/v2/tests/109/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 102, "url_ui": "http://localhost:8080/test/102", "url_api": "http://localhost:8080/api/v2/tests/102/"}}' + 109, "url_ui": "http://localhost:8080/test/109", "url_api": "http://localhost:8080/api/v2/tests/109/"}}' headers: Accept: - application/json @@ -24,7 +24,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -38,13 +38,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:47320\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:41382\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/102\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/102/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/109\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/109/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -52,8 +52,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 102, \\\"url_ui\\\": \\\"http://localhost:8080/test/102\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/102/\\\"}}\",\n \"files\": + null, \\\"id\\\": 109, \\\"url_ui\\\": \\\"http://localhost:8080/test/109\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/109/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -63,11 +63,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 102,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/102/\",\n - \ \"url_ui\": \"http://localhost:8080/test/102\"\n },\n \"title\": + 109,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/109/\",\n + \ \"url_ui\": \"http://localhost:8080/test/109\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/102/\",\n \"url_ui\": - \"http://localhost:8080/test/102\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/109/\",\n \"url_ui\": + \"http://localhost:8080/test/109\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -76,7 +76,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:01 GMT + - Sat, 24 May 2025 10:33:24 GMT Transfer-Encoding: - chunked status: @@ -85,19 +85,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/102", "url_api": "http://localhost:8080/api/v2/tests/102/", + "url_ui": "http://localhost:8080/test/109", "url_api": "http://localhost:8080/api/v2/tests/109/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 102, "url_ui": "http://localhost:8080/test/102", "url_api": "http://localhost:8080/api/v2/tests/102/"}, - "finding_count": 2, "findings": {"new": [{"id": 269, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/269", - "url_api": "http://localhost:8080/api/v2/findings/269/"}, {"id": 270, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/270", - "url_api": "http://localhost:8080/api/v2/findings/270/"}], "reactivated": [], + 109, "url_ui": "http://localhost:8080/test/109", "url_api": "http://localhost:8080/api/v2/tests/109/"}, + "finding_count": 2, "findings": {"new": [{"id": 304, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/304", + "url_api": "http://localhost:8080/api/v2/findings/304/"}, {"id": 305, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/305", + "url_api": "http://localhost:8080/api/v2/findings/305/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -113,7 +113,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -127,51 +127,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:47324\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:41384\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/102\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/102/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/109\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/109/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 102, \\\"url_ui\\\": \\\"http://localhost:8080/test/102\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/102/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 269, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 109, \\\"url_ui\\\": \\\"http://localhost:8080/test/109\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/109/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 304, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/269\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/269/\\\"}, - {\\\"id\\\": 270, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/270\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/270/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/304\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/304/\\\"}, + {\\\"id\\\": 305, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/305\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/305/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 269,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/269/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/269\"\n },\n - \ {\n \"id\": 270,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/270/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/270\"\n }\n ],\n + \ \"id\": 304,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/304/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/304\"\n },\n + \ {\n \"id\": 305,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/305/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/305\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 102,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/102/\",\n - \ \"url_ui\": \"http://localhost:8080/test/102\"\n },\n \"title\": + 109,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/109/\",\n + \ \"url_ui\": \"http://localhost:8080/test/109\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/102/\",\n - \ \"url_ui\": \"http://localhost:8080/test/102\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/109/\",\n + \ \"url_ui\": \"http://localhost:8080/test/109\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -181,28 +181,14 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:01 GMT + - Sat, 24 May 2025 10:33:24 GMT Transfer-Encoding: - chunked status: code: 200 message: OK - request: - body: '{"description": "Event scan_added_empty has occurred.", "title": "Created/Updated - 0 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/102", "url_api": "http://localhost:8080/api/v2/tests/102/", - "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", - "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": - "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": - "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter - Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": - "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 102, "url_ui": "http://localhost:8080/test/102", "url_api": "http://localhost:8080/api/v2/tests/102/"}, - "finding_count": 0, "findings": {"new": [], "reactivated": [], "mitigated": - [], "untouched": [{"id": 269, "title": "Zap1: Cookie Without Secure Flag", "severity": - "Low", "url_ui": "http://localhost:8080/finding/269", "url_api": "http://localhost:8080/api/v2/findings/269/"}, - {"id": 270, "title": "Zap2: Cookie Without Secure Flag", "severity": "Low", - "url_ui": "http://localhost:8080/finding/270", "url_api": "http://localhost:8080/api/v2/findings/270/"}]}}' + body: '"scan_added.tpl"' headers: Accept: - application/json @@ -213,11 +199,11 @@ interactions: Connection: - keep-alive Content-Length: - - '1321' + - '16' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added_empty X-DefectDojo-Instance: @@ -229,64 +215,25 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"1321\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"16\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added_empty\"\n ],\n \"X-Defectdojo-Instance\": [\n \ \"http://localhost:8080\"\n ]\n },\n \"method\": \"POST\",\n \"origin\": - \"172.18.0.9:47328\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n - \ \"data\": \"{\\\"description\\\": \\\"Event scan_added_empty has occurred.\\\", - \\\"title\\\": \\\"Created/Updated 0 findings for Security How-to: 1st Quarter - Engagement: ZAP Scan\\\", \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/102\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/102/\\\", \\\"product_type\\\": - {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": - {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": - {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": - \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 102, \\\"url_ui\\\": \\\"http://localhost:8080/test/102\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/102/\\\"}, \\\"finding_count\\\": - 0, \\\"findings\\\": {\\\"new\\\": [], \\\"reactivated\\\": [], \\\"mitigated\\\": - [], \\\"untouched\\\": [{\\\"id\\\": 269, \\\"title\\\": \\\"Zap1: Cookie - Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/269\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/269/\\\"}, {\\\"id\\\": - 270, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", \\\"severity\\\": - \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/270\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/270/\\\"}]}}\",\n \"files\": {},\n - \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added_empty - has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": - \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n - \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": - 0,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [],\n \"reactivated\": - [],\n \"untouched\": [\n {\n \"id\": 269,\n \"severity\": - \"Low\",\n \"title\": \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/269/\",\n \"url_ui\": \"http://localhost:8080/finding/269\"\n - \ },\n {\n \"id\": 270,\n \"severity\": \"Low\",\n - \ \"title\": \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/270/\",\n \"url_ui\": \"http://localhost:8080/finding/270\"\n - \ }\n ]\n },\n \"product\": {\n \"id\": 2,\n \"name\": - \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n - \ \"url_ui\": \"http://localhost:8080/product/2\"\n },\n \"product_type\": - {\n \"id\": 2,\n \"name\": \"ebooks\",\n \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n - \ \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": - {\n \"id\": 102,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/102/\",\n - \ \"url_ui\": \"http://localhost:8080/test/102\"\n },\n \"title\": - \"Created/Updated 0 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/102/\",\n - \ \"url_ui\": \"http://localhost:8080/test/102\",\n \"user\": null\n - \ }\n}\n" + \"10.250.1.6:41386\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n + \ \"data\": \"\\\"scan_added.tpl\\\"\",\n \"files\": {},\n \"form\": {},\n + \ \"json\": \"scan_added.tpl\"\n}\n" headers: Access-Control-Allow-Credentials: - 'true' Access-Control-Allow-Origin: - '*' + Content-Length: + - '738' Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:02 GMT - Transfer-Encoding: - - chunked + - Sat, 24 May 2025 10:33:24 GMT status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues.yaml index 15536f8f812..e68b94cb95f 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:02.310+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:27.041+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 518f43ca-5b72-4c6d-a1ce-9413dd297418 + - 3e239015-b346-4b8f-a065-4ca24e46e9f7 Atl-Traceid: - - 518f43ca5b724c6da1ce9413dd297418 + - 3e239015b3464b8fa0654ca24e46e9f7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:02 GMT + - Sat, 24 May 2025 10:33:27 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=185,atl-edge;dur=152,atl-edge-internal;dur=13,atl-edge-upstream;dur=140,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="bmw16hsH1tgIFQrOiswivBWIhbUOVnzemn7TyOqLEpTDJsVnWOD_rw==",cdn-downstream-fbl;dur=189 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=114,atl-edge;dur=106,atl-edge-internal;dur=17,atl-edge-upstream;dur=90,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="NATA0bDR-eJZzJZ8kMJakXLXwsHGGknaxfVT60nItqGOmP7Zw63QYw==",cdn-downstream-fbl;dur=117 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e665d09233240df4d3172e59222e0ba2.cloudfront.net (CloudFront) + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - bmw16hsH1tgIFQrOiswivBWIhbUOVnzemn7TyOqLEpTDJsVnWOD_rw== + - NATA0bDR-eJZzJZ8kMJakXLXwsHGGknaxfVT60nItqGOmP7Zw63QYw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 623a13ae552691ca72f837dcb33c0a6c + - 12ec2b07f57b15b85a30d602ff78d879 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - f7d9d1f7-7d09-4b0e-a800-dc8d7cff74b8 + - 1a14f007-63c0-451e-a767-63dc6208ba5b Atl-Traceid: - - f7d9d1f77d094b0ea800dc8d7cff74b8 + - 1a14f00763c0451ea76763dc6208ba5b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:02 GMT + - Sat, 24 May 2025 10:33:27 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="rAzMONC273AckzRGp4mKZ6gTucORussBjGqp7GPgA7woURaGc58n6g==",cdn-downstream-fbl;dur=376,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=373,atl-edge;dur=288,atl-edge-internal;dur=19,atl-edge-upstream;dur=268,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=309,atl-edge;dur=302,atl-edge-internal;dur=15,atl-edge-upstream;dur=287,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="7KT5T97GOVL9UyMO5QhIWs5kURpRlBGbsVuIugn5Jx1L2hx_7zRITA==",cdn-downstream-fbl;dur=314 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c1388c9ad241eb02cd4ddbe69b1a2d34.cloudfront.net (CloudFront) + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - rAzMONC273AckzRGp4mKZ6gTucORussBjGqp7GPgA7woURaGc58n6g== + - 7KT5T97GOVL9UyMO5QhIWs5kURpRlBGbsVuIugn5Jx1L2hx_7zRITA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 4835c39f795d36929e323d21101e4757 + - 14c3c7640f7162b290a1e582795894f7 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -155,11 +155,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/271]\n\n*Defect - Dojo link:* http://localhost:8080/finding/271 (271)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/306]\n\n*Defect + Dojo link:* http://localhost:8080/finding/306 (306)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/110]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -177,7 +177,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -186,12 +186,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18205","key":"NTEST-1855","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18205"}' + string: '{"id":"19664","key":"NTEST-2992","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19664"}' headers: Atl-Request-Id: - - d87fd118-8ed7-486f-acea-f755ada289cd + - caa45d45-a343-41af-8dce-8e5c6e226e28 Atl-Traceid: - - d87fd1188ed7486faceaf755ada289cd + - caa45d45a34341af8dce8e5c6e226e28 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -199,7 +199,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:03 GMT + - Sat, 24 May 2025 10:33:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -209,7 +209,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=680,atl-edge;dur=658,atl-edge-internal;dur=19,atl-edge-upstream;dur=639,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="rzE7RZ1KTRnwto5udo2ZXGkh5HWimc-4tw6d-TmZ9xo9_YkY42Rjmw==",cdn-downstream-fbl;dur=685 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=643,atl-edge;dur=634,atl-edge-internal;dur=16,atl-edge-upstream;dur=619,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="FvhRNZVTS4tTTdD39nyVzZtrsXRxOFyIevtKT9Wkz_GCA4fsSfJGzQ==",cdn-downstream-fbl;dur=646 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -219,15 +219,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f5c1da639a075ecd7bb86ffc181e3dd8.cloudfront.net (CloudFront) + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - rzE7RZ1KTRnwto5udo2ZXGkh5HWimc-4tw6d-TmZ9xo9_YkY42Rjmw== + - FvhRNZVTS4tTTdD39nyVzZtrsXRxOFyIevtKT9Wkz_GCA4fsSfJGzQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 060ccbc62f772a7d295c96ecd78b6c40 + - 4fd2cd570f6ec2154b2ec3c4e2f2cf59 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -253,19 +253,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1855 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2992 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18205","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18205","key":"NTEST-1855","fields":{"statuscategorychangedate":"2025-04-30T18:26:03.561+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19664","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19664","key":"NTEST-2992","fields":{"statuscategorychangedate":"2025-05-24T12:33:28.108+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1855/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:03.293+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t2n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:03.376+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2992/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:27.804+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010fz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:27.876+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/271]\n\n*Defect - Dojo link:* http://localhost:8080/finding/271 (271)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/306]\n\n*Defect + Dojo link:* http://localhost:8080/finding/306 (306)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/110]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -273,14 +273,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1855/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18205/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2992/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19664/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 93258a7d-4f5b-4cec-b084-5ce90492e41c + - 0ce8a47a-42a1-472c-9048-89b4847878f1 Atl-Traceid: - - 93258a7d4f5b4cecb0845ce90492e41c + - 0ce8a47a42a1472c904889b4847878f1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -290,7 +290,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:04 GMT + - Sat, 24 May 2025 10:33:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -300,7 +300,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="K1XXSRdW7eLzjKIeYN8xX1E8g2E5T2KrZV0S4iMT0bgNEzT03PRNTw==",cdn-downstream-fbl;dur=372,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=366,atl-edge;dur=278,atl-edge-internal;dur=17,atl-edge-upstream;dur=261,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=238,atl-edge;dur=230,atl-edge-internal;dur=16,atl-edge-upstream;dur=214,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="64n78_tV3P3qQhLUxlTX4Id7r3kD6B7IeA2B3iYyWEMe7Nymp5NkGQ==",cdn-downstream-fbl;dur=242 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -310,15 +310,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c973663b623c0e82cd366d5ae7837bf4.cloudfront.net (CloudFront) + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - K1XXSRdW7eLzjKIeYN8xX1E8g2E5T2KrZV0S4iMT0bgNEzT03PRNTw== + - 64n78_tV3P3qQhLUxlTX4Id7r3kD6B7IeA2B3iYyWEMe7Nymp5NkGQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - a06f40362fc9ed79aeccc4bc2a4316bd + - ec001461f7ec29cb4624b6aaff6f76b1 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -344,19 +344,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18205 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19664 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18205","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18205","key":"NTEST-1855","fields":{"statuscategorychangedate":"2025-04-30T18:26:03.561+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19664","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19664","key":"NTEST-2992","fields":{"statuscategorychangedate":"2025-05-24T12:33:28.108+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1855/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:03.293+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t2n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:03.376+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2992/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:27.804+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010fz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:27.876+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/271]\n\n*Defect - Dojo link:* http://localhost:8080/finding/271 (271)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/306]\n\n*Defect + Dojo link:* http://localhost:8080/finding/306 (306)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/110]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -364,14 +364,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1855/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18205/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2992/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19664/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 841ec1bc-d559-433e-aa8a-d9bd99d9351f + - 7c0fa821-1472-4e56-83eb-cda37e8ea68c Atl-Traceid: - - 841ec1bcd559433eaa8ad9bd99d9351f + - 7c0fa82114724e5683ebcda37e8ea68c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -381,7 +381,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:04 GMT + - Sat, 24 May 2025 10:33:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -391,7 +391,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="K5ZKXpOn0Dmo78hw3UOwoVI5VaVFaKDcujSwKvocxXg6mLQxy2ehSA==",cdn-downstream-fbl;dur=383,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=379,atl-edge;dur=295,atl-edge-internal;dur=19,atl-edge-upstream;dur=276,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=240,atl-edge;dur=233,atl-edge-internal;dur=16,atl-edge-upstream;dur=217,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="IdJafCg5chdlzWiZhyI_i2jMbSF-LrQHjDPw4kUSl6PaBfYdYDGa_g==",cdn-downstream-fbl;dur=244 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -401,15 +401,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 48f2e5da4dd7651bfa3bfd0054610cf4.cloudfront.net (CloudFront) + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - K5ZKXpOn0Dmo78hw3UOwoVI5VaVFaKDcujSwKvocxXg6mLQxy2ehSA== + - IdJafCg5chdlzWiZhyI_i2jMbSF-LrQHjDPw4kUSl6PaBfYdYDGa_g== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 321a894a7c87a39bfe0f34f7b410f834 + - 2a22afaffe4d4c6db9567142266feb0e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -438,12 +438,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:05.005+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:29.035+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 17fef744-c86e-4aae-8201-aa6018281a80 + - 5cd7378f-9b11-4590-854f-f4e52b173a8d Atl-Traceid: - - 17fef744c86e4aae8201aa6018281a80 + - 5cd7378f9b114590854ff4e52b173a8d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -453,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:05 GMT + - Sat, 24 May 2025 10:33:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -463,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=194,atl-edge;dur=161,atl-edge-internal;dur=14,atl-edge-upstream;dur=147,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="0RxIE_ThKsc4CohlMpcYW0Su4hULfiYR21j7B2ShTHmNYpzF1AX54A==",cdn-downstream-fbl;dur=198 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=125,atl-edge;dur=117,atl-edge-internal;dur=17,atl-edge-upstream;dur=99,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="iA2hTt_sAl06t-rCFd9XniMDB4Jjc1Wdoa3XKXl6jZosyzu0OQcpOg==",cdn-downstream-fbl;dur=128 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -473,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e665d09233240df4d3172e59222e0ba2.cloudfront.net (CloudFront) + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 0RxIE_ThKsc4CohlMpcYW0Su4hULfiYR21j7B2ShTHmNYpzF1AX54A== + - iA2hTt_sAl06t-rCFd9XniMDB4Jjc1Wdoa3XKXl6jZosyzu0OQcpOg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - ad6cfbb29d1e4c28c13a2c39225a088b + - 85ea6f5f0702f022d725963864324fb8 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -519,9 +519,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 5a3338f8-5da5-4faf-afd4-61bd7303e053 + - 3eb132dc-4b96-4ad9-b6d1-ce4b8fe27614 Atl-Traceid: - - 5a3338f85da54fafafd461bd7303e053 + - 3eb132dc4b964ad9b6d1ce4b8fe27614 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -531,7 +531,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:05 GMT + - Sat, 24 May 2025 10:33:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -541,7 +541,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=31,cdn-upstream-fbl;dur=422,atl-edge;dur=295,atl-edge-internal;dur=15,atl-edge-upstream;dur=280,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="OgFqWZ2mGOZnQ7EX0Cy27fA0Sr8QMpTJ0UeHzclcxaZT7Pd76DOzgw==",cdn-downstream-fbl;dur=427 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=293,atl-edge;dur=285,atl-edge-internal;dur=16,atl-edge-upstream;dur=269,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="kJLHNJodyo5Nmi8GYCVz4mvwHe00nFkDJT3ryjvWzj9ux3LN8_g0YQ==",cdn-downstream-fbl;dur=297 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -551,18 +551,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5538280951642fc71308aa997730220e.cloudfront.net (CloudFront) + - 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - OgFqWZ2mGOZnQ7EX0Cy27fA0Sr8QMpTJ0UeHzclcxaZT7Pd76DOzgw== + - kJLHNJodyo5Nmi8GYCVz4mvwHe00nFkDJT3ryjvWzj9ux3LN8_g0YQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 236b5941c2584f420e386d70295f535f + - e5e750904d1d2fae17fff708c05fa3ec X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -575,11 +575,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/272]\n\n*Defect - Dojo link:* http://localhost:8080/finding/272 (272)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/307]\n\n*Defect + Dojo link:* http://localhost:8080/finding/307 (307)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/110]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -597,7 +597,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -606,12 +606,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18207","key":"NTEST-1856","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18207"}' + string: '{"id":"19665","key":"NTEST-2993","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19665"}' headers: Atl-Request-Id: - - ee7fa16f-b7db-40bb-b1ed-dab86339a4b8 + - d2cd644a-fb1a-4e86-81d9-e49673da98cf Atl-Traceid: - - ee7fa16fb7db40bbb1eddab86339a4b8 + - d2cd644afb1a4e8681d9e49673da98cf Cache-Control: - no-cache, no-store, no-transform Connection: @@ -619,7 +619,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:06 GMT + - Sat, 24 May 2025 10:33:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -629,7 +629,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="_6ZODG0BTvLx-IrIUYfe3RGw6c2QU08b-kFB9oZi3SbcUZnCqcqu9A==",cdn-downstream-fbl;dur=704,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=55,cdn-upstream-fbl;dur=702,atl-edge;dur=628,atl-edge-internal;dur=17,atl-edge-upstream;dur=611,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=677,atl-edge;dur=669,atl-edge-internal;dur=16,atl-edge-upstream;dur=653,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="dD7EIiuSOShXyGlcppuW2HFsYLaoDgBrkm0g7R72d6refszYQllGaw==",cdn-downstream-fbl;dur=680 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -639,15 +639,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 35f3ad5aa26e63a13ffedf420998e698.cloudfront.net (CloudFront) + - 1.1 e086ec27af2d3105a1a9fa7efa1be454.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - _6ZODG0BTvLx-IrIUYfe3RGw6c2QU08b-kFB9oZi3SbcUZnCqcqu9A== + - dD7EIiuSOShXyGlcppuW2HFsYLaoDgBrkm0g7R72d6refszYQllGaw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 946ad6e9e6fdf6530bbdf3f543259cc0 + - 014dcb0f8585baf067be65a22a32d5ad X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -673,19 +673,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1856 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2993 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18207","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18207","key":"NTEST-1856","fields":{"statuscategorychangedate":"2025-04-30T18:26:06.368+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19665","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19665","key":"NTEST-2993","fields":{"statuscategorychangedate":"2025-05-24T12:33:30.123+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1856/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:06.100+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t2v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:06.179+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2993/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:29.801+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010g7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:29.909+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/272]\n\n*Defect - Dojo link:* http://localhost:8080/finding/272 (272)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/307]\n\n*Defect + Dojo link:* http://localhost:8080/finding/307 (307)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/110]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -693,14 +693,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1856/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18207/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2993/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19665/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - f60ef251-0acc-4487-bf04-ab80ebbd1f72 + - d48fce65-3156-4ac4-a5fd-e0b28e25849e Atl-Traceid: - - f60ef2510acc4487bf04ab80ebbd1f72 + - d48fce6531564ac4a5fde0b28e25849e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -710,7 +710,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:06 GMT + - Sat, 24 May 2025 10:33:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -720,7 +720,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=311,atl-edge;dur=277,atl-edge-internal;dur=18,atl-edge-upstream;dur=261,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="DZSnOd_NvJ3wrHWM5nmTpFahJx12QY4zARM6rea9XyqzdNvzuijXJg==",cdn-downstream-fbl;dur=316 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ulsCGFtwJbXTjLUtlUH2PjwINdp4I2HQA1ruAtln4Q2tnMyQDj2Qyw==",cdn-downstream-fbl;dur=240,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=238,atl-edge;dur=209,atl-edge-internal;dur=15,atl-edge-upstream;dur=194,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -730,15 +730,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 22067fb5d7eb764108747a104222f50a.cloudfront.net (CloudFront) + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - DZSnOd_NvJ3wrHWM5nmTpFahJx12QY4zARM6rea9XyqzdNvzuijXJg== + - ulsCGFtwJbXTjLUtlUH2PjwINdp4I2HQA1ruAtln4Q2tnMyQDj2Qyw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 8ce005a8c67a2dee1dd4c533c281a350 + - 3568e66f5019dc809f630f186423c050 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -764,19 +764,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18207 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19665 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18207","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18207","key":"NTEST-1856","fields":{"statuscategorychangedate":"2025-04-30T18:26:06.368+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19665","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19665","key":"NTEST-2993","fields":{"statuscategorychangedate":"2025-05-24T12:33:30.123+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1856/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:06.100+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t2v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:06.179+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2993/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:29.801+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010g7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:29.909+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/272]\n\n*Defect - Dojo link:* http://localhost:8080/finding/272 (272)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/307]\n\n*Defect + Dojo link:* http://localhost:8080/finding/307 (307)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/110]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -784,14 +784,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1856/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18207/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2993/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19665/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - d46ff331-14a6-4396-a005-2ca570d90f98 + - 7e229216-1359-4dc9-b983-5e0921bce24a Atl-Traceid: - - d46ff33114a64396a0052ca570d90f98 + - 7e22921613594dc9b9835e0921bce24a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -801,7 +801,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:07 GMT + - Sat, 24 May 2025 10:33:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -811,7 +811,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=291,atl-edge;dur=258,atl-edge-internal;dur=15,atl-edge-upstream;dur=243,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="9J8S9bJEFZPI8XknpFHHq6aFNduZc3eY8hjXUjnDAa3vtSIfTIobdA==",cdn-downstream-fbl;dur=295 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=193,atl-edge;dur=185,atl-edge-internal;dur=16,atl-edge-upstream;dur=169,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="oMJCCauAko4KzjJQ9d4UGNhqtHZU9szlw9Dp4Jhln4YySP2bkgsNhg==",cdn-downstream-fbl;dur=197 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -821,15 +821,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a78d8f4a6ccd81221651cd6112d5330a.cloudfront.net (CloudFront) + - 1.1 0e12b175c31e0e750266df78bf0e1068.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 9J8S9bJEFZPI8XknpFHHq6aFNduZc3eY8hjXUjnDAa3vtSIfTIobdA== + - oMJCCauAko4KzjJQ9d4UGNhqtHZU9szlw9Dp4Jhln4YySP2bkgsNhg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 1b087d8444958a7bce83266dc7aa91a2 + - a57eb1a5389abea5eca8d092cf134f9a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -842,14 +842,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/103", "url_api": "http://localhost:8080/api/v2/tests/103/", + "http://localhost:8080/test/110", "url_api": "http://localhost:8080/api/v2/tests/110/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 103, "url_ui": "http://localhost:8080/test/103", "url_api": "http://localhost:8080/api/v2/tests/103/"}}' + 110, "url_ui": "http://localhost:8080/test/110", "url_api": "http://localhost:8080/api/v2/tests/110/"}}' headers: Accept: - application/json @@ -864,7 +864,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -878,13 +878,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:54892\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:41402\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/103\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/103/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/110\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/110/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -892,8 +892,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 103, \\\"url_ui\\\": \\\"http://localhost:8080/test/103\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/103/\\\"}}\",\n \"files\": + null, \\\"id\\\": 110, \\\"url_ui\\\": \\\"http://localhost:8080/test/110\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/110/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -903,11 +903,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 103,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/103/\",\n - \ \"url_ui\": \"http://localhost:8080/test/103\"\n },\n \"title\": + 110,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/110/\",\n + \ \"url_ui\": \"http://localhost:8080/test/110\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/103/\",\n \"url_ui\": - \"http://localhost:8080/test/103\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/110/\",\n \"url_ui\": + \"http://localhost:8080/test/110\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -916,7 +916,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:07 GMT + - Sat, 24 May 2025 10:33:27 GMT Transfer-Encoding: - chunked status: @@ -925,19 +925,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/103", "url_api": "http://localhost:8080/api/v2/tests/103/", + "url_ui": "http://localhost:8080/test/110", "url_api": "http://localhost:8080/api/v2/tests/110/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 103, "url_ui": "http://localhost:8080/test/103", "url_api": "http://localhost:8080/api/v2/tests/103/"}, - "finding_count": 2, "findings": {"new": [{"id": 271, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/271", - "url_api": "http://localhost:8080/api/v2/findings/271/"}, {"id": 272, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/272", - "url_api": "http://localhost:8080/api/v2/findings/272/"}], "reactivated": [], + 110, "url_ui": "http://localhost:8080/test/110", "url_api": "http://localhost:8080/api/v2/tests/110/"}, + "finding_count": 2, "findings": {"new": [{"id": 306, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/306", + "url_api": "http://localhost:8080/api/v2/findings/306/"}, {"id": 307, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/307", + "url_api": "http://localhost:8080/api/v2/findings/307/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -953,7 +953,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -967,51 +967,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:54896\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:41408\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/103\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/103/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/110\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/110/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 103, \\\"url_ui\\\": \\\"http://localhost:8080/test/103\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/103/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 271, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 110, \\\"url_ui\\\": \\\"http://localhost:8080/test/110\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/110/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 306, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/271\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/271/\\\"}, - {\\\"id\\\": 272, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/272\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/272/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/306\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/306/\\\"}, + {\\\"id\\\": 307, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/307\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/307/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 271,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/271/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/271\"\n },\n - \ {\n \"id\": 272,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/272/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/272\"\n }\n ],\n + \ \"id\": 306,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/306/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/306\"\n },\n + \ {\n \"id\": 307,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/307/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/307\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 103,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/103/\",\n - \ \"url_ui\": \"http://localhost:8080/test/103\"\n },\n \"title\": + 110,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/110/\",\n + \ \"url_ui\": \"http://localhost:8080/test/110\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/103/\",\n - \ \"url_ui\": \"http://localhost:8080/test/103\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/110/\",\n + \ \"url_ui\": \"http://localhost:8080/test/110\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1021,7 +1021,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:07 GMT + - Sat, 24 May 2025 10:33:27 GMT Transfer-Encoding: - chunked status: @@ -1046,12 +1046,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:07.725+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:31.046+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 1de801f5-61d6-494e-a5eb-fb21e0c330e4 + - ec2b77de-93b6-4f0e-9032-f5ba80b77858 Atl-Traceid: - - 1de801f561d6494ea5ebfb21e0c330e4 + - ec2b77de93b64f0e9032f5ba80b77858 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1061,7 +1061,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:07 GMT + - Sat, 24 May 2025 10:33:31 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1071,7 +1071,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="Jr9DzqPCvwSZMBlcrbmSKbiAWssK-CLt59UipD4vpLA9qZNQPCrT_A==",cdn-downstream-fbl;dur=248,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=66,cdn-upstream-fbl;dur=245,atl-edge;dur=156,atl-edge-internal;dur=22,atl-edge-upstream;dur=133,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="qltR43x_9UoWHUsDccwCM-TprPKgYPv910EITUu4gZGrspIKCaRtJw==",cdn-downstream-fbl;dur=134,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=132,atl-edge;dur=102,atl-edge-internal;dur=14,atl-edge-upstream;dur=88,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1081,15 +1081,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 603f7fca6e96da4aaee2b5219f231c92.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Jr9DzqPCvwSZMBlcrbmSKbiAWssK-CLt59UipD4vpLA9qZNQPCrT_A== + - qltR43x_9UoWHUsDccwCM-TprPKgYPv910EITUu4gZGrspIKCaRtJw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - f87aae114d460459c7f2a91ee4bd85ec + - 7fd6be91ec06ae4b2923c7355173ff92 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1115,19 +1115,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18205 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19664 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18205","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18205","key":"NTEST-1855","fields":{"statuscategorychangedate":"2025-04-30T18:26:03.561+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19664","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19664","key":"NTEST-2992","fields":{"statuscategorychangedate":"2025-05-24T12:33:28.108+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1855/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:03.293+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t2n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:03.376+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2992/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:27.804+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010fz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:27.876+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/271]\n\n*Defect - Dojo link:* http://localhost:8080/finding/271 (271)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/306]\n\n*Defect + Dojo link:* http://localhost:8080/finding/306 (306)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/110]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1135,14 +1135,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1855/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18205/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2992/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19664/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 82976acc-5999-4f58-a8a4-53641edd3548 + - 295a906a-6def-4e5b-ba49-b731fc133921 Atl-Traceid: - - 82976acc59994f58a8a453641edd3548 + - 295a906a6def4e5bba49b731fc133921 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1152,7 +1152,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:08 GMT + - Sat, 24 May 2025 10:33:31 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1162,7 +1162,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=308,atl-edge;dur=275,atl-edge-internal;dur=15,atl-edge-upstream;dur=261,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="Ufy4km4eMXu5svKICiD6Gf09ATbdTw-ySAhTBp1W5LeYFKg9-CW-dw==",cdn-downstream-fbl;dur=314 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=231,atl-edge;dur=224,atl-edge-internal;dur=14,atl-edge-upstream;dur=209,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="wmRkylz9nkDutc8LAtkAbGb4NJCn9NN43Ex-vr_hqAz9BDX6Xw9FhA==",cdn-downstream-fbl;dur=236 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1172,15 +1172,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 71ab92edd02bc8ec941d842529d753d0.cloudfront.net (CloudFront) + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Ufy4km4eMXu5svKICiD6Gf09ATbdTw-ySAhTBp1W5LeYFKg9-CW-dw== + - wmRkylz9nkDutc8LAtkAbGb4NJCn9NN43Ex-vr_hqAz9BDX6Xw9FhA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - ef418bff39541c3eb824faa020f5fa32 + - a6b469e679ab2b6e93b2fb0ddc44f37b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1209,12 +1209,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:08.426+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:31.527+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 39275c83-af52-4f01-894d-2a8b81dd94fd + - 40d7e20d-6362-4141-811c-ae58796c07f0 Atl-Traceid: - - 39275c83af524f01894d2a8b81dd94fd + - 40d7e20d63624141811cae58796c07f0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1224,7 +1224,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:08 GMT + - Sat, 24 May 2025 10:33:31 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1234,7 +1234,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=194,atl-edge;dur=162,atl-edge-internal;dur=13,atl-edge-upstream;dur=149,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="asPz7mdb6wd00b2skJXscbzSNm8SIn_AAUWTaCWDqceh3nP2knNUCg==",cdn-downstream-fbl;dur=199 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=103,atl-edge;dur=96,atl-edge-internal;dur=14,atl-edge-upstream;dur=83,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="rxUtbKXivdcpTl55A9dvm8JG027hIS7CfPSxvWyLRLTsYGaiszdOdQ==",cdn-downstream-fbl;dur=107 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1244,15 +1244,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 cbe94ab27088fc4bb73abf8e3179b3d2.cloudfront.net (CloudFront) + - 1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - asPz7mdb6wd00b2skJXscbzSNm8SIn_AAUWTaCWDqceh3nP2knNUCg== + - rxUtbKXivdcpTl55A9dvm8JG027hIS7CfPSxvWyLRLTsYGaiszdOdQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - cd6574bebc37cb00c7a54d7865381208 + - b3c237f3d6e0e13436105b27160b62e6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1278,19 +1278,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18207 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19665 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18207","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18207","key":"NTEST-1856","fields":{"statuscategorychangedate":"2025-04-30T18:26:06.368+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19665","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19665","key":"NTEST-2993","fields":{"statuscategorychangedate":"2025-05-24T12:33:30.123+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1856/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:06.100+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t2v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:06.179+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2993/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:29.801+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010g7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:29.909+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/272]\n\n*Defect - Dojo link:* http://localhost:8080/finding/272 (272)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/307]\n\n*Defect + Dojo link:* http://localhost:8080/finding/307 (307)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/110]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1298,14 +1298,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1856/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18207/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2993/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19665/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - fd42bacc-ba5d-4c01-9605-eb0fdfd44741 + - 2a4df73c-cc00-4833-88b1-a7f299ec16bd Atl-Traceid: - - fd42baccba5d4c019605eb0fdfd44741 + - 2a4df73ccc00483388b1a7f299ec16bd Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1315,7 +1315,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:08 GMT + - Sat, 24 May 2025 10:33:31 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1325,7 +1325,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="3U1x8PPu_49BKbYGoG-l-51dIFE0QkA_IWx1gIBNb8i7exldANJ6ug==",cdn-downstream-fbl;dur=333,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=331,atl-edge;dur=246,atl-edge-internal;dur=21,atl-edge-upstream;dur=226,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=195,atl-edge;dur=188,atl-edge-internal;dur=16,atl-edge-upstream;dur=173,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Fi13f5vA8zxhuZ-Wanj4TBp7GyTU7fDhyZgZzn0ocRwOhVJP1sILSg==",cdn-downstream-fbl;dur=199 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1335,15 +1335,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 dd3ca66f64c2ab5745848b5787ca747a.cloudfront.net (CloudFront) + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 3U1x8PPu_49BKbYGoG-l-51dIFE0QkA_IWx1gIBNb8i7exldANJ6ug== + - Fi13f5vA8zxhuZ-Wanj4TBp7GyTU7fDhyZgZzn0ocRwOhVJP1sILSg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 0d4e716dcddcb7ab66d4948b3523e36e + - d1bdd2bb054a05bc2e989e72279d0c69 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1372,12 +1372,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:09.263+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:32.172+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 2e647762-cfc4-43c5-8f8b-74fc7dbd5bfc + - 45cf6eb8-faaa-4061-88df-9c665576260b Atl-Traceid: - - 2e647762cfc443c58f8b74fc7dbd5bfc + - 45cf6eb8faaa406188df9c665576260b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1387,7 +1387,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:09 GMT + - Sat, 24 May 2025 10:33:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1397,7 +1397,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="WpBRYPrXl6GkIVWoy-KUAaxcxXC7w6JdyWbiHdPXECxYzPSJdR2OSg==",cdn-downstream-fbl;dur=237,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=57,cdn-upstream-fbl;dur=235,atl-edge;dur=158,atl-edge-internal;dur=15,atl-edge-upstream;dur=143,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=133,atl-edge;dur=105,atl-edge-internal;dur=14,atl-edge-upstream;dur=91,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ffAnt0m1ynDn1omIg3rgyikirjqxol5GVEmh8mg-iqm328IxWny8rA==",cdn-downstream-fbl;dur=137 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1407,15 +1407,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f6567fa2210130239a3a2c737c9517ac.cloudfront.net (CloudFront) + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - WpBRYPrXl6GkIVWoy-KUAaxcxXC7w6JdyWbiHdPXECxYzPSJdR2OSg== + - ffAnt0m1ynDn1omIg3rgyikirjqxol5GVEmh8mg-iqm328IxWny8rA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 18d45538a97fb110da08fc1b5a1f7c95 + - be8654330ca12e7a94eee5138fcdc92c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1441,19 +1441,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18205 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19664 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18205","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18205","key":"NTEST-1855","fields":{"statuscategorychangedate":"2025-04-30T18:26:03.561+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19664","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19664","key":"NTEST-2992","fields":{"statuscategorychangedate":"2025-05-24T12:33:28.108+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1855/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:03.293+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t2n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:03.376+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2992/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:27.804+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010fz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:27.876+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/271]\n\n*Defect - Dojo link:* http://localhost:8080/finding/271 (271)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/306]\n\n*Defect + Dojo link:* http://localhost:8080/finding/306 (306)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/110]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1461,14 +1461,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1855/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18205/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2992/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19664/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - afebda4f-d63f-4eca-9a2c-a52e5157c71c + - 7fc05bd1-3057-4f5b-a30e-d41da91e212c Atl-Traceid: - - afebda4fd63f4eca9a2ca52e5157c71c + - 7fc05bd130574f5ba30ed41da91e212c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1478,7 +1478,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:09 GMT + - Sat, 24 May 2025 10:33:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1488,7 +1488,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=346,atl-edge;dur=312,atl-edge-internal;dur=29,atl-edge-upstream;dur=280,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="byrS_FdTAOUIDGiTpiSEfnjHmgGK_9QeNhtFjxwySeS_DZQ86bMt6g==",cdn-downstream-fbl;dur=353 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=252,atl-edge;dur=244,atl-edge-internal;dur=15,atl-edge-upstream;dur=229,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="dsPRdX2BX84XccOg2JTpga5GGNFy5RZzaqm-wyQMFD756j9KhWSEEg==",cdn-downstream-fbl;dur=256 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1498,15 +1498,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 535c2b5354e6ba6798fd64420ee97a2c.cloudfront.net (CloudFront) + - 1.1 f5d6b2021b5a22554c0e7f5b20207324.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - byrS_FdTAOUIDGiTpiSEfnjHmgGK_9QeNhtFjxwySeS_DZQ86bMt6g== + - dsPRdX2BX84XccOg2JTpga5GGNFy5RZzaqm-wyQMFD756j9KhWSEEg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 030d0bab8b1e6aa41b0525f433facc96 + - d037366236ffc5cb0c2d5c8c9fb19e69 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1544,9 +1544,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - b968576d-5495-47f7-b0c4-1ca872875bb1 + - e2530fd1-7340-408a-92ca-83c2792eefec Atl-Traceid: - - b968576d549547f7b0c41ca872875bb1 + - e2530fd17340408a92ca83c2792eefec Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1556,7 +1556,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:10 GMT + - Sat, 24 May 2025 10:33:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1566,7 +1566,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="YzXp175MzjCgROfU89wXtkH0xxNELNqxn5qEQV-gW1eOTHbpoFlVqw==",cdn-downstream-fbl;dur=382,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=380,atl-edge;dur=306,atl-edge-internal;dur=26,atl-edge-upstream;dur=281,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=263,atl-edge;dur=256,atl-edge-internal;dur=23,atl-edge-upstream;dur=232,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ibwh1QXdT_6ADscNqxlhuGkyadVyQtsKP2ZMC88jUkKpRu_ok6vHHw==",cdn-downstream-fbl;dur=267 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1576,18 +1576,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 bbfdc39b99d2b072cca90c3f38450aea.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - YzXp175MzjCgROfU89wXtkH0xxNELNqxn5qEQV-gW1eOTHbpoFlVqw== + - ibwh1QXdT_6ADscNqxlhuGkyadVyQtsKP2ZMC88jUkKpRu_ok6vHHw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 5298cd169dc07b03ed6238cbc9f4afb9 + - a2fcff2459c5e25dd37783851c4be4a3 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1600,11 +1600,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/271]\n\n*Defect - Dojo link:* http://localhost:8080/finding/271 (271)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/306]\n\n*Defect + Dojo link:* http://localhost:8080/finding/306 (306)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/110]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1622,21 +1622,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1308' + - '1309' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18205 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19664 response: body: string: '' headers: Atl-Request-Id: - - 498b83bf-7643-4094-9873-984ee632cf2b + - 478d124f-1eff-45c3-b58c-19e165aa24d7 Atl-Traceid: - - 498b83bf764340949873984ee632cf2b + - 478d124f1eff45c3b58c19e165aa24d7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1644,7 +1644,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:10 GMT + - Sat, 24 May 2025 10:33:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1654,7 +1654,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="Q1xLFId7OvgLMB_b2KnkEx1nReSCTjsWzWv3b5y4Cmi7rb5rircwyg==",cdn-downstream-fbl;dur=378,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=61,cdn-upstream-fbl;dur=374,atl-edge;dur=290,atl-edge-internal;dur=17,atl-edge-upstream;dur=274,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=268,atl-edge;dur=240,atl-edge-internal;dur=17,atl-edge-upstream;dur=222,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="D6rTkxiu1rczyZaeXAf-TLQAtu6MRGAEKXfC5H73Rq_ngVc33GkZIA==",cdn-downstream-fbl;dur=271 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1662,15 +1662,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9832e15ad117dafc81b031983cbde91e.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Q1xLFId7OvgLMB_b2KnkEx1nReSCTjsWzWv3b5y4Cmi7rb5rircwyg== + - D6rTkxiu1rczyZaeXAf-TLQAtu6MRGAEKXfC5H73Rq_ngVc33GkZIA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 3a2bd0951f4a3b777c6d59084f7b96b0 + - 31efe9a7e2f78690456712d2a5d806ab X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1696,19 +1696,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18205 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19664 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18205","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18205","key":"NTEST-1855","fields":{"statuscategorychangedate":"2025-04-30T18:26:03.561+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19664","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19664","key":"NTEST-2992","fields":{"statuscategorychangedate":"2025-05-24T12:33:28.108+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1855/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:03.293+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t2n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:03.376+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2992/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:27.804+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010fz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:27.876+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/271]\n\n*Defect - Dojo link:* http://localhost:8080/finding/271 (271)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/306]\n\n*Defect + Dojo link:* http://localhost:8080/finding/306 (306)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/110]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1716,14 +1716,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1855/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18205/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2992/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19664/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - e7ed4f55-2632-4843-9557-c8f390a901d4 + - 7d4ede6d-d84d-485f-96d6-68507643fb40 Atl-Traceid: - - e7ed4f55263248439557c8f390a901d4 + - 7d4ede6dd84d485f96d668507643fb40 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1733,7 +1733,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:11 GMT + - Sat, 24 May 2025 10:33:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1743,7 +1743,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=297,atl-edge;dur=265,atl-edge-internal;dur=15,atl-edge-upstream;dur=250,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="T9JXJvJjSPmmR-XGhksRzVIvJuOVz0TefpHYWk1R2kn7HQaBFfcSBw==",cdn-downstream-fbl;dur=301 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=7,cdn-upstream-fbl;dur=265,atl-edge;dur=237,atl-edge-internal;dur=18,atl-edge-upstream;dur=219,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="_Blaw_yYEZs7ZqUksTnI-z2jG2SimjOo5Av0IEFohy_11HnJSh4zHA==",cdn-downstream-fbl;dur=269 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1753,15 +1753,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e9bcf307d6ed54e3e501e39bc538dcfc.cloudfront.net (CloudFront) + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - T9JXJvJjSPmmR-XGhksRzVIvJuOVz0TefpHYWk1R2kn7HQaBFfcSBw== + - _Blaw_yYEZs7ZqUksTnI-z2jG2SimjOo5Av0IEFohy_11HnJSh4zHA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 68d0c8efcca84104f6a0f8a7b35a34ec + - 8ff5ade2f6eeb2c598fa8a7681459e34 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1790,12 +1790,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:11.414+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:33.759+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 282b00c3-2cfb-4fd9-a24d-fd8bced100a4 + - e9e2ab3d-5fa4-4ff7-a1c5-886454c8a9af Atl-Traceid: - - 282b00c32cfb4fd9a24dfd8bced100a4 + - e9e2ab3d5fa44ff7a1c5886454c8a9af Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1805,7 +1805,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:11 GMT + - Sat, 24 May 2025 10:33:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1815,7 +1815,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=191,atl-edge;dur=158,atl-edge-internal;dur=13,atl-edge-upstream;dur=146,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="U6eF5wSBR9Vd_iHBol0wWd0Cper4JmnvHvMbV4wfAQyJkcBJhdFPVg==",cdn-downstream-fbl;dur=194 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=114,atl-edge;dur=106,atl-edge-internal;dur=16,atl-edge-upstream;dur=91,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="WZLQ_df4o1x275tpg_hJt4K6OY1R6rHja62O-WLUjd_tbWzb7pX8fA==",cdn-downstream-fbl;dur=117 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1825,15 +1825,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 7d27498ef63e76e5a81975299a76fae4.cloudfront.net (CloudFront) + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - U6eF5wSBR9Vd_iHBol0wWd0Cper4JmnvHvMbV4wfAQyJkcBJhdFPVg== + - WZLQ_df4o1x275tpg_hJt4K6OY1R6rHja62O-WLUjd_tbWzb7pX8fA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 69763d68dc297c4001326cc66cd9f14c + - bdaf37495fbe066e712791158829b6f3 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1859,19 +1859,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18207 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19665 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18207","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18207","key":"NTEST-1856","fields":{"statuscategorychangedate":"2025-04-30T18:26:06.368+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19665","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19665","key":"NTEST-2993","fields":{"statuscategorychangedate":"2025-05-24T12:33:30.123+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1856/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:06.100+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t2v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:06.179+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2993/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:29.801+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010g7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:29.909+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/272]\n\n*Defect - Dojo link:* http://localhost:8080/finding/272 (272)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/307]\n\n*Defect + Dojo link:* http://localhost:8080/finding/307 (307)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/110]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1879,14 +1879,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1856/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18207/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2993/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19665/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - d89d107c-387d-4c8b-8939-51db83ba1da6 + - 0a384e95-26f3-4063-a765-167bb530829c Atl-Traceid: - - d89d107c387d4c8b893951db83ba1da6 + - 0a384e9526f34063a765167bb530829c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1896,7 +1896,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:11 GMT + - Sat, 24 May 2025 10:33:34 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1906,7 +1906,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="ILffLxF2QkcFNhfjza3jfb00hj5XDXIKJlOg0vkieP8-iTDoFSeF-A==",cdn-downstream-fbl;dur=383,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=69,cdn-upstream-fbl;dur=380,atl-edge;dur=286,atl-edge-internal;dur=19,atl-edge-upstream;dur=268,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="BpWDJILFRhaT_YR4G72Jpf78jHu0_EQfgeNVs9oT8ur7mw4kKbKmAw==",cdn-downstream-fbl;dur=246,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=243,atl-edge;dur=214,atl-edge-internal;dur=17,atl-edge-upstream;dur=196,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1916,15 +1916,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c8780798b589dc6b55523ca0a9bc3c02.cloudfront.net (CloudFront) + - 1.1 c337a55bb25a3540411fbbf6c8ad1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ILffLxF2QkcFNhfjza3jfb00hj5XDXIKJlOg0vkieP8-iTDoFSeF-A== + - BpWDJILFRhaT_YR4G72Jpf78jHu0_EQfgeNVs9oT8ur7mw4kKbKmAw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 59dbed23b594feecc38abf2d1579277e + - d2ef48347c4f629486214347da96851f X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1962,9 +1962,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 722a88f2-1a92-4816-bc93-2cb59ce33852 + - 4b113d57-1a54-432c-92fe-05ec819f80b4 Atl-Traceid: - - 722a88f21a924816bc932cb59ce33852 + - 4b113d571a54432c92fe05ec819f80b4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1974,7 +1974,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:12 GMT + - Sat, 24 May 2025 10:33:34 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1984,7 +1984,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=348,atl-edge;dur=314,atl-edge-internal;dur=15,atl-edge-upstream;dur=296,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="0BCQ00VeXksgZJ0pEyWCMESvbVSfW74h4wI5bSTFMkNH512BmjChPw==",cdn-downstream-fbl;dur=352 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=227,atl-edge;dur=220,atl-edge-internal;dur=16,atl-edge-upstream;dur=204,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="oEtOc0uuB2dwwVcNvZR-V7GodiNgeRjwCotnSGj2FU4PYAxejKolKw==",cdn-downstream-fbl;dur=232 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1994,18 +1994,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 895116b5366f3f5264f7b6361d3fd564.cloudfront.net (CloudFront) + - 1.1 5de5e66003332bec09dff893114ac06c.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 0BCQ00VeXksgZJ0pEyWCMESvbVSfW74h4wI5bSTFMkNH512BmjChPw== + - oEtOc0uuB2dwwVcNvZR-V7GodiNgeRjwCotnSGj2FU4PYAxejKolKw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 9e917f74226065a9fd824a215e155482 + - 3a34c981d988cb1f320b1bb3afd71b0b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2018,11 +2018,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/272]\n\n*Defect - Dojo link:* http://localhost:8080/finding/272 (272)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/307]\n\n*Defect + Dojo link:* http://localhost:8080/finding/307 (307)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/110]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -2040,21 +2040,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1308' + - '1309' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18207 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19665 response: body: string: '' headers: Atl-Request-Id: - - 2d81abdf-55b8-48e2-a402-ad90c1ddd95e + - 2d9270d7-58fb-4b08-8742-470f9618d3a0 Atl-Traceid: - - 2d81abdf55b848e2a402ad90c1ddd95e + - 2d9270d758fb4b088742470f9618d3a0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2062,7 +2062,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:12 GMT + - Sat, 24 May 2025 10:33:34 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2072,7 +2072,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=19,cdn-upstream-fbl;dur=350,atl-edge;dur=272,atl-edge-internal;dur=19,atl-edge-upstream;dur=253,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="QamVrNosVD10HrA9RgxKBu4nD1x5vaxFbRj6F1Ed_YEqX5qSaRJI5A==",cdn-downstream-fbl;dur=354 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=262,atl-edge;dur=252,atl-edge-internal;dur=15,atl-edge-upstream;dur=238,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="fBZrvjcwvKQH4s0XYAiUIfoij-Svgqxh3Cp4jUBVaE58e-HmvGe7jg==",cdn-downstream-fbl;dur=265 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2080,15 +2080,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f4931915c262d78fa3e94b48faa4f55a.cloudfront.net (CloudFront) + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - QamVrNosVD10HrA9RgxKBu4nD1x5vaxFbRj6F1Ed_YEqX5qSaRJI5A== + - fBZrvjcwvKQH4s0XYAiUIfoij-Svgqxh3Cp4jUBVaE58e-HmvGe7jg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - dc5a719a14276c58a6f4e301e4020688 + - e2a12353094cac07a322d6888361d8e7 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2114,19 +2114,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18207 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19665 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18207","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18207","key":"NTEST-1856","fields":{"statuscategorychangedate":"2025-04-30T18:26:06.368+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19665","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19665","key":"NTEST-2993","fields":{"statuscategorychangedate":"2025-05-24T12:33:30.123+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1856/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:06.100+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t2v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:06.179+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2993/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:29.801+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010g7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:29.909+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/272]\n\n*Defect - Dojo link:* http://localhost:8080/finding/272 (272)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/307]\n\n*Defect + Dojo link:* http://localhost:8080/finding/307 (307)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/103]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/110]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -2134,14 +2134,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1856/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18207/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2993/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19665/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - ccc22e57-e83f-490e-acf6-0451eef35aa4 + - a8f9a04a-a3aa-4b1a-bfca-a98f5eee137a Atl-Traceid: - - ccc22e57e83f490eacf60451eef35aa4 + - a8f9a04aa3aa4b1abfcaa98f5eee137a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2151,7 +2151,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:13 GMT + - Sat, 24 May 2025 10:33:34 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2161,7 +2161,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=325,atl-edge;dur=291,atl-edge-internal;dur=25,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="DFKV7NLvs8HTI21ZkEIEjKNiZdLwwjL6-6eQzegTVms_nNy8XZe4YQ==",cdn-downstream-fbl;dur=329 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=184,atl-edge;dur=177,atl-edge-internal;dur=18,atl-edge-upstream;dur=159,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="vDYDkzFS5tXqJqX-bwpy6McgWf_efl8IbaSIh-oeyzvyl1Idk5wK-g==",cdn-downstream-fbl;dur=188 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2171,15 +2171,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f9c7cdbfd821ee3522abb640c0e0a228.cloudfront.net (CloudFront) + - 1.1 4ab1227a56c7dfaf7a8f7750683df1be.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - DFKV7NLvs8HTI21ZkEIEjKNiZdLwwjL6-6eQzegTVms_nNy8XZe4YQ== + - vDYDkzFS5tXqJqX-bwpy6McgWf_efl8IbaSIh-oeyzvyl1Idk5wK-g== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - b4dcdc11d1342c9ddb517104df0b3870 + - 333ce64f474e724f3bae08bb9a1d8172 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2190,21 +2190,7 @@ interactions: code: 200 message: OK - request: - body: '{"description": "Event scan_added_empty has occurred.", "title": "Created/Updated - 0 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/103", "url_api": "http://localhost:8080/api/v2/tests/103/", - "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", - "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": - "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": - "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter - Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": - "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 103, "url_ui": "http://localhost:8080/test/103", "url_api": "http://localhost:8080/api/v2/tests/103/"}, - "finding_count": 0, "findings": {"new": [], "reactivated": [], "mitigated": - [], "untouched": [{"id": 272, "title": "Zap2: Cookie Without Secure Flag", "severity": - "Low", "url_ui": "http://localhost:8080/finding/272", "url_api": "http://localhost:8080/api/v2/findings/272/"}, - {"id": 271, "title": "Zap1: Cookie Without Secure Flag", "severity": "Low", - "url_ui": "http://localhost:8080/finding/271", "url_api": "http://localhost:8080/api/v2/findings/271/"}]}}' + body: '"scan_added.tpl"' headers: Accept: - application/json @@ -2215,11 +2201,11 @@ interactions: Connection: - keep-alive Content-Length: - - '1321' + - '16' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added_empty X-DefectDojo-Instance: @@ -2231,64 +2217,25 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"1321\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"16\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added_empty\"\n ],\n \"X-Defectdojo-Instance\": [\n \ \"http://localhost:8080\"\n ]\n },\n \"method\": \"POST\",\n \"origin\": - \"172.18.0.9:54902\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n - \ \"data\": \"{\\\"description\\\": \\\"Event scan_added_empty has occurred.\\\", - \\\"title\\\": \\\"Created/Updated 0 findings for Security How-to: 1st Quarter - Engagement: ZAP Scan\\\", \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/103\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/103/\\\", \\\"product_type\\\": - {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": - {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": - {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": - \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 103, \\\"url_ui\\\": \\\"http://localhost:8080/test/103\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/103/\\\"}, \\\"finding_count\\\": - 0, \\\"findings\\\": {\\\"new\\\": [], \\\"reactivated\\\": [], \\\"mitigated\\\": - [], \\\"untouched\\\": [{\\\"id\\\": 272, \\\"title\\\": \\\"Zap2: Cookie - Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/272\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/272/\\\"}, {\\\"id\\\": - 271, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": - \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/271\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/271/\\\"}]}}\",\n \"files\": {},\n - \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added_empty - has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": - \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n - \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": - 0,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [],\n \"reactivated\": - [],\n \"untouched\": [\n {\n \"id\": 272,\n \"severity\": - \"Low\",\n \"title\": \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/272/\",\n \"url_ui\": \"http://localhost:8080/finding/272\"\n - \ },\n {\n \"id\": 271,\n \"severity\": \"Low\",\n - \ \"title\": \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/271/\",\n \"url_ui\": \"http://localhost:8080/finding/271\"\n - \ }\n ]\n },\n \"product\": {\n \"id\": 2,\n \"name\": - \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n - \ \"url_ui\": \"http://localhost:8080/product/2\"\n },\n \"product_type\": - {\n \"id\": 2,\n \"name\": \"ebooks\",\n \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n - \ \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": - {\n \"id\": 103,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/103/\",\n - \ \"url_ui\": \"http://localhost:8080/test/103\"\n },\n \"title\": - \"Created/Updated 0 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/103/\",\n - \ \"url_ui\": \"http://localhost:8080/test/103\",\n \"user\": null\n - \ }\n}\n" + \"10.250.1.6:39940\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n + \ \"data\": \"\\\"scan_added.tpl\\\"\",\n \"files\": {},\n \"form\": {},\n + \ \"json\": \"scan_added.tpl\"\n}\n" headers: Access-Control-Allow-Credentials: - 'true' Access-Control-Allow-Origin: - '*' + Content-Length: + - '738' Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:13 GMT - Transfer-Encoding: - - chunked + - Sat, 24 May 2025 10:33:34 GMT status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_with_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_with_push_to_jira.yaml index a95be4e6046..f3a582503ca 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_with_push_to_jira.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_no_push_to_jira_reimport_with_push_to_jira.yaml @@ -2,14 +2,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/104", "url_api": "http://localhost:8080/api/v2/tests/104/", + "http://localhost:8080/test/111", "url_api": "http://localhost:8080/api/v2/tests/111/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 104, "url_ui": "http://localhost:8080/test/104", "url_api": "http://localhost:8080/api/v2/tests/104/"}}' + 111, "url_ui": "http://localhost:8080/test/111", "url_api": "http://localhost:8080/api/v2/tests/111/"}}' headers: Accept: - application/json @@ -24,7 +24,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -38,13 +38,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:54916\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:39956\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/104\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/104/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/111\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/111/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -52,8 +52,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 104, \\\"url_ui\\\": \\\"http://localhost:8080/test/104\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/104/\\\"}}\",\n \"files\": + null, \\\"id\\\": 111, \\\"url_ui\\\": \\\"http://localhost:8080/test/111\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/111/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -63,11 +63,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 104,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/104/\",\n - \ \"url_ui\": \"http://localhost:8080/test/104\"\n },\n \"title\": + 111,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/111/\",\n + \ \"url_ui\": \"http://localhost:8080/test/111\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/104/\",\n \"url_ui\": - \"http://localhost:8080/test/104\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/111/\",\n \"url_ui\": + \"http://localhost:8080/test/111\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -76,7 +76,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:13 GMT + - Sat, 24 May 2025 10:33:34 GMT Transfer-Encoding: - chunked status: @@ -85,19 +85,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/104", "url_api": "http://localhost:8080/api/v2/tests/104/", + "url_ui": "http://localhost:8080/test/111", "url_api": "http://localhost:8080/api/v2/tests/111/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 104, "url_ui": "http://localhost:8080/test/104", "url_api": "http://localhost:8080/api/v2/tests/104/"}, - "finding_count": 2, "findings": {"new": [{"id": 273, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/273", - "url_api": "http://localhost:8080/api/v2/findings/273/"}, {"id": 274, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/274", - "url_api": "http://localhost:8080/api/v2/findings/274/"}], "reactivated": [], + 111, "url_ui": "http://localhost:8080/test/111", "url_api": "http://localhost:8080/api/v2/tests/111/"}, + "finding_count": 2, "findings": {"new": [{"id": 308, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/308", + "url_api": "http://localhost:8080/api/v2/findings/308/"}, {"id": 309, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/309", + "url_api": "http://localhost:8080/api/v2/findings/309/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -113,7 +113,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -127,51 +127,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:54930\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:39958\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/104\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/104/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/111\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/111/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 104, \\\"url_ui\\\": \\\"http://localhost:8080/test/104\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/104/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 273, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 111, \\\"url_ui\\\": \\\"http://localhost:8080/test/111\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/111/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 308, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/273\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/273/\\\"}, - {\\\"id\\\": 274, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/274\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/274/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/308\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/308/\\\"}, + {\\\"id\\\": 309, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/309\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/309/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 273,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/273/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/273\"\n },\n - \ {\n \"id\": 274,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/274/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/274\"\n }\n ],\n + \ \"id\": 308,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/308/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/308\"\n },\n + \ {\n \"id\": 309,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/309/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/309\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 104,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/104/\",\n - \ \"url_ui\": \"http://localhost:8080/test/104\"\n },\n \"title\": + 111,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/111/\",\n + \ \"url_ui\": \"http://localhost:8080/test/111\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/104/\",\n - \ \"url_ui\": \"http://localhost:8080/test/104\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/111/\",\n + \ \"url_ui\": \"http://localhost:8080/test/111\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -181,7 +181,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:13 GMT + - Sat, 24 May 2025 10:33:34 GMT Transfer-Encoding: - chunked status: @@ -206,12 +206,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:13.976+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:35.473+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 8d9d0527-cb1a-4d2a-96f1-8ca1fddae211 + - 1234105b-2b04-4a28-9e87-c00d623d678a Atl-Traceid: - - 8d9d0527cb1a4d2a96f18ca1fddae211 + - 1234105b2b044a289e87c00d623d678a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -221,7 +221,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:14 GMT + - Sat, 24 May 2025 10:33:35 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -231,7 +231,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=252,atl-edge;dur=166,atl-edge-internal;dur=13,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="LUMXLLr2zpBRWEt1nWwGbU2Y3W4DMB7y87pzSoKiklj13POO4s4_Gg==",cdn-downstream-fbl;dur=256 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=115,atl-edge;dur=107,atl-edge-internal;dur=14,atl-edge-upstream;dur=94,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="hk7GGzayWZiUlzCpluLAG-5RBLmGcU_rikEhhB1s41sBOMBJz-dNFA==",cdn-downstream-fbl;dur=118 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -241,15 +241,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c8780798b589dc6b55523ca0a9bc3c02.cloudfront.net (CloudFront) + - 1.1 f5d6b2021b5a22554c0e7f5b20207324.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - LUMXLLr2zpBRWEt1nWwGbU2Y3W4DMB7y87pzSoKiklj13POO4s4_Gg== + - hk7GGzayWZiUlzCpluLAG-5RBLmGcU_rikEhhB1s41sBOMBJz-dNFA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 3f882467fb66e1f42da509d1729c0d94 + - 1b87d44b07963ce75baa70cd5ca57fc3 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -287,9 +287,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 54b79c27-7b1d-4ad0-b3c2-488c30102267 + - a579e745-7c96-4134-b702-8cc579a62c5d Atl-Traceid: - - 54b79c277b1d4ad0b3c2488c30102267 + - a579e7457c964134b7028cc579a62c5d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -299,7 +299,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:14 GMT + - Sat, 24 May 2025 10:33:35 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -309,7 +309,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="N1Kvy4JCAaUBUam4S8BAPcX3xYR__sAPugrAT5iD0pZSpWEcbQJT-w==",cdn-downstream-fbl;dur=366,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=56,cdn-upstream-fbl;dur=363,atl-edge;dur=287,atl-edge-internal;dur=18,atl-edge-upstream;dur=269,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=242,atl-edge;dur=234,atl-edge-internal;dur=16,atl-edge-upstream;dur=218,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="UF3WdYn9edLdik4mX81ZgvpCNQ3G8fmA36p2CI9twRB7ZAHubgy5vw==",cdn-downstream-fbl;dur=247 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -319,18 +319,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9041bc1ab42f996e0fd971e734eff2e2.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - N1Kvy4JCAaUBUam4S8BAPcX3xYR__sAPugrAT5iD0pZSpWEcbQJT-w== + - UF3WdYn9edLdik4mX81ZgvpCNQ3G8fmA36p2CI9twRB7ZAHubgy5vw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - e59d2f0a14c6a7fcf1fb04b5a29d8726 + - 274ba1156c1259e2db7bd7566dd55f01 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -343,11 +343,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/273]\n\n*Defect - Dojo link:* http://localhost:8080/finding/273 (273)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/308]\n\n*Defect + Dojo link:* http://localhost:8080/finding/308 (308)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/104]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/111]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -365,7 +365,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -374,12 +374,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18209","key":"NTEST-1857","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18209"}' + string: '{"id":"19666","key":"NTEST-2994","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19666"}' headers: Atl-Request-Id: - - ed475edc-e055-46ca-84b6-4f8d565983a1 + - 3d180055-5974-4c9f-bca8-8a8c7ecb05d6 Atl-Traceid: - - ed475edce05546ca84b64f8d565983a1 + - 3d18005559744c9fbca88a8c7ecb05d6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -387,7 +387,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:15 GMT + - Sat, 24 May 2025 10:33:36 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -397,7 +397,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=769,atl-edge;dur=737,atl-edge-internal;dur=15,atl-edge-upstream;dur=722,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="rNNz-1FxlQyJrl2Zl5br0NkNdDQxY9QEwc5_Lb2-YxjvIS_oXaHdsQ==",cdn-downstream-fbl;dur=774 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=673,atl-edge;dur=666,atl-edge-internal;dur=14,atl-edge-upstream;dur=651,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="1VYKh0yvhXynlj2vpM7Ph5VpsY-_wCPJGTxt1t_tBbqtgnLXq572MQ==",cdn-downstream-fbl;dur=677 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -407,15 +407,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 22067fb5d7eb764108747a104222f50a.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - rNNz-1FxlQyJrl2Zl5br0NkNdDQxY9QEwc5_Lb2-YxjvIS_oXaHdsQ== + - 1VYKh0yvhXynlj2vpM7Ph5VpsY-_wCPJGTxt1t_tBbqtgnLXq572MQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 1f0bf9dff2993ba26623bb996a148bff + - 9f656f9ccdfe7b5964e9a3f00b444011 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -441,19 +441,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1857 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2994 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18209","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18209","key":"NTEST-1857","fields":{"statuscategorychangedate":"2025-04-30T18:26:15.311+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19666","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19666","key":"NTEST-2994","fields":{"statuscategorychangedate":"2025-05-24T12:33:36.479+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1857/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:15.007+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t33:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:15.091+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2994/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:36.169+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010gf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:36.251+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/273]\n\n*Defect - Dojo link:* http://localhost:8080/finding/273 (273)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/308]\n\n*Defect + Dojo link:* http://localhost:8080/finding/308 (308)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/104]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/111]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -461,14 +461,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1857/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18209/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2994/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19666/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - c3c1818a-fa75-4ed8-b098-a5780934d234 + - f9e47958-3dab-408f-9894-d8b3a824396f Atl-Traceid: - - c3c1818afa754ed8b098a5780934d234 + - f9e479583dab408f9894d8b3a824396f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -478,7 +478,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:15 GMT + - Sat, 24 May 2025 10:33:36 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -488,7 +488,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="hERVturdx4JthaqwFWgJLJ90TumSb70Kq36EYrzwd3kfdDjR5KBHvQ==",cdn-downstream-fbl;dur=347,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=345,atl-edge;dur=259,atl-edge-internal;dur=12,atl-edge-upstream;dur=246,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=247,atl-edge;dur=239,atl-edge-internal;dur=15,atl-edge-upstream;dur=225,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Kqx2uNvel2OKeSnWq64KVK-Nx1N_JMUNej05a9P7Dr0H0QAFKZXZQQ==",cdn-downstream-fbl;dur=251 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -498,15 +498,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 471c951325b4c2c11c6c583a1d28e92a.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - hERVturdx4JthaqwFWgJLJ90TumSb70Kq36EYrzwd3kfdDjR5KBHvQ== + - Kqx2uNvel2OKeSnWq64KVK-Nx1N_JMUNej05a9P7Dr0H0QAFKZXZQQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 1561cccccda2450c079c22227c85d5e6 + - 8937a41e446ae5f1fdf3d0c25645c6b6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -532,19 +532,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18209 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19666 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18209","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18209","key":"NTEST-1857","fields":{"statuscategorychangedate":"2025-04-30T18:26:15.311+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19666","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19666","key":"NTEST-2994","fields":{"statuscategorychangedate":"2025-05-24T12:33:36.479+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1857/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:15.007+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t33:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:15.091+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2994/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:36.169+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010gf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:36.251+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/273]\n\n*Defect - Dojo link:* http://localhost:8080/finding/273 (273)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/308]\n\n*Defect + Dojo link:* http://localhost:8080/finding/308 (308)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/104]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/111]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -552,14 +552,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1857/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18209/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2994/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19666/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - d874b789-df91-40be-a267-b03a670873ab + - 6f46758f-7282-40b8-9a14-198dda20e841 Atl-Traceid: - - d874b789df9140bea267b03a670873ab + - 6f46758f728240b89a14198dda20e841 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -569,7 +569,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:16 GMT + - Sat, 24 May 2025 10:33:37 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -579,7 +579,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=290,atl-edge;dur=257,atl-edge-internal;dur=16,atl-edge-upstream;dur=242,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="CMv26AOHIMgj3V9uNimlvidIyA-dUDQeQAv3wwnZtyM0iBHNfh1jNQ==",cdn-downstream-fbl;dur=294 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=235,atl-edge;dur=227,atl-edge-internal;dur=17,atl-edge-upstream;dur=210,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="64MU3AgrkJvC3UmCNHZC0gaZN5vauT91mw8IsiALg9onDZjo08JFtg==",cdn-downstream-fbl;dur=239 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -589,15 +589,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - CMv26AOHIMgj3V9uNimlvidIyA-dUDQeQAv3wwnZtyM0iBHNfh1jNQ== + - 64MU3AgrkJvC3UmCNHZC0gaZN5vauT91mw8IsiALg9onDZjo08JFtg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 57c92e652c75b4d3f398bb097de3cf88 + - 0556886f1212cd77ce4774a2b1d50926 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -626,12 +626,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:16.645+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:37.414+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - b4510a34-5164-4c13-92d1-93b1c084ddb0 + - 6faf170a-2fb8-4583-a92b-7ec01d9fff09 Atl-Traceid: - - b4510a3451644c1392d193b1c084ddb0 + - 6faf170a2fb84583a92b7ec01d9fff09 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -641,7 +641,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:16 GMT + - Sat, 24 May 2025 10:33:37 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -651,7 +651,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=198,atl-edge;dur=165,atl-edge-internal;dur=17,atl-edge-upstream;dur=148,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="0XSmYthoSDqYQjboMEiTJdpWPVX80V2iJCbj8GRNeFE4POf919Ymog==",cdn-downstream-fbl;dur=202 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=116,atl-edge;dur=108,atl-edge-internal;dur=16,atl-edge-upstream;dur=92,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="1No0Q8zVoG8-AIZOF3ILkwM6yJ7WoXB0unOp45eFxaXocY6Weq3Wiw==",cdn-downstream-fbl;dur=120 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -661,15 +661,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f9c7cdbfd821ee3522abb640c0e0a228.cloudfront.net (CloudFront) + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 0XSmYthoSDqYQjboMEiTJdpWPVX80V2iJCbj8GRNeFE4POf919Ymog== + - 1No0Q8zVoG8-AIZOF3ILkwM6yJ7WoXB0unOp45eFxaXocY6Weq3Wiw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 98e99e66d6fe4f697e88f5794f138fe9 + - 66fd45060aa788cdc011b904a9b343e4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -707,9 +707,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 69f49a66-5201-4028-83c1-70c681fcc28e + - d36bf2bb-4994-40bf-a974-ed6d0dbff46e Atl-Traceid: - - 69f49a665201402883c170c681fcc28e + - d36bf2bb499440bfa974ed6d0dbff46e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -719,7 +719,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:17 GMT + - Sat, 24 May 2025 10:33:37 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -729,7 +729,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=324,atl-edge;dur=290,atl-edge-internal;dur=18,atl-edge-upstream;dur=272,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="CFQuyLEG3Qw-ZRqQlVvqYVPO41lo5M29YtYjryiP3nOVB_Mo3icspQ==",cdn-downstream-fbl;dur=328 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=255,atl-edge;dur=248,atl-edge-internal;dur=16,atl-edge-upstream;dur=231,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="VdVN3HyanhwjciMzrjDv17N492NQk04MjYmqkuyPLMTzC5I12FR9zg==",cdn-downstream-fbl;dur=260 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -739,18 +739,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 edb5724c2fa0963fde9c6c5089b747ce.cloudfront.net (CloudFront) + - 1.1 f5d6b2021b5a22554c0e7f5b20207324.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - CFQuyLEG3Qw-ZRqQlVvqYVPO41lo5M29YtYjryiP3nOVB_Mo3icspQ== + - VdVN3HyanhwjciMzrjDv17N492NQk04MjYmqkuyPLMTzC5I12FR9zg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - e0f996ace8877c9867151737d992c949 + - 32ee46263cc0f53a556f0fba45ee8f46 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -763,11 +763,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/274]\n\n*Defect - Dojo link:* http://localhost:8080/finding/274 (274)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/309]\n\n*Defect + Dojo link:* http://localhost:8080/finding/309 (309)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/104]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/111]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -785,7 +785,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -794,12 +794,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18211","key":"NTEST-1858","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18211"}' + string: '{"id":"19667","key":"NTEST-2995","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19667"}' headers: Atl-Request-Id: - - 3fcc3dfd-e2ff-4ab1-9824-b1e43a305964 + - 77f3103c-d818-4816-b1b0-4ba14c689e63 Atl-Traceid: - - 3fcc3dfde2ff4ab19824b1e43a305964 + - 77f3103cd8184816b1b04ba14c689e63 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -807,7 +807,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:18 GMT + - Sat, 24 May 2025 10:33:38 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -817,7 +817,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=797,atl-edge;dur=765,atl-edge-internal;dur=17,atl-edge-upstream;dur=749,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="MJHndHvbha1Gy7Hwwn4VjnkEXvYOxYj7F7i55WZNybOmDy765VIL1Q==",cdn-downstream-fbl;dur=801 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=620,atl-edge;dur=612,atl-edge-internal;dur=16,atl-edge-upstream;dur=597,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="sb2QXdf7A44lbo9Hncdom2CEvQQ6KwIUjC3XMK9N8q4fIowKQI1F-g==",cdn-downstream-fbl;dur=624 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -827,15 +827,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 800cba2437ee092ab9e4755c65d34a72.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - MJHndHvbha1Gy7Hwwn4VjnkEXvYOxYj7F7i55WZNybOmDy765VIL1Q== + - sb2QXdf7A44lbo9Hncdom2CEvQQ6KwIUjC3XMK9N8q4fIowKQI1F-g== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c44c6e8065036f287f0b546e09b8e5cf + - c9e4b62da6a42ec8b1e786c97c51673c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -861,19 +861,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1858 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2995 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18211","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18211","key":"NTEST-1858","fields":{"statuscategorychangedate":"2025-04-30T18:26:17.891+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19667","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19667","key":"NTEST-2995","fields":{"statuscategorychangedate":"2025-05-24T12:33:38.385+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1858/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:17.552+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t3b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:17.642+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2995/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:38.125+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010gn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:38.193+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/274]\n\n*Defect - Dojo link:* http://localhost:8080/finding/274 (274)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/309]\n\n*Defect + Dojo link:* http://localhost:8080/finding/309 (309)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/104]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/111]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -881,14 +881,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1858/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18211/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2995/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19667/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - d3da27c1-dfe9-4857-afda-ef8d0318985f + - 2cd08e68-7d4d-4ee5-835a-36696bff24ba Atl-Traceid: - - d3da27c1dfe94857afdaef8d0318985f + - 2cd08e687d4d4ee5835a36696bff24ba Cache-Control: - no-cache, no-store, no-transform Connection: @@ -898,7 +898,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:18 GMT + - Sat, 24 May 2025 10:33:38 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -908,7 +908,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=389,atl-edge;dur=355,atl-edge-internal;dur=15,atl-edge-upstream;dur=341,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="esCkxqox3qaqy-1XKHQZ2TzN8GMzDtIJ7ZlPVe9NSMnIDRAwe97wAg==",cdn-downstream-fbl;dur=393 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=216,atl-edge;dur=209,atl-edge-internal;dur=18,atl-edge-upstream;dur=189,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="suNMqEEsNEsZKWIuMvRYa0912lqCw-siXMb54gcSqB2-g0DcG8GwCg==",cdn-downstream-fbl;dur=221 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -918,15 +918,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 7d27498ef63e76e5a81975299a76fae4.cloudfront.net (CloudFront) + - 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - esCkxqox3qaqy-1XKHQZ2TzN8GMzDtIJ7ZlPVe9NSMnIDRAwe97wAg== + - suNMqEEsNEsZKWIuMvRYa0912lqCw-siXMb54gcSqB2-g0DcG8GwCg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - f8b3cff3ab482a574b84b3fb89636b90 + - d64988543b5d48839de714d734b1fa57 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -952,19 +952,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18211 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19667 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18211","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18211","key":"NTEST-1858","fields":{"statuscategorychangedate":"2025-04-30T18:26:17.891+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19667","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19667","key":"NTEST-2995","fields":{"statuscategorychangedate":"2025-05-24T12:33:38.385+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1858/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:17.552+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t3b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:17.642+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2995/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:38.125+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010gn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:38.193+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/274]\n\n*Defect - Dojo link:* http://localhost:8080/finding/274 (274)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/309]\n\n*Defect + Dojo link:* http://localhost:8080/finding/309 (309)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/104]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/111]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -972,14 +972,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1858/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18211/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2995/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19667/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 9a530b91-276e-4e46-9c2b-96e90fc5d733 + - 09f6c2a9-ca6f-499a-9e9e-a8b293d48eab Atl-Traceid: - - 9a530b91276e4e469c2b96e90fc5d733 + - 09f6c2a9ca6f499a9e9ea8b293d48eab Cache-Control: - no-cache, no-store, no-transform Connection: @@ -989,7 +989,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:18 GMT + - Sat, 24 May 2025 10:33:39 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -999,7 +999,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=320,atl-edge;dur=287,atl-edge-internal;dur=15,atl-edge-upstream;dur=271,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="MkYHGXGCfpMGskZw5B3efudPqAM_ZQKS74ZgfRj1mHySbgg1udfWdA==",cdn-downstream-fbl;dur=323 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=234,atl-edge;dur=227,atl-edge-internal;dur=17,atl-edge-upstream;dur=211,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="sLMkvFIRw04_0-oc_pJDy3hVYrAKTrXXwQIaGEZni7y0aFVp7rWlcg==",cdn-downstream-fbl;dur=237 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1009,15 +1009,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2918cacbb3dda2d143059f9b5f341e32.cloudfront.net (CloudFront) + - 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - MkYHGXGCfpMGskZw5B3efudPqAM_ZQKS74ZgfRj1mHySbgg1udfWdA== + - sLMkvFIRw04_0-oc_pJDy3hVYrAKTrXXwQIaGEZni7y0aFVp7rWlcg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - ac4760181197a9635886ddaa54dc7eb4 + - b3e4a471f6e7edc4a43cdc8b83129a65 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1028,21 +1028,7 @@ interactions: code: 200 message: OK - request: - body: '{"description": "Event scan_added_empty has occurred.", "title": "Created/Updated - 0 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/104", "url_api": "http://localhost:8080/api/v2/tests/104/", - "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", - "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": - "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": - "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter - Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": - "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 104, "url_ui": "http://localhost:8080/test/104", "url_api": "http://localhost:8080/api/v2/tests/104/"}, - "finding_count": 0, "findings": {"new": [], "reactivated": [], "mitigated": - [], "untouched": [{"id": 273, "title": "Zap1: Cookie Without Secure Flag", "severity": - "Low", "url_ui": "http://localhost:8080/finding/273", "url_api": "http://localhost:8080/api/v2/findings/273/"}, - {"id": 274, "title": "Zap2: Cookie Without Secure Flag", "severity": "Low", - "url_ui": "http://localhost:8080/finding/274", "url_api": "http://localhost:8080/api/v2/findings/274/"}]}}' + body: '"scan_added.tpl"' headers: Accept: - application/json @@ -1053,11 +1039,11 @@ interactions: Connection: - keep-alive Content-Length: - - '1321' + - '16' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added_empty X-DefectDojo-Instance: @@ -1069,64 +1055,25 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"1321\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"16\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added_empty\"\n ],\n \"X-Defectdojo-Instance\": [\n \ \"http://localhost:8080\"\n ]\n },\n \"method\": \"POST\",\n \"origin\": - \"172.18.0.9:37088\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n - \ \"data\": \"{\\\"description\\\": \\\"Event scan_added_empty has occurred.\\\", - \\\"title\\\": \\\"Created/Updated 0 findings for Security How-to: 1st Quarter - Engagement: ZAP Scan\\\", \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/104\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/104/\\\", \\\"product_type\\\": - {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": - {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": - {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": - \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 104, \\\"url_ui\\\": \\\"http://localhost:8080/test/104\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/104/\\\"}, \\\"finding_count\\\": - 0, \\\"findings\\\": {\\\"new\\\": [], \\\"reactivated\\\": [], \\\"mitigated\\\": - [], \\\"untouched\\\": [{\\\"id\\\": 273, \\\"title\\\": \\\"Zap1: Cookie - Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/273\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/273/\\\"}, {\\\"id\\\": - 274, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", \\\"severity\\\": - \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/274\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/274/\\\"}]}}\",\n \"files\": {},\n - \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added_empty - has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": - \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n - \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": - 0,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [],\n \"reactivated\": - [],\n \"untouched\": [\n {\n \"id\": 273,\n \"severity\": - \"Low\",\n \"title\": \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/273/\",\n \"url_ui\": \"http://localhost:8080/finding/273\"\n - \ },\n {\n \"id\": 274,\n \"severity\": \"Low\",\n - \ \"title\": \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/274/\",\n \"url_ui\": \"http://localhost:8080/finding/274\"\n - \ }\n ]\n },\n \"product\": {\n \"id\": 2,\n \"name\": - \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n - \ \"url_ui\": \"http://localhost:8080/product/2\"\n },\n \"product_type\": - {\n \"id\": 2,\n \"name\": \"ebooks\",\n \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n - \ \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": - {\n \"id\": 104,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/104/\",\n - \ \"url_ui\": \"http://localhost:8080/test/104\"\n },\n \"title\": - \"Created/Updated 0 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/104/\",\n - \ \"url_ui\": \"http://localhost:8080/test/104\",\n \"user\": null\n - \ }\n}\n" + \"10.250.1.6:39966\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n + \ \"data\": \"\\\"scan_added.tpl\\\"\",\n \"files\": {},\n \"form\": {},\n + \ \"json\": \"scan_added.tpl\"\n}\n" headers: Access-Control-Allow-Credentials: - 'true' Access-Control-Allow-Origin: - '*' + Content-Length: + - '738' Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:18 GMT - Transfer-Encoding: - - chunked + - Sat, 24 May 2025 10:33:38 GMT status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_push_to_jira_reimport_with_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_push_to_jira_reimport_with_push_to_jira.yaml index 202abebf774..fe2bb259f5e 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_push_to_jira_reimport_with_push_to_jira.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_push_to_jira_reimport_with_push_to_jira.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:19.402+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:39.455+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - d0182a28-d055-4c89-84e4-d954b320b701 + - d9c3d334-b6a6-4d68-8006-876de5fef98d Atl-Traceid: - - d0182a28d0554c8984e4d954b320b701 + - d9c3d334b6a64d688006876de5fef98d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:19 GMT + - Sat, 24 May 2025 10:33:39 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="Y5WV9G-l3GkT2W9LGc_s5Ele-08Tbd7xdFMPC66RxDhdHHe5Ov4baA==",cdn-downstream-fbl;dur=263,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=61,cdn-upstream-fbl;dur=260,atl-edge;dur=176,atl-edge-internal;dur=13,atl-edge-upstream;dur=164,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=109,atl-edge;dur=102,atl-edge-internal;dur=15,atl-edge-upstream;dur=87,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="-4VuwiNr2d7NXK1NKyiVQWKhhwZr5RL5kdYRVoCszETagNc57UMZmA==",cdn-downstream-fbl;dur=113 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 35f3ad5aa26e63a13ffedf420998e698.cloudfront.net (CloudFront) + - 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Y5WV9G-l3GkT2W9LGc_s5Ele-08Tbd7xdFMPC66RxDhdHHe5Ov4baA== + - -4VuwiNr2d7NXK1NKyiVQWKhhwZr5RL5kdYRVoCszETagNc57UMZmA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - b451f3913836f3383e7adfdff808afad + - 73d796fd716eeda9dbe11f0289318b24 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - ce6bdc98-6d44-4da5-a863-ab7d0b4b1372 + - 4566c8a0-f5f9-4bc1-9411-84a78ae654c1 Atl-Traceid: - - ce6bdc986d444da5a863ab7d0b4b1372 + - 4566c8a0f5f94bc1941184a78ae654c1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:19 GMT + - Sat, 24 May 2025 10:33:39 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=302,atl-edge;dur=269,atl-edge-internal;dur=14,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="jBXJcJ0UqFkabeWD5Pbucj04ZDQJkLvXOZScPKFUvfG9zWEAwxNRLA==",cdn-downstream-fbl;dur=305 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="AnLHKJfHcCYmeOY0oMh3oOs3l-7bAOgpNsfvHOBdl56yE21Sg7__7w==",cdn-downstream-fbl;dur=317,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=314,atl-edge;dur=286,atl-edge-internal;dur=20,atl-edge-upstream;dur=267,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 aa3674a12327640af71c59263be8ffc6.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - jBXJcJ0UqFkabeWD5Pbucj04ZDQJkLvXOZScPKFUvfG9zWEAwxNRLA== + - AnLHKJfHcCYmeOY0oMh3oOs3l-7bAOgpNsfvHOBdl56yE21Sg7__7w== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - e0afc0879f5d20336790dd0afeaff7d5 + - 4e9ca2f6d771932ec4f3f6ff31af1e9a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -155,11 +155,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/275]\n\n*Defect - Dojo link:* http://localhost:8080/finding/275 (275)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/310]\n\n*Defect + Dojo link:* http://localhost:8080/finding/310 (310)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/105]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/112]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -177,7 +177,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -186,12 +186,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18213","key":"NTEST-1859","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18213"}' + string: '{"id":"19668","key":"NTEST-2996","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19668"}' headers: Atl-Request-Id: - - b28bfc0a-6d51-49c4-9a84-e83e8beaf024 + - e0fde8aa-892f-40c6-80f7-c18d18d04a21 Atl-Traceid: - - b28bfc0a6d5149c49a84e83e8beaf024 + - e0fde8aa892f40c680f7c18d18d04a21 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -199,7 +199,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:20 GMT + - Sat, 24 May 2025 10:33:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -209,7 +209,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="SG5sPS7XmY8W5WylLsgmNCKpsj4FTsVqk6AJC3OUALtN51TR7JYphA==",cdn-downstream-fbl;dur=708,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=705,atl-edge;dur=618,atl-edge-internal;dur=16,atl-edge-upstream;dur=602,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=604,atl-edge;dur=597,atl-edge-internal;dur=16,atl-edge-upstream;dur=581,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="zMfEadAZr6adzM4X9R5VP5bKzsgHcwgBZAAQC7TqofLyvRadQMm74g==",cdn-downstream-fbl;dur=607 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -219,15 +219,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c8780798b589dc6b55523ca0a9bc3c02.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - SG5sPS7XmY8W5WylLsgmNCKpsj4FTsVqk6AJC3OUALtN51TR7JYphA== + - zMfEadAZr6adzM4X9R5VP5bKzsgHcwgBZAAQC7TqofLyvRadQMm74g== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 4f79cf0c96cee0a74183e38dcf0b990e + - 92a8c648a5433849d8b9b8b89aee795c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -253,19 +253,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1859 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2996 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18213","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18213","key":"NTEST-1859","fields":{"statuscategorychangedate":"2025-04-30T18:26:20.584+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19668","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19668","key":"NTEST-2996","fields":{"statuscategorychangedate":"2025-05-24T12:33:40.438+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1859/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:20.337+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t3j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:20.404+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2996/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:40.182+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010gv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:40.248+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/275]\n\n*Defect - Dojo link:* http://localhost:8080/finding/275 (275)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/310]\n\n*Defect + Dojo link:* http://localhost:8080/finding/310 (310)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/105]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/112]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -273,14 +273,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1859/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18213/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2996/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19668/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 497d72d5-03d5-4990-aeaf-845fc59596a9 + - dd63e927-9e28-4896-a557-a531a3e1b4cb Atl-Traceid: - - 497d72d503d54990aeaf845fc59596a9 + - dd63e9279e284896a557a531a3e1b4cb Cache-Control: - no-cache, no-store, no-transform Connection: @@ -290,7 +290,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:21 GMT + - Sat, 24 May 2025 10:33:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -300,7 +300,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="PX9LxwMnePkQW4VBYj15tPWHOBDE4DRdfnwj7LWgRMV_s0Q6i03YDg==",cdn-downstream-fbl;dur=333,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=55,cdn-upstream-fbl;dur=331,atl-edge;dur=256,atl-edge-internal;dur=16,atl-edge-upstream;dur=240,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=227,atl-edge;dur=220,atl-edge-internal;dur=20,atl-edge-upstream;dur=200,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Ewh01FYDwmVYS2D-w6KpaIrYzmzp63XFGulu8GZho5icJ5V3YMci1A==",cdn-downstream-fbl;dur=235 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -310,15 +310,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 82e46a17c2e4998f87de230e61a57612.cloudfront.net (CloudFront) + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - PX9LxwMnePkQW4VBYj15tPWHOBDE4DRdfnwj7LWgRMV_s0Q6i03YDg== + - Ewh01FYDwmVYS2D-w6KpaIrYzmzp63XFGulu8GZho5icJ5V3YMci1A== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 4c2ae3458a70ff6b1a05bb195568147a + - bcb185cb611fff27c1b55d5ed30d724f X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -344,19 +344,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18213 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19668 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18213","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18213","key":"NTEST-1859","fields":{"statuscategorychangedate":"2025-04-30T18:26:20.584+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19668","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19668","key":"NTEST-2996","fields":{"statuscategorychangedate":"2025-05-24T12:33:40.438+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1859/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:20.337+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t3j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:20.404+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2996/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:40.182+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010gv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:40.248+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/275]\n\n*Defect - Dojo link:* http://localhost:8080/finding/275 (275)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/310]\n\n*Defect + Dojo link:* http://localhost:8080/finding/310 (310)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/105]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/112]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -364,14 +364,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1859/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18213/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2996/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19668/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 140424e1-fd7e-48d2-b9f3-ef96556e5f84 + - 25ebdfb9-a388-493b-bc1c-768dc372dbe2 Atl-Traceid: - - 140424e1fd7e48d2b9f3ef96556e5f84 + - 25ebdfb9a388493bbc1c768dc372dbe2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -381,7 +381,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:21 GMT + - Sat, 24 May 2025 10:33:41 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -391,7 +391,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="8ewGdEaQYdRxNcJ-YYD1H4qgO3u-3bki-JtreM5utWT8nNe_nAL5WQ==",cdn-downstream-fbl;dur=372,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=369,atl-edge;dur=282,atl-edge-internal;dur=17,atl-edge-upstream;dur=266,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=187,atl-edge;dur=179,atl-edge-internal;dur=16,atl-edge-upstream;dur=163,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="c6q32Ge6aRHhC3g8kOMhjifdor1_nO10fVTAjT-NFbLXDyHErKMglg==",cdn-downstream-fbl;dur=191 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -401,15 +401,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0835ebd52ef8594cd8aa4dac9cfbd9a8.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 8ewGdEaQYdRxNcJ-YYD1H4qgO3u-3bki-JtreM5utWT8nNe_nAL5WQ== + - c6q32Ge6aRHhC3g8kOMhjifdor1_nO10fVTAjT-NFbLXDyHErKMglg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - a9d71e220e6a36e58bfdda7c94969c87 + - f1cfac2ea2027ed64856e7ef39a9747e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -438,12 +438,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:22.001+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:41.355+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - dfa7450b-169b-402b-9ea2-b78581bae5e8 + - 1b76c5de-7177-4bda-a5f5-1b0aa7c6c2e2 Atl-Traceid: - - dfa7450b169b402b9ea2b78581bae5e8 + - 1b76c5de71774bdaa5f51b0aa7c6c2e2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -453,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:22 GMT + - Sat, 24 May 2025 10:33:41 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -463,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=194,atl-edge;dur=161,atl-edge-internal;dur=13,atl-edge-upstream;dur=148,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="5ubgXR5k8Vfrtg4A7wyNSKeLEq64LXBtSk1tIa2xc1bgziQwXwyo3Q==",cdn-downstream-fbl;dur=197 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=111,atl-edge;dur=103,atl-edge-internal;dur=17,atl-edge-upstream;dur=86,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="THST3xtnBSEdBScEA34QXzwK98Q3Z_jrcROwy5hutUD3Fqiw9cShdQ==",cdn-downstream-fbl;dur=115 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -473,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 223f95455b0bb3057583bfe63e0d5c7a.cloudfront.net (CloudFront) + - 1.1 f5d6b2021b5a22554c0e7f5b20207324.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 5ubgXR5k8Vfrtg4A7wyNSKeLEq64LXBtSk1tIa2xc1bgziQwXwyo3Q== + - THST3xtnBSEdBScEA34QXzwK98Q3Z_jrcROwy5hutUD3Fqiw9cShdQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 63b74fc870fe08ff99b82b274abac5bb + - 9578f2413b73949eeb5fc5e1f912a972 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -519,9 +519,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - c54211fe-e98b-4225-b5f3-d0ea40da8463 + - dd3e1a86-c2e7-4626-9d6f-b351ec6b0748 Atl-Traceid: - - c54211fee98b4225b5f3d0ea40da8463 + - dd3e1a86c2e746269d6fb351ec6b0748 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -531,7 +531,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:22 GMT + - Sat, 24 May 2025 10:33:41 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -541,7 +541,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="CsgOPY1WM1cpKzDIQEcQWAoAi71e69TcBDQY38BduO8bcB1mvBYfrQ==",cdn-downstream-fbl;dur=373,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=371,atl-edge;dur=284,atl-edge-internal;dur=18,atl-edge-upstream;dur=266,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=277,atl-edge;dur=269,atl-edge-internal;dur=17,atl-edge-upstream;dur=252,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="CI0kTvaUiRtmaD8GKKw07jIx0HkmlyiCVmSXp4oDcoXTgtkEpeNLOg==",cdn-downstream-fbl;dur=281 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -551,18 +551,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c1388c9ad241eb02cd4ddbe69b1a2d34.cloudfront.net (CloudFront) + - 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - CsgOPY1WM1cpKzDIQEcQWAoAi71e69TcBDQY38BduO8bcB1mvBYfrQ== + - CI0kTvaUiRtmaD8GKKw07jIx0HkmlyiCVmSXp4oDcoXTgtkEpeNLOg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 153f3b32325e90642aeacd9ec94d274c + - 399813b72c5862be0067c2b0cb9cfe69 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -575,11 +575,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/276]\n\n*Defect - Dojo link:* http://localhost:8080/finding/276 (276)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/311]\n\n*Defect + Dojo link:* http://localhost:8080/finding/311 (311)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/105]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/112]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -597,7 +597,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -606,12 +606,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18215","key":"NTEST-1860","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18215"}' + string: '{"id":"19669","key":"NTEST-2997","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19669"}' headers: Atl-Request-Id: - - 60097f2f-6841-4917-aa82-48b28df21d99 + - 35d8d76a-e7a7-4434-9f08-345d3b536a2f Atl-Traceid: - - 60097f2f68414917aa8248b28df21d99 + - 35d8d76ae7a744349f08345d3b536a2f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -619,7 +619,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:23 GMT + - Sat, 24 May 2025 10:33:42 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -629,7 +629,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="nedeDjLAVpksPnf-Lfl4ZyKU3Y_c7Ym8L_vw9-OiTZnxZTiAqo5UnA==",cdn-downstream-fbl;dur=847,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=55,cdn-upstream-fbl;dur=844,atl-edge;dur=769,atl-edge-internal;dur=25,atl-edge-upstream;dur=745,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=731,atl-edge;dur=723,atl-edge-internal;dur=17,atl-edge-upstream;dur=706,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ugYqI2JL1FXD9H5hSoz-XZKVqcy9CEjP-2RERc0CLV0ATZ0VoyndWg==",cdn-downstream-fbl;dur=735 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -639,15 +639,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f6567fa2210130239a3a2c737c9517ac.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - nedeDjLAVpksPnf-Lfl4ZyKU3Y_c7Ym8L_vw9-OiTZnxZTiAqo5UnA== + - ugYqI2JL1FXD9H5hSoz-XZKVqcy9CEjP-2RERc0CLV0ATZ0VoyndWg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 53330ff8f9f08118c1e02b693617d095 + - 20b1c28b5ac6132939c007867b470f4f X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -673,19 +673,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1860 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2997 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18215","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18215","key":"NTEST-1860","fields":{"statuscategorychangedate":"2025-04-30T18:26:23.348+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19669","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19669","key":"NTEST-2997","fields":{"statuscategorychangedate":"2025-05-24T12:33:42.468+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1860/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:23.032+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t3r:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:23.118+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2997/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:42.107+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010h3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:42.189+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/276]\n\n*Defect - Dojo link:* http://localhost:8080/finding/276 (276)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/311]\n\n*Defect + Dojo link:* http://localhost:8080/finding/311 (311)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/105]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/112]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -693,14 +693,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1860/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18215/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2997/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19669/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 103b2b8a-3a86-4d60-9d3a-f2f62aed9623 + - 5d206732-88c2-4f95-838b-58d77fa41e45 Atl-Traceid: - - 103b2b8a3a864d609d3af2f62aed9623 + - 5d20673288c24f95838b58d77fa41e45 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -710,7 +710,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:23 GMT + - Sat, 24 May 2025 10:33:42 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -720,7 +720,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="uwIdlCdGrb7aWz3BNA-IL0A8jKRXhSgL5K4F55Q22WQdCa-opemuhA==",cdn-downstream-fbl;dur=364,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=361,atl-edge;dur=274,atl-edge-internal;dur=18,atl-edge-upstream;dur=257,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=231,atl-edge;dur=223,atl-edge-internal;dur=17,atl-edge-upstream;dur=206,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="R0qSzklPcJkn5f9Z_8TjIvCBa6-_-gk6RHkG4TroZgCdaApIh6vhAg==",cdn-downstream-fbl;dur=235 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -730,15 +730,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 51e6f466f192ce588105b138cebcc0d0.cloudfront.net (CloudFront) + - 1.1 b0062bb33b961b53be87d688f2bdd9f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - uwIdlCdGrb7aWz3BNA-IL0A8jKRXhSgL5K4F55Q22WQdCa-opemuhA== + - R0qSzklPcJkn5f9Z_8TjIvCBa6-_-gk6RHkG4TroZgCdaApIh6vhAg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 41ade01989c89e374bbb592b54dd1b3d + - b258a239b6b004000eed2de079dae35a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -764,19 +764,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18215 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19669 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18215","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18215","key":"NTEST-1860","fields":{"statuscategorychangedate":"2025-04-30T18:26:23.348+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19669","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19669","key":"NTEST-2997","fields":{"statuscategorychangedate":"2025-05-24T12:33:42.468+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1860/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:23.032+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t3r:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:23.118+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2997/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:42.107+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010h3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:42.189+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/276]\n\n*Defect - Dojo link:* http://localhost:8080/finding/276 (276)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/311]\n\n*Defect + Dojo link:* http://localhost:8080/finding/311 (311)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/105]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/112]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -784,14 +784,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1860/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18215/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2997/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19669/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 23b3112b-a894-460c-893d-45f735b7101c + - 07179150-ed16-4f48-9d14-36f7a3b7d023 Atl-Traceid: - - 23b3112ba894460c893d45f735b7101c + - 07179150ed164f489d1436f7a3b7d023 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -801,7 +801,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:24 GMT + - Sat, 24 May 2025 10:33:43 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -811,7 +811,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=276,atl-edge;dur=244,atl-edge-internal;dur=15,atl-edge-upstream;dur=229,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="KBrryJVJHeQMBDWjYc9wPVxcD6dUeiBpoS_IWuj1-W4QVffPwPYEsw==",cdn-downstream-fbl;dur=280 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=220,atl-edge;dur=212,atl-edge-internal;dur=17,atl-edge-upstream;dur=194,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="hd0NqAHWS7P6wPWRjmVsfzZJNduQs5h3sOBGx-VI-sQXkEDERBTLqg==",cdn-downstream-fbl;dur=224 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -821,15 +821,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8139bc666c011a53bdc5037ba6d5931e.cloudfront.net (CloudFront) + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - KBrryJVJHeQMBDWjYc9wPVxcD6dUeiBpoS_IWuj1-W4QVffPwPYEsw== + - hd0NqAHWS7P6wPWRjmVsfzZJNduQs5h3sOBGx-VI-sQXkEDERBTLqg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 92f616ea4049ef7abe3108cad05bf8c5 + - adfea731b16a898fa0d805b9b21a9ed1 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -842,14 +842,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/105", "url_api": "http://localhost:8080/api/v2/tests/105/", + "http://localhost:8080/test/112", "url_api": "http://localhost:8080/api/v2/tests/112/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 105, "url_ui": "http://localhost:8080/test/105", "url_api": "http://localhost:8080/api/v2/tests/105/"}}' + 112, "url_ui": "http://localhost:8080/test/112", "url_api": "http://localhost:8080/api/v2/tests/112/"}}' headers: Accept: - application/json @@ -864,7 +864,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -878,13 +878,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:37096\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:39978\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/105\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/105/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/112\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/112/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -892,8 +892,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 105, \\\"url_ui\\\": \\\"http://localhost:8080/test/105\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/105/\\\"}}\",\n \"files\": + null, \\\"id\\\": 112, \\\"url_ui\\\": \\\"http://localhost:8080/test/112\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/112/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -903,11 +903,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 105,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/105/\",\n - \ \"url_ui\": \"http://localhost:8080/test/105\"\n },\n \"title\": + 112,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/112/\",\n + \ \"url_ui\": \"http://localhost:8080/test/112\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/105/\",\n \"url_ui\": - \"http://localhost:8080/test/105\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/112/\",\n \"url_ui\": + \"http://localhost:8080/test/112\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -916,7 +916,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:24 GMT + - Sat, 24 May 2025 10:33:42 GMT Transfer-Encoding: - chunked status: @@ -925,19 +925,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/105", "url_api": "http://localhost:8080/api/v2/tests/105/", + "url_ui": "http://localhost:8080/test/112", "url_api": "http://localhost:8080/api/v2/tests/112/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 105, "url_ui": "http://localhost:8080/test/105", "url_api": "http://localhost:8080/api/v2/tests/105/"}, - "finding_count": 2, "findings": {"new": [{"id": 275, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/275", - "url_api": "http://localhost:8080/api/v2/findings/275/"}, {"id": 276, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/276", - "url_api": "http://localhost:8080/api/v2/findings/276/"}], "reactivated": [], + 112, "url_ui": "http://localhost:8080/test/112", "url_api": "http://localhost:8080/api/v2/tests/112/"}, + "finding_count": 2, "findings": {"new": [{"id": 310, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/310", + "url_api": "http://localhost:8080/api/v2/findings/310/"}, {"id": 311, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/311", + "url_api": "http://localhost:8080/api/v2/findings/311/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -953,7 +953,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -967,51 +967,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:37100\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:39994\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/105\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/105/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/112\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/112/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 105, \\\"url_ui\\\": \\\"http://localhost:8080/test/105\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/105/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 275, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 112, \\\"url_ui\\\": \\\"http://localhost:8080/test/112\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/112/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 310, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/275\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/275/\\\"}, - {\\\"id\\\": 276, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/276\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/276/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/310\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/310/\\\"}, + {\\\"id\\\": 311, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/311\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/311/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 275,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/275/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/275\"\n },\n - \ {\n \"id\": 276,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/276/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/276\"\n }\n ],\n + \ \"id\": 310,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/310/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/310\"\n },\n + \ {\n \"id\": 311,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/311/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/311\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 105,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/105/\",\n - \ \"url_ui\": \"http://localhost:8080/test/105\"\n },\n \"title\": + 112,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/112/\",\n + \ \"url_ui\": \"http://localhost:8080/test/112\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/105/\",\n - \ \"url_ui\": \"http://localhost:8080/test/105\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/112/\",\n + \ \"url_ui\": \"http://localhost:8080/test/112\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1021,7 +1021,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:24 GMT + - Sat, 24 May 2025 10:33:42 GMT Transfer-Encoding: - chunked status: @@ -1046,12 +1046,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:24.781+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:43.411+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 45f92200-938f-4d05-a733-c54ff860def8 + - 043cfa91-6025-425a-8c1c-7637d5188425 Atl-Traceid: - - 45f92200938f4d05a733c54ff860def8 + - 043cfa916025425a8c1c7637d5188425 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1061,7 +1061,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:24 GMT + - Sat, 24 May 2025 10:33:43 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1071,7 +1071,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=200,atl-edge;dur=167,atl-edge-internal;dur=14,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="ZUAdLi1_OiedRMX1PRRlFTIzTskkL0JjkGw8KM4Ghs57xlQkWLqLAQ==",cdn-downstream-fbl;dur=204 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=114,atl-edge;dur=106,atl-edge-internal;dur=17,atl-edge-upstream;dur=90,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ObvXUuSxCx9B9cZHTxDSLgbvjgKXneZBepi72vCeiAj_9oMJh10-xg==",cdn-downstream-fbl;dur=119 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1081,15 +1081,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 edb5724c2fa0963fde9c6c5089b747ce.cloudfront.net (CloudFront) + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ZUAdLi1_OiedRMX1PRRlFTIzTskkL0JjkGw8KM4Ghs57xlQkWLqLAQ== + - ObvXUuSxCx9B9cZHTxDSLgbvjgKXneZBepi72vCeiAj_9oMJh10-xg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - d3500fc2a9bc86cc2555463ce362872c + - 6ca1a325d16e656ad92a5d58b8424405 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1115,19 +1115,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18213 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19668 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18213","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18213","key":"NTEST-1859","fields":{"statuscategorychangedate":"2025-04-30T18:26:20.584+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19668","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19668","key":"NTEST-2996","fields":{"statuscategorychangedate":"2025-05-24T12:33:40.438+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1859/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:20.337+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t3j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:20.404+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2996/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:40.182+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010gv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:40.248+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/275]\n\n*Defect - Dojo link:* http://localhost:8080/finding/275 (275)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/310]\n\n*Defect + Dojo link:* http://localhost:8080/finding/310 (310)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/105]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/112]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1135,14 +1135,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1859/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18213/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2996/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19668/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 5b68d771-0c02-45d6-bcd8-01e986917cc6 + - 33c1ed90-f7df-4cc8-93bc-bb7d0777657b Atl-Traceid: - - 5b68d7710c0245d6bcd801e986917cc6 + - 33c1ed90f7df4cc893bcbb7d0777657b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1152,7 +1152,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:25 GMT + - Sat, 24 May 2025 10:33:43 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1162,7 +1162,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="_mbOYnC8-j-4CIpCwWrKC7JuEvT-sRCjpa89ekDxJi-m3AH5U0n5jQ==",cdn-downstream-fbl;dur=358,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=66,cdn-upstream-fbl;dur=356,atl-edge;dur=268,atl-edge-internal;dur=15,atl-edge-upstream;dur=252,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=7,cdn-upstream-fbl;dur=242,atl-edge;dur=212,atl-edge-internal;dur=15,atl-edge-upstream;dur=197,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="J2luGsd7xk_CA4h2n6_hNijQhGYFxivS4cW3QdHXFrnYi1uJrnsNRw==",cdn-downstream-fbl;dur=246 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1172,15 +1172,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 471c951325b4c2c11c6c583a1d28e92a.cloudfront.net (CloudFront) + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - _mbOYnC8-j-4CIpCwWrKC7JuEvT-sRCjpa89ekDxJi-m3AH5U0n5jQ== + - J2luGsd7xk_CA4h2n6_hNijQhGYFxivS4cW3QdHXFrnYi1uJrnsNRw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - b1ebfc9cd1966510572c699d63019c22 + - 45bd11b58b48b8dedd2f07d9dfba95e6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1209,12 +1209,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:25.671+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:43.993+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 32a1bd99-ac2a-4a1a-8d00-24d3f75fe442 + - 04ff26be-771c-4381-863b-9fa3214e5861 Atl-Traceid: - - 32a1bd99ac2a4a1a8d0024d3f75fe442 + - 04ff26be771c4381863b9fa3214e5861 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1224,7 +1224,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:25 GMT + - Sat, 24 May 2025 10:33:44 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1234,7 +1234,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="n1OWV0tUBAWjaGlO57bRzrMpOWZvpU5RP-qE7a6G-r8Xp6EhI--z4g==",cdn-downstream-fbl;dur=255,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=252,atl-edge;dur=162,atl-edge-internal;dur=17,atl-edge-upstream;dur=146,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=124,atl-edge;dur=116,atl-edge-internal;dur=14,atl-edge-upstream;dur=103,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="B5USSwlt4c3qhYOvQd3n3vjl4qp9LcBZIW4rd-WDirC2kob5yBjlpw==",cdn-downstream-fbl;dur=128 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1244,15 +1244,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ed78483d37e5338746e5a4b545e5818e.cloudfront.net (CloudFront) + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - n1OWV0tUBAWjaGlO57bRzrMpOWZvpU5RP-qE7a6G-r8Xp6EhI--z4g== + - B5USSwlt4c3qhYOvQd3n3vjl4qp9LcBZIW4rd-WDirC2kob5yBjlpw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 739a41760d6b9f2a825c0e28e2c6e2e7 + - 543191dc061ce114d020d69d04c089c5 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1278,19 +1278,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18213 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19668 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18213","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18213","key":"NTEST-1859","fields":{"statuscategorychangedate":"2025-04-30T18:26:20.584+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19668","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19668","key":"NTEST-2996","fields":{"statuscategorychangedate":"2025-05-24T12:33:40.438+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1859/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:20.337+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t3j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:20.404+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2996/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:40.182+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010gv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:40.248+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/275]\n\n*Defect - Dojo link:* http://localhost:8080/finding/275 (275)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/310]\n\n*Defect + Dojo link:* http://localhost:8080/finding/310 (310)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/105]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/112]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1298,14 +1298,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1859/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18213/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2996/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19668/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - c1db045a-018a-4a52-92a2-409036a10be7 + - f964304b-9006-4201-8299-ad713da7abe8 Atl-Traceid: - - c1db045a018a4a5292a2409036a10be7 + - f964304b900642018299ad713da7abe8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1315,7 +1315,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:26 GMT + - Sat, 24 May 2025 10:33:44 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1325,7 +1325,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="iB53L0zaz61v386Cfr0sTXZEsZipf2zIfYmrUzUrASOzfqO_-ygzHA==",cdn-downstream-fbl;dur=351,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=349,atl-edge;dur=262,atl-edge-internal;dur=18,atl-edge-upstream;dur=244,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=197,atl-edge;dur=189,atl-edge-internal;dur=21,atl-edge-upstream;dur=169,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="vY1xfggrTaqNFNaSfqqbVFcUTK3lnKyivh53ImdIaUmoiF4e82GtaQ==",cdn-downstream-fbl;dur=201 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1335,15 +1335,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8f3e5b5af450fbcfb7e821f6aa6b3d76.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - iB53L0zaz61v386Cfr0sTXZEsZipf2zIfYmrUzUrASOzfqO_-ygzHA== + - vY1xfggrTaqNFNaSfqqbVFcUTK3lnKyivh53ImdIaUmoiF4e82GtaQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - bbd41324b28a43c6cbf153dc4b2bf62b + - 47498cf756ced0e68d8fd2c13e782b05 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1381,9 +1381,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 769ba2bb-f4d6-4883-98e5-1ac0dbd63256 + - a34bf7d2-afde-4449-adfd-637c5447f614 Atl-Traceid: - - 769ba2bbf4d6488398e51ac0dbd63256 + - a34bf7d2afde4449adfd637c5447f614 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1393,7 +1393,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:26 GMT + - Sat, 24 May 2025 10:33:44 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1403,7 +1403,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="JWKNix31cL6qf36Vr4X1Xz7tbmw87K9qGalEQkL56ybGNK3uOPbkbw==",cdn-downstream-fbl;dur=377,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=59,cdn-upstream-fbl;dur=374,atl-edge;dur=294,atl-edge-internal;dur=15,atl-edge-upstream;dur=279,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="OrHQxZMmEqJ9gEDcMmPClzzhmrHKE8Z-Lj7_RyvZnaVEgekCAO9AQA==",cdn-downstream-fbl;dur=289,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=19,cdn-upstream-fbl;dur=286,atl-edge;dur=260,atl-edge-internal;dur=17,atl-edge-upstream;dur=242,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1413,18 +1413,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b6805b08a4af317938604723e3f3424a.cloudfront.net (CloudFront) + - 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - JWKNix31cL6qf36Vr4X1Xz7tbmw87K9qGalEQkL56ybGNK3uOPbkbw== + - OrHQxZMmEqJ9gEDcMmPClzzhmrHKE8Z-Lj7_RyvZnaVEgekCAO9AQA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 4051b2ca5365264d3ba543b97db1a80c + - 9819a29f985f39aa7578e3a02a4c991d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1437,11 +1437,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/275]\n\n*Defect - Dojo link:* http://localhost:8080/finding/275 (275)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/310]\n\n*Defect + Dojo link:* http://localhost:8080/finding/310 (310)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/105]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/112]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1459,21 +1459,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1308' + - '1309' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18213 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19668 response: body: string: '' headers: Atl-Request-Id: - - 415f6770-febe-4317-9e6c-f9a706e1dfca + - e56a43d6-ba82-4f3a-8017-43dd9de8d13d Atl-Traceid: - - 415f6770febe43179e6cf9a706e1dfca + - e56a43d6ba824f3a801743dd9de8d13d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1481,7 +1481,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:27 GMT + - Sat, 24 May 2025 10:33:44 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1491,7 +1491,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=297,atl-edge;dur=264,atl-edge-internal;dur=17,atl-edge-upstream;dur=247,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="qqMwi0FKwVJojZpr5SrHRIcFk0FaWX5IKDnRikTyKZXdAANzECdeSQ==",cdn-downstream-fbl;dur=303 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=269,atl-edge;dur=261,atl-edge-internal;dur=16,atl-edge-upstream;dur=246,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="5utFD2zPyRE6-54ywCM-khjlt67s_VLi9VD1Z0sGybRWGM8ufETMcQ==",cdn-downstream-fbl;dur=273 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1499,15 +1499,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 223f95455b0bb3057583bfe63e0d5c7a.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - qqMwi0FKwVJojZpr5SrHRIcFk0FaWX5IKDnRikTyKZXdAANzECdeSQ== + - 5utFD2zPyRE6-54ywCM-khjlt67s_VLi9VD1Z0sGybRWGM8ufETMcQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - dbeca2f9206da89228a7df283a80777a + - 47f1cc286751f909ce870be19f962941 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1533,19 +1533,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18213 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19668 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18213","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18213","key":"NTEST-1859","fields":{"statuscategorychangedate":"2025-04-30T18:26:20.584+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19668","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19668","key":"NTEST-2996","fields":{"statuscategorychangedate":"2025-05-24T12:33:40.438+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1859/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:20.337+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t3j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:20.404+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2996/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:40.182+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010gv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:40.248+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/275]\n\n*Defect - Dojo link:* http://localhost:8080/finding/275 (275)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/310]\n\n*Defect + Dojo link:* http://localhost:8080/finding/310 (310)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/105]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/112]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1553,14 +1553,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1859/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18213/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2996/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19668/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - aef7925f-6618-4aab-abae-e0fc63091fd9 + - 7b07cf99-cb7e-4779-9bca-18afd3429b79 Atl-Traceid: - - aef7925f66184aababaee0fc63091fd9 + - 7b07cf99cb7e47799bca18afd3429b79 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1570,7 +1570,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:27 GMT + - Sat, 24 May 2025 10:33:45 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1580,7 +1580,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="C1NJUp_N1oEdiA6HfFHDnm9XEYQ28kr8wQIj4u0IGYAu1dUdSS4ryg==",cdn-downstream-fbl;dur=356,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=66,cdn-upstream-fbl;dur=353,atl-edge;dur=260,atl-edge-internal;dur=17,atl-edge-upstream;dur=238,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=204,atl-edge;dur=197,atl-edge-internal;dur=17,atl-edge-upstream;dur=180,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="7pR1fReQFroyv78tnQZzHKgjPgmj4Fk3bPUZYRfJTkL1u5CBBrERtQ==",cdn-downstream-fbl;dur=209 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1590,15 +1590,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 82e46a17c2e4998f87de230e61a57612.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - C1NJUp_N1oEdiA6HfFHDnm9XEYQ28kr8wQIj4u0IGYAu1dUdSS4ryg== + - 7pR1fReQFroyv78tnQZzHKgjPgmj4Fk3bPUZYRfJTkL1u5CBBrERtQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - a9e58127970ab73475c373dff430e9ad + - aa6bae7228b573bfc2627af71da329dd X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1627,12 +1627,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:27.946+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:45.462+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 61bc5ec9-4b40-4215-bdb5-e352c098ba63 + - 3a488859-54d1-43c9-9021-8a8d8f803b9c Atl-Traceid: - - 61bc5ec94b404215bdb5e352c098ba63 + - 3a48885954d143c990218a8d8f803b9c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1642,7 +1642,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:27 GMT + - Sat, 24 May 2025 10:33:45 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1652,7 +1652,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=32,cdn-upstream-fbl;dur=284,atl-edge;dur=155,atl-edge-internal;dur=15,atl-edge-upstream;dur=140,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="XpOJragWubM614xQm4U6HEE2x-qjO5R0w0xDOoCwZFKkiGvw0N4k4g==",cdn-downstream-fbl;dur=289 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=109,atl-edge;dur=101,atl-edge-internal;dur=13,atl-edge-upstream;dur=88,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="eRlpKYB0vqo26iJEoKqHdIZ6_nvl4HKTq8RRSVvxIWrTfZFBCYtVBA==",cdn-downstream-fbl;dur=114 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1662,15 +1662,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 71ab92edd02bc8ec941d842529d753d0.cloudfront.net (CloudFront) + - 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - XpOJragWubM614xQm4U6HEE2x-qjO5R0w0xDOoCwZFKkiGvw0N4k4g== + - eRlpKYB0vqo26iJEoKqHdIZ6_nvl4HKTq8RRSVvxIWrTfZFBCYtVBA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 45572c5a555e15a412ec4f807c62724a + - 1ae813c7bb4dcb9afbeaa0585034d1c0 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1696,19 +1696,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18215 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19669 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18215","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18215","key":"NTEST-1860","fields":{"statuscategorychangedate":"2025-04-30T18:26:23.348+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19669","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19669","key":"NTEST-2997","fields":{"statuscategorychangedate":"2025-05-24T12:33:42.468+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1860/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:23.032+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t3r:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:23.118+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2997/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:42.107+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010h3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:42.189+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/276]\n\n*Defect - Dojo link:* http://localhost:8080/finding/276 (276)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/311]\n\n*Defect + Dojo link:* http://localhost:8080/finding/311 (311)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/105]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/112]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1716,14 +1716,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1860/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18215/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2997/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19669/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 280761d2-a750-4c72-a058-0b80a99fc39d + - 037c4f22-1ec3-4e21-83f0-a1ef3e8fb107 Atl-Traceid: - - 280761d2a7504c72a0580b80a99fc39d + - 037c4f221ec34e2183f0a1ef3e8fb107 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1733,7 +1733,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:28 GMT + - Sat, 24 May 2025 10:33:45 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1743,7 +1743,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="ptEtbKXz75rhR0WchG2WTgSrYUCx8UlLp1t4Is0Kz8pSHxqZZjTb3w==",cdn-downstream-fbl;dur=353,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=57,cdn-upstream-fbl;dur=350,atl-edge;dur=272,atl-edge-internal;dur=15,atl-edge-upstream;dur=258,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=220,atl-edge;dur=212,atl-edge-internal;dur=16,atl-edge-upstream;dur=194,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="3mNcu6AQ6GODzRyZnr9eezcrYENJ6NyRr8QUFbBRa3t7KmbHi8CBhA==",cdn-downstream-fbl;dur=224 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1753,15 +1753,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 087e16218fcf1ccb7472a2c9f6a4cbe2.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ptEtbKXz75rhR0WchG2WTgSrYUCx8UlLp1t4Is0Kz8pSHxqZZjTb3w== + - 3mNcu6AQ6GODzRyZnr9eezcrYENJ6NyRr8QUFbBRa3t7KmbHi8CBhA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 4f79d53299c59607e42582df70119dbf + - de50a3555e528fe04a8ab81d4e99b7ef X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1799,9 +1799,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 79d030cf-b999-4384-ba71-694f453dd756 + - fef2500c-8790-4c8f-81cc-95323aa5e838 Atl-Traceid: - - 79d030cfb9994384ba71694f453dd756 + - fef2500c87904c8f81cc95323aa5e838 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1811,7 +1811,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:28 GMT + - Sat, 24 May 2025 10:33:46 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1821,7 +1821,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="qclpvC3LofrFSP4lXTERNhmYk1Sld0cKhCB13Uq3yHbAMOgoMidyPw==",cdn-downstream-fbl;dur=371,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=60,cdn-upstream-fbl;dur=369,atl-edge;dur=287,atl-edge-internal;dur=17,atl-edge-upstream;dur=270,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="-nkLcckjOM4pfENI8bAITnIrLanANUnqFVo3M3Eyoa9uQv_eXPY2Kw==",cdn-downstream-fbl;dur=311,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=308,atl-edge;dur=280,atl-edge-internal;dur=17,atl-edge-upstream;dur=264,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1831,18 +1831,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 dd3ca66f64c2ab5745848b5787ca747a.cloudfront.net (CloudFront) + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - qclpvC3LofrFSP4lXTERNhmYk1Sld0cKhCB13Uq3yHbAMOgoMidyPw== + - -nkLcckjOM4pfENI8bAITnIrLanANUnqFVo3M3Eyoa9uQv_eXPY2Kw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 4a40190b7c3cc82e30bef8dfc3c5ed03 + - 545a057c14be3b4474c534690967e831 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1855,11 +1855,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/276]\n\n*Defect - Dojo link:* http://localhost:8080/finding/276 (276)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/311]\n\n*Defect + Dojo link:* http://localhost:8080/finding/311 (311)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/105]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/112]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1877,21 +1877,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1308' + - '1309' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18215 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19669 response: body: string: '' headers: Atl-Request-Id: - - e4929aae-e4af-44c4-82d2-98df35a775ef + - 9f71d410-11bd-4153-92bc-c186517a3d04 Atl-Traceid: - - e4929aaee4af44c482d298df35a775ef + - 9f71d41011bd415392bcc186517a3d04 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1899,7 +1899,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:29 GMT + - Sat, 24 May 2025 10:33:46 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1909,7 +1909,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=315,atl-edge;dur=282,atl-edge-internal;dur=15,atl-edge-upstream;dur=267,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="5XFS8smFEoJqwhsiSGXmAAF9szaRHBgciLcXyXjZ16yYq1BFw2KZcw==",cdn-downstream-fbl;dur=322 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=228,atl-edge;dur=220,atl-edge-internal;dur=15,atl-edge-upstream;dur=206,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="x8APFYEAycRXqEZFthLtZHqDjHo1IqQceXfTI7OXGd9FQO6TIzQJRw==",cdn-downstream-fbl;dur=232 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1917,15 +1917,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 223f95455b0bb3057583bfe63e0d5c7a.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 5XFS8smFEoJqwhsiSGXmAAF9szaRHBgciLcXyXjZ16yYq1BFw2KZcw== + - x8APFYEAycRXqEZFthLtZHqDjHo1IqQceXfTI7OXGd9FQO6TIzQJRw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 851fe8044d01128c792adaa7c562c8cc + - 67e12d805a3e9750fb8299ac43a2c865 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1951,19 +1951,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18215 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19669 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18215","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18215","key":"NTEST-1860","fields":{"statuscategorychangedate":"2025-04-30T18:26:23.348+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19669","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19669","key":"NTEST-2997","fields":{"statuscategorychangedate":"2025-05-24T12:33:42.468+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1860/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:23.032+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t3r:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:23.118+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2997/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:42.107+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010h3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:42.189+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/276]\n\n*Defect - Dojo link:* http://localhost:8080/finding/276 (276)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/311]\n\n*Defect + Dojo link:* http://localhost:8080/finding/311 (311)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/105]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/112]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1971,14 +1971,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1860/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18215/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2997/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19669/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - f35fd785-3bb1-4d2c-95a4-760c620e7605 + - 56faa38e-fb1c-4196-a172-53cc0f3b2747 Atl-Traceid: - - f35fd7853bb14d2c95a4760c620e7605 + - 56faa38efb1c4196a17253cc0f3b2747 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1988,7 +1988,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:29 GMT + - Sat, 24 May 2025 10:33:46 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1998,7 +1998,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=273,atl-edge;dur=240,atl-edge-internal;dur=16,atl-edge-upstream;dur=224,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="MQkoCru08o3uNmoGpNURLK8goAZgjMHUnIiH2oOPuq8LAed8xlnTRA==",cdn-downstream-fbl;dur=277 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=227,atl-edge;dur=220,atl-edge-internal;dur=18,atl-edge-upstream;dur=202,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="rPzD2CaBLfMl3PQaLtHA1a9FSivh6KFNxcj4kyC9h5eZLFiSCqj91w==",cdn-downstream-fbl;dur=231 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2008,15 +2008,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 895116b5366f3f5264f7b6361d3fd564.cloudfront.net (CloudFront) + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - MQkoCru08o3uNmoGpNURLK8goAZgjMHUnIiH2oOPuq8LAed8xlnTRA== + - rPzD2CaBLfMl3PQaLtHA1a9FSivh6KFNxcj4kyC9h5eZLFiSCqj91w== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 4db13db0091bd347706d281a949f4045 + - b9b3ebd1fda96ad9b5fdfac42238e506 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2027,21 +2027,7 @@ interactions: code: 200 message: OK - request: - body: '{"description": "Event scan_added_empty has occurred.", "title": "Created/Updated - 0 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/105", "url_api": "http://localhost:8080/api/v2/tests/105/", - "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", - "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": - "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": - "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter - Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": - "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 105, "url_ui": "http://localhost:8080/test/105", "url_api": "http://localhost:8080/api/v2/tests/105/"}, - "finding_count": 0, "findings": {"new": [], "reactivated": [], "mitigated": - [], "untouched": [{"id": 275, "title": "Zap1: Cookie Without Secure Flag", "severity": - "Low", "url_ui": "http://localhost:8080/finding/275", "url_api": "http://localhost:8080/api/v2/findings/275/"}, - {"id": 276, "title": "Zap2: Cookie Without Secure Flag", "severity": "Low", - "url_ui": "http://localhost:8080/finding/276", "url_api": "http://localhost:8080/api/v2/findings/276/"}]}}' + body: '"scan_added.tpl"' headers: Accept: - application/json @@ -2052,11 +2038,11 @@ interactions: Connection: - keep-alive Content-Length: - - '1321' + - '16' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added_empty X-DefectDojo-Instance: @@ -2068,64 +2054,25 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"1321\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"16\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added_empty\"\n ],\n \"X-Defectdojo-Instance\": [\n \ \"http://localhost:8080\"\n ]\n },\n \"method\": \"POST\",\n \"origin\": - \"172.18.0.9:60454\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n - \ \"data\": \"{\\\"description\\\": \\\"Event scan_added_empty has occurred.\\\", - \\\"title\\\": \\\"Created/Updated 0 findings for Security How-to: 1st Quarter - Engagement: ZAP Scan\\\", \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/105\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/105/\\\", \\\"product_type\\\": - {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": - {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": - {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": - \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 105, \\\"url_ui\\\": \\\"http://localhost:8080/test/105\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/105/\\\"}, \\\"finding_count\\\": - 0, \\\"findings\\\": {\\\"new\\\": [], \\\"reactivated\\\": [], \\\"mitigated\\\": - [], \\\"untouched\\\": [{\\\"id\\\": 275, \\\"title\\\": \\\"Zap1: Cookie - Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/275\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/275/\\\"}, {\\\"id\\\": - 276, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", \\\"severity\\\": - \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/276\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/276/\\\"}]}}\",\n \"files\": {},\n - \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added_empty - has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": - \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n - \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": - 0,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [],\n \"reactivated\": - [],\n \"untouched\": [\n {\n \"id\": 275,\n \"severity\": - \"Low\",\n \"title\": \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/275/\",\n \"url_ui\": \"http://localhost:8080/finding/275\"\n - \ },\n {\n \"id\": 276,\n \"severity\": \"Low\",\n - \ \"title\": \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/276/\",\n \"url_ui\": \"http://localhost:8080/finding/276\"\n - \ }\n ]\n },\n \"product\": {\n \"id\": 2,\n \"name\": - \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n - \ \"url_ui\": \"http://localhost:8080/product/2\"\n },\n \"product_type\": - {\n \"id\": 2,\n \"name\": \"ebooks\",\n \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n - \ \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": - {\n \"id\": 105,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/105/\",\n - \ \"url_ui\": \"http://localhost:8080/test/105\"\n },\n \"title\": - \"Created/Updated 0 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/105/\",\n - \ \"url_ui\": \"http://localhost:8080/test/105\",\n \"user\": null\n - \ }\n}\n" + \"10.250.1.6:33068\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n + \ \"data\": \"\\\"scan_added.tpl\\\"\",\n \"files\": {},\n \"form\": {},\n + \ \"json\": \"scan_added.tpl\"\n}\n" headers: Access-Control-Allow-Credentials: - 'true' Access-Control-Allow-Origin: - '*' + Content-Length: + - '738' Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:29 GMT - Transfer-Encoding: - - chunked + - Sat, 24 May 2025 10:33:45 GMT status: code: 200 message: OK @@ -2148,12 +2095,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:30.155+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:47.020+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 84d244f6-237a-443e-920e-17e5e7171743 + - 63efa4cd-655d-4b72-b57f-5fe7ae05ed05 Atl-Traceid: - - 84d244f6237a443e920e17e5e7171743 + - 63efa4cd655d4b72b57f5fe7ae05ed05 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2163,7 +2110,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:30 GMT + - Sat, 24 May 2025 10:33:47 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2173,7 +2120,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="vdbxpSdNJ4mWzQgeJFtreS5ROhmrVQ0FcCaFBp0eaylA6kXVjnpyOg==",cdn-downstream-fbl;dur=260,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=66,cdn-upstream-fbl;dur=258,atl-edge;dur=170,atl-edge-internal;dur=15,atl-edge-upstream;dur=155,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=105,atl-edge;dur=98,atl-edge-internal;dur=13,atl-edge-upstream;dur=85,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ai_98RCanoj9BAUtb0pvUVu54uQQ5ZULDU_xxCgZ9C8eWP9sNM4X7A==",cdn-downstream-fbl;dur=111 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2183,15 +2130,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 82e46a17c2e4998f87de230e61a57612.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - vdbxpSdNJ4mWzQgeJFtreS5ROhmrVQ0FcCaFBp0eaylA6kXVjnpyOg== + - ai_98RCanoj9BAUtb0pvUVu54uQQ5ZULDU_xxCgZ9C8eWP9sNM4X7A== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 728ccd4a2b2575d8af9fca57ea366729 + - d322ce9e3c91b2759bb9546e53cf79a6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2217,19 +2164,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18213 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19668 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18213","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18213","key":"NTEST-1859","fields":{"statuscategorychangedate":"2025-04-30T18:26:20.584+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19668","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19668","key":"NTEST-2996","fields":{"statuscategorychangedate":"2025-05-24T12:33:40.438+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1859/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:20.337+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t3j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:20.404+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2996/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:40.182+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010gv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:40.248+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/275]\n\n*Defect - Dojo link:* http://localhost:8080/finding/275 (275)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/310]\n\n*Defect + Dojo link:* http://localhost:8080/finding/310 (310)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/105]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/112]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -2237,14 +2184,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1859/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18213/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2996/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19668/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 6e4ec227-33ec-4e9e-85d6-b688cb302075 + - 89e7e20e-4e8c-45da-9484-c28c3baa4c37 Atl-Traceid: - - 6e4ec22733ec4e9e85d6b688cb302075 + - 89e7e20e4e8c45da9484c28c3baa4c37 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2254,7 +2201,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:30 GMT + - Sat, 24 May 2025 10:33:47 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2264,7 +2211,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="l43kmyOBFzqV_L1kT69a0RoM2BdKSXEivV-STjKz5oAAZR_XZ9Yl6g==",cdn-downstream-fbl;dur=379,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=376,atl-edge;dur=289,atl-edge-internal;dur=15,atl-edge-upstream;dur=274,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=216,atl-edge;dur=209,atl-edge-internal;dur=15,atl-edge-upstream;dur=193,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="fJld8b2XIcLkDGtVxIdsROvZ61Lwjt12Ammh8f__045Cq-p77vKX5w==",cdn-downstream-fbl;dur=220 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2274,15 +2221,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ed78483d37e5338746e5a4b545e5818e.cloudfront.net (CloudFront) + - 1.1 4ab1227a56c7dfaf7a8f7750683df1be.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - l43kmyOBFzqV_L1kT69a0RoM2BdKSXEivV-STjKz5oAAZR_XZ9Yl6g== + - fJld8b2XIcLkDGtVxIdsROvZ61Lwjt12Ammh8f__045Cq-p77vKX5w== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 4e0cd3dac3b817ed9d2c38330759f53c + - 96ff16ba196d56ec602966242b14e052 X-Cache: - Miss from cloudfront X-Content-Type-Options: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_twice_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_twice_push_to_jira.yaml index c6da1970b6b..fa0c8ee2b3d 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_twice_push_to_jira.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_twice_push_to_jira.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:31.008+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:47.577+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 01530f16-5967-42b4-9911-c8ab83696d6d + - 4fd1cae5-044a-45d1-a3c6-9b39abdc9bf2 Atl-Traceid: - - 01530f16596742b49911c8ab83696d6d + - 4fd1cae5044a45d1a3c69b39abdc9bf2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:31 GMT + - Sat, 24 May 2025 10:33:47 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=206,atl-edge;dur=173,atl-edge-internal;dur=19,atl-edge-upstream;dur=154,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="33qzOI_AnTvKkWkrT_wcUETwkcWwfMOHZfsUa-8QEpnHhShRxBt7OA==",cdn-downstream-fbl;dur=210 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=108,atl-edge;dur=100,atl-edge-internal;dur=16,atl-edge-upstream;dur=84,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="JkqXiyf5PNaZetKiKLGdm0Kh6x8qkQ_YRWzbTBC_3wLBF2y6XmhCVQ==",cdn-downstream-fbl;dur=112 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 895116b5366f3f5264f7b6361d3fd564.cloudfront.net (CloudFront) + - 1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 33qzOI_AnTvKkWkrT_wcUETwkcWwfMOHZfsUa-8QEpnHhShRxBt7OA== + - JkqXiyf5PNaZetKiKLGdm0Kh6x8qkQ_YRWzbTBC_3wLBF2y6XmhCVQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - bba2423e8f618de0d468864f86afcfa0 + - c8931491bf6fe4ee81595380f5ee33cc X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - c599a53e-41f7-4e38-bf8e-f34c581a067e + - 95967c8e-2292-46f1-8df0-7cefb9641ed6 Atl-Traceid: - - c599a53e41f74e38bf8ef34c581a067e + - 95967c8e229246f18df07cefb9641ed6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:31 GMT + - Sat, 24 May 2025 10:33:47 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=323,atl-edge;dur=291,atl-edge-internal;dur=17,atl-edge-upstream;dur=275,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="_3HqYM8EmNdU5hidWX-Kg5JZwzb1vxaUn-VFpPhBIL-GR9-kxDCC9g==",cdn-downstream-fbl;dur=328 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=237,atl-edge;dur=230,atl-edge-internal;dur=13,atl-edge-upstream;dur=217,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="HVD7hVo-wsB7PnXdDJ0IiuqssQTXisGHQXPsyaj_qfQKNs091WeQKw==",cdn-downstream-fbl;dur=241 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e665d09233240df4d3172e59222e0ba2.cloudfront.net (CloudFront) + - 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - _3HqYM8EmNdU5hidWX-Kg5JZwzb1vxaUn-VFpPhBIL-GR9-kxDCC9g== + - HVD7hVo-wsB7PnXdDJ0IiuqssQTXisGHQXPsyaj_qfQKNs091WeQKw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 0eeff82e0bc4308092e66a1f43511d46 + - dc3289db94c8ba5c8346498a00195da4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -155,11 +155,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/277]\n\n*Defect - Dojo link:* http://localhost:8080/finding/277 (277)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/312]\n\n*Defect + Dojo link:* http://localhost:8080/finding/312 (312)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/106]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/113]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -177,7 +177,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -186,12 +186,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18217","key":"NTEST-1861","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18217"}' + string: '{"id":"19670","key":"NTEST-2998","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19670"}' headers: Atl-Request-Id: - - 1d99461d-f272-45d1-8833-3d76882673e7 + - efdb09dd-55cb-4c69-8b58-85ff14bf743c Atl-Traceid: - - 1d99461df27245d188333d76882673e7 + - efdb09dd55cb4c698b5885ff14bf743c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -199,7 +199,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:32 GMT + - Sat, 24 May 2025 10:33:48 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -209,7 +209,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=714,atl-edge;dur=681,atl-edge-internal;dur=18,atl-edge-upstream;dur=664,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="ztTQ-ctg7NCiG_eGRvbVVrLk4Cw1_2Mxt4bWBch9EN6zHCZ5lkcaRg==",cdn-downstream-fbl;dur=719 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="TOVlzjQvgREcDBEBGkR4c-JV_uAgshMKJ0rM-B5ODLuTPjRGQa9TmA==",cdn-downstream-fbl;dur=802,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=790,atl-edge;dur=761,atl-edge-internal;dur=16,atl-edge-upstream;dur=745,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -219,15 +219,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 71ab92edd02bc8ec941d842529d753d0.cloudfront.net (CloudFront) + - 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ztTQ-ctg7NCiG_eGRvbVVrLk4Cw1_2Mxt4bWBch9EN6zHCZ5lkcaRg== + - TOVlzjQvgREcDBEBGkR4c-JV_uAgshMKJ0rM-B5ODLuTPjRGQa9TmA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 40de517a97ddf8b23a54bf5887295e6f + - 2652199fbd6bde797a2a32721c726a21 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -253,19 +253,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1861 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2998 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18217","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18217","key":"NTEST-1861","fields":{"statuscategorychangedate":"2025-04-30T18:26:32.267+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19670","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19670","key":"NTEST-2998","fields":{"statuscategorychangedate":"2025-05-24T12:33:48.629+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1861/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:31.972+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t3z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:32.056+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2998/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:48.306+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010hb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:48.386+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/277]\n\n*Defect - Dojo link:* http://localhost:8080/finding/277 (277)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/312]\n\n*Defect + Dojo link:* http://localhost:8080/finding/312 (312)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/106]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/113]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -273,14 +273,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1861/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18217/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2998/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19670/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 84133189-8b43-411f-8622-4e6e165f1135 + - 676cdde3-17f5-4a7f-a5ba-9fe3ae92d37f Atl-Traceid: - - 841331898b43411f86224e6e165f1135 + - 676cdde317f54a7fa5ba9fe3ae92d37f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -290,7 +290,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:32 GMT + - Sat, 24 May 2025 10:33:49 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -300,7 +300,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="wpuoL9b3C_v9Op6yd3lOezGLnbJUuvzqJDaaomnkbkwZiU9SVnAtJA==",cdn-downstream-fbl;dur=359,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=356,atl-edge;dur=283,atl-edge-internal;dur=18,atl-edge-upstream;dur=265,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=232,atl-edge;dur=224,atl-edge-internal;dur=15,atl-edge-upstream;dur=209,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="2E7agzqjLhacQeeA7DTU9uISD-UaQSpehEnbxSg3npbcRPpH55gyQw==",cdn-downstream-fbl;dur=235 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -310,15 +310,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8dac9acbf37a4821f35529f7cc336eba.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - wpuoL9b3C_v9Op6yd3lOezGLnbJUuvzqJDaaomnkbkwZiU9SVnAtJA== + - 2E7agzqjLhacQeeA7DTU9uISD-UaQSpehEnbxSg3npbcRPpH55gyQw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 18ab57502c304664fcf16f8c7f5af2de + - 66db9cfa2c5be634cb24d3db22c01c54 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -344,19 +344,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18217 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19670 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18217","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18217","key":"NTEST-1861","fields":{"statuscategorychangedate":"2025-04-30T18:26:32.267+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19670","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19670","key":"NTEST-2998","fields":{"statuscategorychangedate":"2025-05-24T12:33:48.629+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1861/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:31.972+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t3z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:32.056+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2998/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:48.306+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010hb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:48.386+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/277]\n\n*Defect - Dojo link:* http://localhost:8080/finding/277 (277)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/312]\n\n*Defect + Dojo link:* http://localhost:8080/finding/312 (312)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/106]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/113]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -364,14 +364,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1861/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18217/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2998/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19670/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - de450034-a500-46cc-a2d7-055f42f07936 + - ac605801-dd1a-4508-90b0-fd7e62fa5555 Atl-Traceid: - - de450034a50046cca2d7055f42f07936 + - ac605801dd1a450890b0fd7e62fa5555 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -381,7 +381,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:33 GMT + - Sat, 24 May 2025 10:33:49 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -391,7 +391,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="KfN59_JAx_B35F8EMoeq5k5wmLqHGPFGyVUPWd5U7BS6DbPNuE8lOA==",cdn-downstream-fbl;dur=286,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=283,atl-edge;dur=261,atl-edge-internal;dur=21,atl-edge-upstream;dur=240,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="4wCtke7DQPhLmmJBAwWif9czfkN5VVgSzzQLjOPXZ3SUDT9YWcF0uw==",cdn-downstream-fbl;dur=244,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=19,cdn-upstream-fbl;dur=242,atl-edge;dur=216,atl-edge-internal;dur=15,atl-edge-upstream;dur=201,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -401,15 +401,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f6567fa2210130239a3a2c737c9517ac.cloudfront.net (CloudFront) + - 1.1 c337a55bb25a3540411fbbf6c8ad1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - KfN59_JAx_B35F8EMoeq5k5wmLqHGPFGyVUPWd5U7BS6DbPNuE8lOA== + - 4wCtke7DQPhLmmJBAwWif9czfkN5VVgSzzQLjOPXZ3SUDT9YWcF0uw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 36d4da27f5232aa4dedb3f947e6d0d0a + - 6ffde7a96becdd3dda12ee6030b9f71d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -438,12 +438,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:33.570+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:49.637+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 89e88d8f-b936-4722-9f9d-30995cb2b229 + - 9122a4df-e390-4eb6-9526-4e1bc43bbc90 Atl-Traceid: - - 89e88d8fb93647229f9d30995cb2b229 + - 9122a4dfe3904eb695264e1bc43bbc90 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -453,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:33 GMT + - Sat, 24 May 2025 10:33:49 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -463,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=192,atl-edge;dur=159,atl-edge-internal;dur=17,atl-edge-upstream;dur=143,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="ZEye5TqHaBujlRYovfcnONDWGgDkuEXxaQ6DOaBAxeyvQ75KcNvInA==",cdn-downstream-fbl;dur=196 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="mr7Jiqddi3a-1eeB7x6hbUc6VjTWGFFWutxP-WLIe_GJi1sHpFNz4w==",cdn-downstream-fbl;dur=131,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=129,atl-edge;dur=98,atl-edge-internal;dur=15,atl-edge-upstream;dur=84,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -473,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4bbf91f2f9edc22eb68408b6405ae452.cloudfront.net (CloudFront) + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ZEye5TqHaBujlRYovfcnONDWGgDkuEXxaQ6DOaBAxeyvQ75KcNvInA== + - mr7Jiqddi3a-1eeB7x6hbUc6VjTWGFFWutxP-WLIe_GJi1sHpFNz4w== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 631f35d0368de06f3f164dbfab48dfd5 + - 14cfbd7a9344631f67dfecfb611858b5 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -519,9 +519,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - f12eb223-d67b-44d2-a622-2da034785d08 + - fd7b332a-5cfc-4f4d-b43d-5b922140f3c5 Atl-Traceid: - - f12eb223d67b44d2a6222da034785d08 + - fd7b332a5cfc4f4db43d5b922140f3c5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -531,7 +531,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:34 GMT + - Sat, 24 May 2025 10:33:50 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -541,7 +541,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=323,atl-edge;dur=290,atl-edge-internal;dur=15,atl-edge-upstream;dur=275,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="elYVO7376cQnKBO2sRlSYyIdLqaoiOchZLNWAYePF499KZSELZqCWw==",cdn-downstream-fbl;dur=327 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=275,atl-edge;dur=267,atl-edge-internal;dur=17,atl-edge-upstream;dur=250,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ptJaUJ_0jIkJfwQmGS1wWMbaHhMfetLIcelqgoSH9rQxwIoBGg8KSA==",cdn-downstream-fbl;dur=278 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -551,18 +551,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ae39d1ac6bb931d0ff3d636fc3e249de.cloudfront.net (CloudFront) + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - elYVO7376cQnKBO2sRlSYyIdLqaoiOchZLNWAYePF499KZSELZqCWw== + - ptJaUJ_0jIkJfwQmGS1wWMbaHhMfetLIcelqgoSH9rQxwIoBGg8KSA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - e034365f0ea717476308a93f67e30270 + - 2c56c8be10e22e31190a6b62a1e1e347 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -575,11 +575,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/278]\n\n*Defect - Dojo link:* http://localhost:8080/finding/278 (278)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/313]\n\n*Defect + Dojo link:* http://localhost:8080/finding/313 (313)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/106]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/113]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -597,7 +597,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -606,12 +606,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18219","key":"NTEST-1862","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18219"}' + string: '{"id":"19671","key":"NTEST-2999","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19671"}' headers: Atl-Request-Id: - - 5bb727ee-f227-4a8c-b64b-6ac2f7a0bcb2 + - c14803a7-faf1-4243-84e9-e942da55bb67 Atl-Traceid: - - 5bb727eef2274a8cb64b6ac2f7a0bcb2 + - c14803a7faf1424384e9e942da55bb67 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -619,7 +619,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:34 GMT + - Sat, 24 May 2025 10:33:50 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -629,7 +629,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=628,atl-edge;dur=595,atl-edge-internal;dur=16,atl-edge-upstream;dur=579,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="mRBxxC4DR9yZ7HVnqHIu9aGL5DDR9dxM6OjjZ6q3Oup1-z0J03aldw==",cdn-downstream-fbl;dur=633 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=756,atl-edge;dur=748,atl-edge-internal;dur=15,atl-edge-upstream;dur=733,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="pVdmiuEzBlgO2XGxOBZ3iCGI5f2syHab1BjhOgEKkOdgDWas70i8qA==",cdn-downstream-fbl;dur=760 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -639,15 +639,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 60b2b330807c6611e06e3923c8e315cc.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - mRBxxC4DR9yZ7HVnqHIu9aGL5DDR9dxM6OjjZ6q3Oup1-z0J03aldw== + - pVdmiuEzBlgO2XGxOBZ3iCGI5f2syHab1BjhOgEKkOdgDWas70i8qA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 5687439c7982709dcd0aea6f8887026a + - dbf508945d4d66a8f23be6b6b8a3767f X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -673,19 +673,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1862 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2999 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18219","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18219","key":"NTEST-1862","fields":{"statuscategorychangedate":"2025-04-30T18:26:34.670+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19671","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19671","key":"NTEST-2999","fields":{"statuscategorychangedate":"2025-05-24T12:33:50.727+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1862/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:34.415+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t47:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:34.499+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2999/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:50.402+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010hj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:50.492+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/278]\n\n*Defect - Dojo link:* http://localhost:8080/finding/278 (278)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/313]\n\n*Defect + Dojo link:* http://localhost:8080/finding/313 (313)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/106]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/113]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -693,14 +693,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1862/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18219/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2999/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19671/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 389ad2e6-cca9-4178-93f1-383df24e9097 + - cb1c25c8-ff1b-4371-8613-33f34252b4c1 Atl-Traceid: - - 389ad2e6cca9417893f1383df24e9097 + - cb1c25c8ff1b4371861333f34252b4c1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -710,7 +710,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:35 GMT + - Sat, 24 May 2025 10:33:51 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -720,7 +720,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=286,atl-edge;dur=253,atl-edge-internal;dur=15,atl-edge-upstream;dur=237,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="MtVyPeMXLFanpCAcJNMSQ0ib2JFImsm5t0oeI86anDRzD5OIB09Omw==",cdn-downstream-fbl;dur=293 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=194,atl-edge;dur=186,atl-edge-internal;dur=15,atl-edge-upstream;dur=171,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="3CVRPNUNnLl_HLTvL4ZO1HD4ddFCvaWVAWtp0dLSH8-AzxOJouYSag==",cdn-downstream-fbl;dur=198 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -730,15 +730,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront) + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - MtVyPeMXLFanpCAcJNMSQ0ib2JFImsm5t0oeI86anDRzD5OIB09Omw== + - 3CVRPNUNnLl_HLTvL4ZO1HD4ddFCvaWVAWtp0dLSH8-AzxOJouYSag== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 172000e178bd9eb2bfb144798a201a3b + - 6908fafcaf512922086078526d6b9c5e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -764,19 +764,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18219 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19671 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18219","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18219","key":"NTEST-1862","fields":{"statuscategorychangedate":"2025-04-30T18:26:34.670+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19671","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19671","key":"NTEST-2999","fields":{"statuscategorychangedate":"2025-05-24T12:33:50.727+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1862/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:34.415+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t47:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:34.499+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2999/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:50.402+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010hj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:50.492+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/278]\n\n*Defect - Dojo link:* http://localhost:8080/finding/278 (278)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/313]\n\n*Defect + Dojo link:* http://localhost:8080/finding/313 (313)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/106]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/113]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -784,14 +784,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1862/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18219/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-2999/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19671/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - cd9c821a-4c2c-4291-b726-c82096678682 + - 24fd1e99-fdb3-4785-ab27-87f8300ff52d Atl-Traceid: - - cd9c821a4c2c4291b726c82096678682 + - 24fd1e99fdb34785ab2787f8300ff52d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -801,7 +801,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:35 GMT + - Sat, 24 May 2025 10:33:51 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -811,7 +811,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="83Mx9edUaVHqalPIxMrDC_rmjL-AOv-gSNdnLk8Q_BGlyQrg5Cec9w==",cdn-downstream-fbl;dur=358,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=355,atl-edge;dur=281,atl-edge-internal;dur=18,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=245,atl-edge;dur=239,atl-edge-internal;dur=17,atl-edge-upstream;dur=222,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Acv_FzAE0rV3VSMZlI89_tXMh7NgKC5575_YLfTzmT8bzCC9CBwMqQ==",cdn-downstream-fbl;dur=250 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -821,15 +821,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f266ac47d4aee3a84c8fc38a6ef92022.cloudfront.net (CloudFront) + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 83Mx9edUaVHqalPIxMrDC_rmjL-AOv-gSNdnLk8Q_BGlyQrg5Cec9w== + - Acv_FzAE0rV3VSMZlI89_tXMh7NgKC5575_YLfTzmT8bzCC9CBwMqQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 6d2d77f637ca8dfce41b778eeeb086d5 + - fcb9ed8c599b2ddff4dd0cd49103fe4b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -842,14 +842,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/106", "url_api": "http://localhost:8080/api/v2/tests/106/", + "http://localhost:8080/test/113", "url_api": "http://localhost:8080/api/v2/tests/113/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 106, "url_ui": "http://localhost:8080/test/106", "url_api": "http://localhost:8080/api/v2/tests/106/"}}' + 113, "url_ui": "http://localhost:8080/test/113", "url_api": "http://localhost:8080/api/v2/tests/113/"}}' headers: Accept: - application/json @@ -864,7 +864,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -878,13 +878,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:60460\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:33080\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/106\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/106/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/113\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/113/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -892,8 +892,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 106, \\\"url_ui\\\": \\\"http://localhost:8080/test/106\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/106/\\\"}}\",\n \"files\": + null, \\\"id\\\": 113, \\\"url_ui\\\": \\\"http://localhost:8080/test/113\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/113/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -903,11 +903,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 106,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/106/\",\n - \ \"url_ui\": \"http://localhost:8080/test/106\"\n },\n \"title\": + 113,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/113/\",\n + \ \"url_ui\": \"http://localhost:8080/test/113\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/106/\",\n \"url_ui\": - \"http://localhost:8080/test/106\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/113/\",\n \"url_ui\": + \"http://localhost:8080/test/113\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -916,7 +916,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:35 GMT + - Sat, 24 May 2025 10:33:49 GMT Transfer-Encoding: - chunked status: @@ -925,19 +925,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/106", "url_api": "http://localhost:8080/api/v2/tests/106/", + "url_ui": "http://localhost:8080/test/113", "url_api": "http://localhost:8080/api/v2/tests/113/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 106, "url_ui": "http://localhost:8080/test/106", "url_api": "http://localhost:8080/api/v2/tests/106/"}, - "finding_count": 2, "findings": {"new": [{"id": 277, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/277", - "url_api": "http://localhost:8080/api/v2/findings/277/"}, {"id": 278, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/278", - "url_api": "http://localhost:8080/api/v2/findings/278/"}], "reactivated": [], + 113, "url_ui": "http://localhost:8080/test/113", "url_api": "http://localhost:8080/api/v2/tests/113/"}, + "finding_count": 2, "findings": {"new": [{"id": 312, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/312", + "url_api": "http://localhost:8080/api/v2/findings/312/"}, {"id": 313, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/313", + "url_api": "http://localhost:8080/api/v2/findings/313/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -953,7 +953,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -967,51 +967,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:60464\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:33092\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/106\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/106/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/113\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/113/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 106, \\\"url_ui\\\": \\\"http://localhost:8080/test/106\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/106/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 277, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 113, \\\"url_ui\\\": \\\"http://localhost:8080/test/113\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/113/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 312, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/277\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/277/\\\"}, - {\\\"id\\\": 278, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/278\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/278/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/312\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/312/\\\"}, + {\\\"id\\\": 313, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/313\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/313/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 277,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/277/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/277\"\n },\n - \ {\n \"id\": 278,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/278/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/278\"\n }\n ],\n + \ \"id\": 312,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/312/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/312\"\n },\n + \ {\n \"id\": 313,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/313/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/313\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 106,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/106/\",\n - \ \"url_ui\": \"http://localhost:8080/test/106\"\n },\n \"title\": + 113,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/113/\",\n + \ \"url_ui\": \"http://localhost:8080/test/113\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/106/\",\n - \ \"url_ui\": \"http://localhost:8080/test/106\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/113/\",\n + \ \"url_ui\": \"http://localhost:8080/test/113\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1021,7 +1021,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:35 GMT + - Sat, 24 May 2025 10:33:49 GMT Transfer-Encoding: - chunked status: @@ -1030,14 +1030,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/107", "url_api": "http://localhost:8080/api/v2/tests/107/", + "http://localhost:8080/test/114", "url_api": "http://localhost:8080/api/v2/tests/114/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 107, "url_ui": "http://localhost:8080/test/107", "url_api": "http://localhost:8080/api/v2/tests/107/"}}' + 114, "url_ui": "http://localhost:8080/test/114", "url_api": "http://localhost:8080/api/v2/tests/114/"}}' headers: Accept: - application/json @@ -1052,7 +1052,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -1066,13 +1066,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:60474\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:33108\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/107\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/107/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/114\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/114/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -1080,8 +1080,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 107, \\\"url_ui\\\": \\\"http://localhost:8080/test/107\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/107/\\\"}}\",\n \"files\": + null, \\\"id\\\": 114, \\\"url_ui\\\": \\\"http://localhost:8080/test/114\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/114/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -1091,11 +1091,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 107,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/107/\",\n - \ \"url_ui\": \"http://localhost:8080/test/107\"\n },\n \"title\": + 114,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/114/\",\n + \ \"url_ui\": \"http://localhost:8080/test/114\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/107/\",\n \"url_ui\": - \"http://localhost:8080/test/107\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/114/\",\n \"url_ui\": + \"http://localhost:8080/test/114\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -1104,7 +1104,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:35 GMT + - Sat, 24 May 2025 10:33:50 GMT Transfer-Encoding: - chunked status: @@ -1113,19 +1113,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/107", "url_api": "http://localhost:8080/api/v2/tests/107/", + "url_ui": "http://localhost:8080/test/114", "url_api": "http://localhost:8080/api/v2/tests/114/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 107, "url_ui": "http://localhost:8080/test/107", "url_api": "http://localhost:8080/api/v2/tests/107/"}, - "finding_count": 2, "findings": {"new": [{"id": 279, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/279", - "url_api": "http://localhost:8080/api/v2/findings/279/"}, {"id": 280, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/280", - "url_api": "http://localhost:8080/api/v2/findings/280/"}], "reactivated": [], + 114, "url_ui": "http://localhost:8080/test/114", "url_api": "http://localhost:8080/api/v2/tests/114/"}, + "finding_count": 2, "findings": {"new": [{"id": 314, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/314", + "url_api": "http://localhost:8080/api/v2/findings/314/"}, {"id": 315, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/315", + "url_api": "http://localhost:8080/api/v2/findings/315/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -1141,7 +1141,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -1155,51 +1155,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:60484\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:33118\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/107\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/107/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/114\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/114/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 107, \\\"url_ui\\\": \\\"http://localhost:8080/test/107\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/107/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 279, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 114, \\\"url_ui\\\": \\\"http://localhost:8080/test/114\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/114/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 314, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/279\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/279/\\\"}, - {\\\"id\\\": 280, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/280\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/280/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/314\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/314/\\\"}, + {\\\"id\\\": 315, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/315\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/315/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 279,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/279/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/279\"\n },\n - \ {\n \"id\": 280,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/280/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/280\"\n }\n ],\n + \ \"id\": 314,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/314/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/314\"\n },\n + \ {\n \"id\": 315,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/315/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/315\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 107,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/107/\",\n - \ \"url_ui\": \"http://localhost:8080/test/107\"\n },\n \"title\": + 114,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/114/\",\n + \ \"url_ui\": \"http://localhost:8080/test/114\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/107/\",\n - \ \"url_ui\": \"http://localhost:8080/test/107\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/114/\",\n + \ \"url_ui\": \"http://localhost:8080/test/114\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1209,7 +1209,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:35 GMT + - Sat, 24 May 2025 10:33:50 GMT Transfer-Encoding: - chunked status: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_twice_push_to_jira_push_all_issues.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_twice_push_to_jira_push_all_issues.yaml index 6a5456bbab2..4c96c314aa7 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_twice_push_to_jira_push_all_issues.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_twice_push_to_jira_push_all_issues.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:36.261+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:52.030+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 7a0551b6-946d-419c-bc65-2b9c9a2c9bfd + - 56af21d4-8af3-4d65-ab31-3fdc7a8554f3 Atl-Traceid: - - 7a0551b6946d419cbc652b9c9a2c9bfd + - 56af21d48af34d65ab313fdc7a8554f3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:36 GMT + - Sat, 24 May 2025 10:33:52 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="vYYiJTj2v2iBq_5ZsWzy835YSJzIJZv9yefMPHfWDG0jcZ00zBMVjg==",cdn-downstream-fbl;dur=259,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=53,cdn-upstream-fbl;dur=257,atl-edge;dur=183,atl-edge-internal;dur=16,atl-edge-upstream;dur=169,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=111,atl-edge;dur=104,atl-edge-internal;dur=16,atl-edge-upstream;dur=88,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="LdNouQep0gP7yKCyQA7qw11lyXzb2M40o6f6DbGcaiNOEK_HQ6nMPQ==",cdn-downstream-fbl;dur=115 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b1383a69c949c8987c982636bd26b4f2.cloudfront.net (CloudFront) + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - vYYiJTj2v2iBq_5ZsWzy835YSJzIJZv9yefMPHfWDG0jcZ00zBMVjg== + - LdNouQep0gP7yKCyQA7qw11lyXzb2M40o6f6DbGcaiNOEK_HQ6nMPQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - e3d2bcfd30939b8ac27ac28e2a9c4703 + - f56d56d83c68989bafa988085701c056 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 02ccaae6-ccd6-4b6f-a10d-0fe93b9f529e + - c04ee6e6-b23c-4790-b228-35f1e47b7ca5 Atl-Traceid: - - 02ccaae6ccd64b6fa10d0fe93b9f529e + - c04ee6e6b23c4790b22835f1e47b7ca5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:36 GMT + - Sat, 24 May 2025 10:33:52 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="UCx60FwDcmhvomLKzoYubCsj0qLcsT2WsZB8TiJgBqwRGmI2v6Dggw==",cdn-downstream-fbl;dur=419,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=417,atl-edge;dur=331,atl-edge-internal;dur=15,atl-edge-upstream;dur=316,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=266,atl-edge;dur=258,atl-edge-internal;dur=15,atl-edge-upstream;dur=244,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="4ES7akJwv5GKzFwtoEg9YO9hhNfM2GCfOmlpdpqMkZBKbj-UaPHYVw==",cdn-downstream-fbl;dur=270 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2bdfafaaaec33c116889588ecd9de280.cloudfront.net (CloudFront) + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - UCx60FwDcmhvomLKzoYubCsj0qLcsT2WsZB8TiJgBqwRGmI2v6Dggw== + - 4ES7akJwv5GKzFwtoEg9YO9hhNfM2GCfOmlpdpqMkZBKbj-UaPHYVw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - ae0c2dc70feab6914d452a5712631abe + - f8be9ff639a8b9d4907582782f3dea2b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -155,11 +155,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/281]\n\n*Defect - Dojo link:* http://localhost:8080/finding/281 (281)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/316]\n\n*Defect + Dojo link:* http://localhost:8080/finding/316 (316)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/115]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -177,7 +177,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -186,12 +186,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18221","key":"NTEST-1863","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18221"}' + string: '{"id":"19672","key":"NTEST-3000","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19672"}' headers: Atl-Request-Id: - - fe47709d-2bda-49a6-aa45-3c49c693fb96 + - 02f8b477-dbc2-4c1f-a557-ed18c3d0e934 Atl-Traceid: - - fe47709d2bda49a6aa453c49c693fb96 + - 02f8b477dbc24c1fa557ed18c3d0e934 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -199,7 +199,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:37 GMT + - Sat, 24 May 2025 10:33:53 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -209,7 +209,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="cY4gya-nhS2Tlemszuepji_Ofj2dzDLMHJai2vctN8-2MGRXiKllZw==",cdn-downstream-fbl;dur=718,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=716,atl-edge;dur=629,atl-edge-internal;dur=17,atl-edge-upstream;dur=611,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=704,atl-edge;dur=697,atl-edge-internal;dur=15,atl-edge-upstream;dur=682,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="6XDOqTCkThtGCLX4EDc48ilMgMcRwCeoZASsVxTnQkTosw8Jv3-lCQ==",cdn-downstream-fbl;dur=708 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -219,15 +219,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 595c26368a4c8eede29e4b5da7206efc.cloudfront.net (CloudFront) + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - cY4gya-nhS2Tlemszuepji_Ofj2dzDLMHJai2vctN8-2MGRXiKllZw== + - 6XDOqTCkThtGCLX4EDc48ilMgMcRwCeoZASsVxTnQkTosw8Jv3-lCQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 2dedd0b19f34365bbfb2f597a0aea9ed + - 1b15a30ebf659c9d8b0217096e32235c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -253,19 +253,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1863 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3000 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18221","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18221","key":"NTEST-1863","fields":{"statuscategorychangedate":"2025-04-30T18:26:37.720+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19672","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19672","key":"NTEST-3000","fields":{"statuscategorychangedate":"2025-05-24T12:33:53.091+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1863/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:37.431+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t4f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:37.515+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3000/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:52.781+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010hr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:52.860+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/281]\n\n*Defect - Dojo link:* http://localhost:8080/finding/281 (281)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/316]\n\n*Defect + Dojo link:* http://localhost:8080/finding/316 (316)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/115]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -273,14 +273,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1863/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18221/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3000/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19672/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - ec07c594-3cc6-478b-b3f3-3ce1ec9ad3e9 + - 30379b88-e3d2-4daa-a7c9-2a3132fc4491 Atl-Traceid: - - ec07c5943cc6478bb3f33ce1ec9ad3e9 + - 30379b88e3d24daaa7c92a3132fc4491 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -290,7 +290,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:38 GMT + - Sat, 24 May 2025 10:33:53 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -300,7 +300,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="w6FmFiJclnnXzqdccqtX4NUr_AFt-SUjEtXwT5acJ-degIWmucjFXw==",cdn-downstream-fbl;dur=349,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=347,atl-edge;dur=264,atl-edge-internal;dur=18,atl-edge-upstream;dur=246,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=263,atl-edge;dur=256,atl-edge-internal;dur=38,atl-edge-upstream;dur=217,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="dsUdH82uc0-LpYFU0TyOXfZ0-mEn7v_IZOwTH5WawZdV_4d1sur3Kg==",cdn-downstream-fbl;dur=267 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -310,15 +310,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9b5b156d64ffeaa3e7df806f8b45cd5c.cloudfront.net (CloudFront) + - 1.1 0e12b175c31e0e750266df78bf0e1068.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - w6FmFiJclnnXzqdccqtX4NUr_AFt-SUjEtXwT5acJ-degIWmucjFXw== + - dsUdH82uc0-LpYFU0TyOXfZ0-mEn7v_IZOwTH5WawZdV_4d1sur3Kg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - c833a461c21627f26e0e3b931ff4c497 + - 044457212df5267b09e5aea082c6aae0 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -344,19 +344,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18221 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19672 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18221","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18221","key":"NTEST-1863","fields":{"statuscategorychangedate":"2025-04-30T18:26:37.720+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19672","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19672","key":"NTEST-3000","fields":{"statuscategorychangedate":"2025-05-24T12:33:53.091+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1863/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:37.431+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t4f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:37.515+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3000/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:52.781+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010hr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:52.860+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/281]\n\n*Defect - Dojo link:* http://localhost:8080/finding/281 (281)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/316]\n\n*Defect + Dojo link:* http://localhost:8080/finding/316 (316)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/115]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -364,14 +364,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1863/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18221/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3000/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19672/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 30d20b08-1a84-4e37-af83-7b2775c001a2 + - 627402ef-b113-4936-9c81-252cd5c9f8a5 Atl-Traceid: - - 30d20b081a844e37af837b2775c001a2 + - 627402efb11349369c81252cd5c9f8a5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -381,7 +381,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:38 GMT + - Sat, 24 May 2025 10:33:53 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -391,7 +391,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=331,atl-edge;dur=299,atl-edge-internal;dur=20,atl-edge-upstream;dur=275,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="6zYF3imx1buvbI85y13rw9LousClOoMgm5qSKyjPQq0o4PiKm3pbxg==",cdn-downstream-fbl;dur=336 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=220,atl-edge;dur=212,atl-edge-internal;dur=16,atl-edge-upstream;dur=196,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="UjJyvFx-dTF2KDSsZse1jXJ9s_oETaXF0GPLCk7HWOETYPa59uhNiw==",cdn-downstream-fbl;dur=224 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -401,15 +401,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 223f95455b0bb3057583bfe63e0d5c7a.cloudfront.net (CloudFront) + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 6zYF3imx1buvbI85y13rw9LousClOoMgm5qSKyjPQq0o4PiKm3pbxg== + - UjJyvFx-dTF2KDSsZse1jXJ9s_oETaXF0GPLCk7HWOETYPa59uhNiw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c6a38510ba83e01a601aeb8e48a2a3ad + - d0880f41e33b8cc7b49f1708cb7120ef X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -438,12 +438,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:39.200+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:54.069+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - c2d1b790-867a-4c9c-bce1-b14f1e53e7c7 + - cdd39b07-526c-4cb6-86fa-77ea080e1ae9 Atl-Traceid: - - c2d1b790867a4c9cbce1b14f1e53e7c7 + - cdd39b07526c4cb686fa77ea080e1ae9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -453,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:39 GMT + - Sat, 24 May 2025 10:33:54 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -463,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=178,atl-edge;dur=145,atl-edge-internal;dur=14,atl-edge-upstream;dur=131,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="gHL1hHUbJ9ysarCOpaQiAQpQ8UKLio1qc3v9cyHI2SoA_ULO-EyMvQ==",cdn-downstream-fbl;dur=183 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=113,atl-edge;dur=104,atl-edge-internal;dur=14,atl-edge-upstream;dur=91,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="J16PjR7K9QQN4u1hY0IyM3UNIqivIIVBBj5fnLUfALdb7Pq0skWvmw==",cdn-downstream-fbl;dur=117 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -473,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 535c2b5354e6ba6798fd64420ee97a2c.cloudfront.net (CloudFront) + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - gHL1hHUbJ9ysarCOpaQiAQpQ8UKLio1qc3v9cyHI2SoA_ULO-EyMvQ== + - J16PjR7K9QQN4u1hY0IyM3UNIqivIIVBBj5fnLUfALdb7Pq0skWvmw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 3db0f1a086cfb11553296433a741d0f1 + - 027220753eb0b9c3120f3cad2cedd9e6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -519,9 +519,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 9dde5443-3904-4131-8999-e7259c99ecd3 + - 61dd618c-b344-474a-ae3b-dad384f9e092 Atl-Traceid: - - 9dde5443390441318999e7259c99ecd3 + - 61dd618cb344474aae3bdad384f9e092 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -531,7 +531,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:39 GMT + - Sat, 24 May 2025 10:33:54 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -541,7 +541,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=374,atl-edge;dur=354,atl-edge-internal;dur=21,atl-edge-upstream;dur=331,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="El-iy0EFUV9OIjbP0T1wEMwbiuoQvxchpWi6c2B1MlbOvjQIL5AM0A==",cdn-downstream-fbl;dur=378 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=258,atl-edge;dur=250,atl-edge-internal;dur=16,atl-edge-upstream;dur=234,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="DFMJDEuV5g75rAw6E_WFYwWnSLRM9jVCWGjpUvbPBOgRSKWqQBDHJg==",cdn-downstream-fbl;dur=262 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -551,18 +551,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 72fcd81c14e3eb0facf41fedad65e9e4.cloudfront.net (CloudFront) + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - El-iy0EFUV9OIjbP0T1wEMwbiuoQvxchpWi6c2B1MlbOvjQIL5AM0A== + - DFMJDEuV5g75rAw6E_WFYwWnSLRM9jVCWGjpUvbPBOgRSKWqQBDHJg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - aa4c84e2d033d0661d82802aecea0267 + - 70e4d0339079f4e32e04126c81518fad X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -575,11 +575,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/282]\n\n*Defect - Dojo link:* http://localhost:8080/finding/282 (282)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/317]\n\n*Defect + Dojo link:* http://localhost:8080/finding/317 (317)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/115]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -597,7 +597,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -606,12 +606,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18223","key":"NTEST-1864","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18223"}' + string: '{"id":"19673","key":"NTEST-3001","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19673"}' headers: Atl-Request-Id: - - 66421ff2-8ba1-4525-8ba2-fc6981f2a2bc + - 1a094d7b-7716-407f-9a5f-738065765c4b Atl-Traceid: - - 66421ff28ba145258ba2fc6981f2a2bc + - 1a094d7b7716407f9a5f738065765c4b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -619,7 +619,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:40 GMT + - Sat, 24 May 2025 10:33:55 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -629,7 +629,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=788,atl-edge;dur=755,atl-edge-internal;dur=16,atl-edge-upstream;dur=740,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="TI6a47YR-Yy8bFomgjYsICCEPzF74ZXWKFQlq8QlcmlF-iQQfL4WAw==",cdn-downstream-fbl;dur=791 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=654,atl-edge;dur=646,atl-edge-internal;dur=18,atl-edge-upstream;dur=628,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="_6vSCAMC4OxfO_LlJlpRKgyYPj3q5Prv9Sgo984Id4wHhX5_KHMbtQ==",cdn-downstream-fbl;dur=658 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -639,15 +639,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c7697b9c4955dc41900ab918dddd33e0.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - TI6a47YR-Yy8bFomgjYsICCEPzF74ZXWKFQlq8QlcmlF-iQQfL4WAw== + - _6vSCAMC4OxfO_LlJlpRKgyYPj3q5Prv9Sgo984Id4wHhX5_KHMbtQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 2f72bcd936caec23a32a97b006dec65a + - 9301f2d8d09da37b1aacc6ca60f7daff X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -673,19 +673,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1864 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3001 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18223","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18223","key":"NTEST-1864","fields":{"statuscategorychangedate":"2025-04-30T18:26:40.598+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19673","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19673","key":"NTEST-3001","fields":{"statuscategorychangedate":"2025-05-24T12:33:55.084+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1864/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:40.293+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t4n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:40.377+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3001/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:54.801+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010hz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:54.875+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/282]\n\n*Defect - Dojo link:* http://localhost:8080/finding/282 (282)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/317]\n\n*Defect + Dojo link:* http://localhost:8080/finding/317 (317)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/115]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -693,14 +693,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1864/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18223/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3001/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19673/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - b4f8a795-d4e2-4ab6-84c0-ec837029d18e + - 819bae54-8f88-46a3-b1be-5d810ce927ba Atl-Traceid: - - b4f8a795d4e24ab684c0ec837029d18e + - 819bae548f8846a3b1be5d810ce927ba Cache-Control: - no-cache, no-store, no-transform Connection: @@ -710,7 +710,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:41 GMT + - Sat, 24 May 2025 10:33:55 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -720,7 +720,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=328,atl-edge;dur=295,atl-edge-internal;dur=18,atl-edge-upstream;dur=278,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="iNCQmVDavsBJa344XwhxrKLdzCyPcHK_9hvrW2K0G-o8t9T7010pVQ==",cdn-downstream-fbl;dur=333 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=238,atl-edge;dur=231,atl-edge-internal;dur=16,atl-edge-upstream;dur=216,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="m-mLU8aA0gR_t9oG2piwxxxob53N0am5m9sZnzreGkiyaSjfjr6foQ==",cdn-downstream-fbl;dur=242 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -730,15 +730,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 aa3674a12327640af71c59263be8ffc6.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - iNCQmVDavsBJa344XwhxrKLdzCyPcHK_9hvrW2K0G-o8t9T7010pVQ== + - m-mLU8aA0gR_t9oG2piwxxxob53N0am5m9sZnzreGkiyaSjfjr6foQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 803a2f5cbb1923051b32986a90ce9bb6 + - d7b46b1be9983a6251fbb63a7bc597f6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -764,19 +764,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18223 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19673 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18223","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18223","key":"NTEST-1864","fields":{"statuscategorychangedate":"2025-04-30T18:26:40.598+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19673","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19673","key":"NTEST-3001","fields":{"statuscategorychangedate":"2025-05-24T12:33:55.084+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1864/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:40.293+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t4n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:40.377+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3001/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:54.801+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010hz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:54.875+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/282]\n\n*Defect - Dojo link:* http://localhost:8080/finding/282 (282)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/317]\n\n*Defect + Dojo link:* http://localhost:8080/finding/317 (317)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/108]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/115]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -784,14 +784,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1864/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18223/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3001/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19673/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 9abcd38b-8a84-4bf1-8aa7-541af38c4da1 + - 0cbbbcd7-007e-4544-976b-e0b623957e3e Atl-Traceid: - - 9abcd38b8a844bf18aa7541af38c4da1 + - 0cbbbcd7007e4544976be0b623957e3e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -801,7 +801,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:41 GMT + - Sat, 24 May 2025 10:33:55 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -811,7 +811,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=361,atl-edge;dur=278,atl-edge-internal;dur=16,atl-edge-upstream;dur=262,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="-xtaCxf9PZ0Pz_OeDCJMKp00xUY1wY75h0VCNvMF6Mg4_MCSaAJ0AQ==",cdn-downstream-fbl;dur=365 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=348,atl-edge;dur=340,atl-edge-internal;dur=23,atl-edge-upstream;dur=316,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="081aZPgcEYfWwn6zOplnfEuFl205pVAQm9ytbHry30YvgcquX6PyQw==",cdn-downstream-fbl;dur=352 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -821,15 +821,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 dd759629cc514da7a59a47ab24885b18.cloudfront.net (CloudFront) + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - -xtaCxf9PZ0Pz_OeDCJMKp00xUY1wY75h0VCNvMF6Mg4_MCSaAJ0AQ== + - 081aZPgcEYfWwn6zOplnfEuFl205pVAQm9ytbHry30YvgcquX6PyQw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 259b87fc594a106b067554d8f29dbb5b + - 559065eee9594c804cbc05a238b65982 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -842,14 +842,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/108", "url_api": "http://localhost:8080/api/v2/tests/108/", + "http://localhost:8080/test/115", "url_api": "http://localhost:8080/api/v2/tests/115/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 108, "url_ui": "http://localhost:8080/test/108", "url_api": "http://localhost:8080/api/v2/tests/108/"}}' + 115, "url_ui": "http://localhost:8080/test/115", "url_api": "http://localhost:8080/api/v2/tests/115/"}}' headers: Accept: - application/json @@ -864,7 +864,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -878,13 +878,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:50656\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:37476\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/108\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/108/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/115\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/115/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -892,8 +892,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 108, \\\"url_ui\\\": \\\"http://localhost:8080/test/108\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/108/\\\"}}\",\n \"files\": + null, \\\"id\\\": 115, \\\"url_ui\\\": \\\"http://localhost:8080/test/115\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/115/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -903,11 +903,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 108,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/108/\",\n - \ \"url_ui\": \"http://localhost:8080/test/108\"\n },\n \"title\": + 115,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/115/\",\n + \ \"url_ui\": \"http://localhost:8080/test/115\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/108/\",\n \"url_ui\": - \"http://localhost:8080/test/108\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/115/\",\n \"url_ui\": + \"http://localhost:8080/test/115\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -916,7 +916,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:41 GMT + - Sat, 24 May 2025 10:33:53 GMT Transfer-Encoding: - chunked status: @@ -925,19 +925,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/108", "url_api": "http://localhost:8080/api/v2/tests/108/", + "url_ui": "http://localhost:8080/test/115", "url_api": "http://localhost:8080/api/v2/tests/115/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 108, "url_ui": "http://localhost:8080/test/108", "url_api": "http://localhost:8080/api/v2/tests/108/"}, - "finding_count": 2, "findings": {"new": [{"id": 281, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/281", - "url_api": "http://localhost:8080/api/v2/findings/281/"}, {"id": 282, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/282", - "url_api": "http://localhost:8080/api/v2/findings/282/"}], "reactivated": [], + 115, "url_ui": "http://localhost:8080/test/115", "url_api": "http://localhost:8080/api/v2/tests/115/"}, + "finding_count": 2, "findings": {"new": [{"id": 316, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/316", + "url_api": "http://localhost:8080/api/v2/findings/316/"}, {"id": 317, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/317", + "url_api": "http://localhost:8080/api/v2/findings/317/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -953,7 +953,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -967,51 +967,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:50660\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:37488\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/108\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/108/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/115\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/115/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 108, \\\"url_ui\\\": \\\"http://localhost:8080/test/108\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/108/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 281, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 115, \\\"url_ui\\\": \\\"http://localhost:8080/test/115\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/115/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 316, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/281\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/281/\\\"}, - {\\\"id\\\": 282, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/282\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/282/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/316\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/316/\\\"}, + {\\\"id\\\": 317, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/317\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/317/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 281,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/281/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/281\"\n },\n - \ {\n \"id\": 282,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/282/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/282\"\n }\n ],\n + \ \"id\": 316,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/316/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/316\"\n },\n + \ {\n \"id\": 317,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/317/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/317\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 108,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/108/\",\n - \ \"url_ui\": \"http://localhost:8080/test/108\"\n },\n \"title\": + 115,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/115/\",\n + \ \"url_ui\": \"http://localhost:8080/test/115\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/108/\",\n - \ \"url_ui\": \"http://localhost:8080/test/108\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/115/\",\n + \ \"url_ui\": \"http://localhost:8080/test/115\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1021,7 +1021,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:41 GMT + - Sat, 24 May 2025 10:33:53 GMT Transfer-Encoding: - chunked status: @@ -1030,14 +1030,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/109", "url_api": "http://localhost:8080/api/v2/tests/109/", + "http://localhost:8080/test/116", "url_api": "http://localhost:8080/api/v2/tests/116/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 109, "url_ui": "http://localhost:8080/test/109", "url_api": "http://localhost:8080/api/v2/tests/109/"}}' + 116, "url_ui": "http://localhost:8080/test/116", "url_api": "http://localhost:8080/api/v2/tests/116/"}}' headers: Accept: - application/json @@ -1052,7 +1052,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -1066,13 +1066,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:50672\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:37490\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/109\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/109/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/116\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/116/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -1080,8 +1080,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 109, \\\"url_ui\\\": \\\"http://localhost:8080/test/109\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/109/\\\"}}\",\n \"files\": + null, \\\"id\\\": 116, \\\"url_ui\\\": \\\"http://localhost:8080/test/116\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/116/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -1091,11 +1091,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 109,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/109/\",\n - \ \"url_ui\": \"http://localhost:8080/test/109\"\n },\n \"title\": + 116,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/116/\",\n + \ \"url_ui\": \"http://localhost:8080/test/116\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/109/\",\n \"url_ui\": - \"http://localhost:8080/test/109\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/116/\",\n \"url_ui\": + \"http://localhost:8080/test/116\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -1104,7 +1104,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:41 GMT + - Sat, 24 May 2025 10:33:54 GMT Transfer-Encoding: - chunked status: @@ -1113,19 +1113,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/109", "url_api": "http://localhost:8080/api/v2/tests/109/", + "url_ui": "http://localhost:8080/test/116", "url_api": "http://localhost:8080/api/v2/tests/116/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 109, "url_ui": "http://localhost:8080/test/109", "url_api": "http://localhost:8080/api/v2/tests/109/"}, - "finding_count": 2, "findings": {"new": [{"id": 283, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/283", - "url_api": "http://localhost:8080/api/v2/findings/283/"}, {"id": 284, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/284", - "url_api": "http://localhost:8080/api/v2/findings/284/"}], "reactivated": [], + 116, "url_ui": "http://localhost:8080/test/116", "url_api": "http://localhost:8080/api/v2/tests/116/"}, + "finding_count": 2, "findings": {"new": [{"id": 318, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/318", + "url_api": "http://localhost:8080/api/v2/findings/318/"}, {"id": 319, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/319", + "url_api": "http://localhost:8080/api/v2/findings/319/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -1141,7 +1141,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -1155,51 +1155,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:50674\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:37492\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/109\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/109/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/116\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/116/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 109, \\\"url_ui\\\": \\\"http://localhost:8080/test/109\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/109/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 283, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 116, \\\"url_ui\\\": \\\"http://localhost:8080/test/116\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/116/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 318, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/283\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/283/\\\"}, - {\\\"id\\\": 284, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/284\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/284/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/318\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/318/\\\"}, + {\\\"id\\\": 319, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/319\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/319/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 283,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/283/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/283\"\n },\n - \ {\n \"id\": 284,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/284/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/284\"\n }\n ],\n + \ \"id\": 318,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/318/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/318\"\n },\n + \ {\n \"id\": 319,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/319/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/319\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 109,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/109/\",\n - \ \"url_ui\": \"http://localhost:8080/test/109\"\n },\n \"title\": + 116,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/116/\",\n + \ \"url_ui\": \"http://localhost:8080/test/116\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/109/\",\n - \ \"url_ui\": \"http://localhost:8080/test/109\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/116/\",\n + \ \"url_ui\": \"http://localhost:8080/test/116\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1209,7 +1209,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:42 GMT + - Sat, 24 May 2025 10:33:54 GMT Transfer-Encoding: - chunked status: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_but_push_all.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_but_push_all.yaml index db8737854eb..c1541ff20b1 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_but_push_all.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_but_push_all.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:42.486+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:56.686+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - b25bccb7-36cf-4d2a-9e66-23c7693aba88 + - 31a64e42-f5b1-4b35-a4ad-deb07b167638 Atl-Traceid: - - b25bccb736cf4d2a9e6623c7693aba88 + - 31a64e42f5b14b35a4addeb07b167638 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:42 GMT + - Sat, 24 May 2025 10:33:56 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="TkJp2Y0f9boUhfwZcV4AnK5cQh_3vIV1OkeTonvpD38oWFHWVW61xQ==",cdn-downstream-fbl;dur=272,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=269,atl-edge;dur=183,atl-edge-internal;dur=14,atl-edge-upstream;dur=169,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=144,atl-edge;dur=136,atl-edge-internal;dur=14,atl-edge-upstream;dur=122,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="j0aR_ayjcvX9GFoIvBJnFZAor4TcEchshxaVDmAJfSAe1ocMY8GzdA==",cdn-downstream-fbl;dur=148 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 87441111f0e4d414e651812e90f76e78.cloudfront.net (CloudFront) + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - TkJp2Y0f9boUhfwZcV4AnK5cQh_3vIV1OkeTonvpD38oWFHWVW61xQ== + - j0aR_ayjcvX9GFoIvBJnFZAor4TcEchshxaVDmAJfSAe1ocMY8GzdA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - b668596ee6731e7d630a50354870fe6b + - 1a10f1b89a267ea12ab935d4d5cca241 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 19d9a556-903c-49ed-90cc-9f3b5207fc8b + - 9ddf0d96-f845-46be-812e-74b63f9a2069 Atl-Traceid: - - 19d9a556903c49ed90cc9f3b5207fc8b + - 9ddf0d96f84546be812e74b63f9a2069 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:42 GMT + - Sat, 24 May 2025 10:33:57 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=381,atl-edge;dur=349,atl-edge-internal;dur=14,atl-edge-upstream;dur=335,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="0K3uMKnmCqsMqTY3k0MBKVcHgW7Kb6ZUwWLxKdGxi_qhLUT47Kmrkw==",cdn-downstream-fbl;dur=385 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=279,atl-edge;dur=271,atl-edge-internal;dur=16,atl-edge-upstream;dur=255,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="jNZWlCukGYiNaYBSzP_vBJZfywNauNIEBn2mo1SkeM1MTCc7L9Argg==",cdn-downstream-fbl;dur=283 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8139bc666c011a53bdc5037ba6d5931e.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 0K3uMKnmCqsMqTY3k0MBKVcHgW7Kb6ZUwWLxKdGxi_qhLUT47Kmrkw== + - jNZWlCukGYiNaYBSzP_vBJZfywNauNIEBn2mo1SkeM1MTCc7L9Argg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 5bc0b4d5c3efebf93e9347db77e28a54 + - 137f0dae5d92e9b4c46b0d2e05afb92b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -156,19 +156,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/7] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/934] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/110]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/286] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/285] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/117]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/321]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/320]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/286]\n*Defect Dojo link:* http://localhost:8080/finding/286 - (286)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/321]\n*Defect Dojo link:* http://localhost:8080/finding/321 + (321)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -178,9 +179,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/285]\n*Defect - Dojo link:* http://localhost:8080/finding/285 (285)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/320]\n*Defect + Dojo link:* http://localhost:8080/finding/320 (320)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -200,7 +201,7 @@ interactions: Connection: - keep-alive Content-Length: - - '3333' + - '3511' Content-Type: - application/json User-Agent: @@ -209,12 +210,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18225","key":"NTEST-1865","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18225"}' + string: '{"id":"19674","key":"NTEST-3002","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19674"}' headers: Atl-Request-Id: - - 6ab328be-1a5c-4bfd-b856-68512e385d88 + - a979f8c4-f107-47f1-bdc5-76dd8f4c25bb Atl-Traceid: - - 6ab328be1a5c4bfdb85668512e385d88 + - a979f8c4f10747f1bdc576dd8f4c25bb Cache-Control: - no-cache, no-store, no-transform Connection: @@ -222,7 +223,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:43 GMT + - Sat, 24 May 2025 10:33:57 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -232,7 +233,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="MHU7karM5JehWeF-Cb47fINYo1uRLQ8i-2I6zn-j_ZF5tcrL0gTt5w==",cdn-downstream-fbl;dur=720,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=716,atl-edge;dur=629,atl-edge-internal;dur=31,atl-edge-upstream;dur=597,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=732,atl-edge;dur=723,atl-edge-internal;dur=18,atl-edge-upstream;dur=706,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="zR9ykjqX-bsk0gzZPyP6byMj3kI7L0bfeA74mqbNKUA5MCdgaZQ_XA==",cdn-downstream-fbl;dur=737 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -242,15 +243,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9d71affbaf22baf23eab459f3d2ee77a.cloudfront.net (CloudFront) + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - MHU7karM5JehWeF-Cb47fINYo1uRLQ8i-2I6zn-j_ZF5tcrL0gTt5w== + - zR9ykjqX-bsk0gzZPyP6byMj3kI7L0bfeA74mqbNKUA5MCdgaZQ_XA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - f542f18ccb5f2156b3a19717809663c9 + - bbc0cf610a8980fcd05afc837c597e45 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -276,28 +277,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1865 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3002 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18225","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18225","key":"NTEST-1865","fields":{"statuscategorychangedate":"2025-04-30T18:26:43.885+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19674","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19674","key":"NTEST-3002","fields":{"statuscategorychangedate":"2025-05-24T12:33:57.810+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1865/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:43.644+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t4v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:43.718+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3002/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:57.479+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010i7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:57.572+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/7] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/934] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/110]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/286] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/285] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/117]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/321]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/320]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/286]\n*Defect Dojo link:* http://localhost:8080/finding/286 - (286)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/321]\n*Defect Dojo link:* http://localhost:8080/finding/321 + (321)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -307,9 +309,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/285]\n*Defect - Dojo link:* http://localhost:8080/finding/285 (285)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/320]\n*Defect + Dojo link:* http://localhost:8080/finding/320 (320)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -319,14 +321,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1865/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18225/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3002/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19674/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 0e19b551-5639-427b-9c3f-e73a7a474bb5 + - 7bf097d7-fb39-4972-8965-96c97e852132 Atl-Traceid: - - 0e19b5515639427b9c3fe73a7a474bb5 + - 7bf097d7fb394972896596c97e852132 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -336,7 +338,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:44 GMT + - Sat, 24 May 2025 10:33:58 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -346,7 +348,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=300,atl-edge;dur=267,atl-edge-internal;dur=15,atl-edge-upstream;dur=252,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="ryfpQf2j48Ls6bkUDbOQp8MfTRaTlOwrAUHBFXdurdqhwOaETKSDKg==",cdn-downstream-fbl;dur=305 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=269,atl-edge;dur=262,atl-edge-internal;dur=17,atl-edge-upstream;dur=245,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="4hsKQPwuW0Se39wEBx8Oc5jvEYCF7LZA3OJIePPN_Jl1Dh__Mwb-Sg==",cdn-downstream-fbl;dur=273 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -356,15 +358,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9fe7d47ea2a815113a41181f1d63f69e.cloudfront.net (CloudFront) + - 1.1 9835af751c15612a813bbc131d2ce1e6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ryfpQf2j48Ls6bkUDbOQp8MfTRaTlOwrAUHBFXdurdqhwOaETKSDKg== + - 4hsKQPwuW0Se39wEBx8Oc5jvEYCF7LZA3OJIePPN_Jl1Dh__Mwb-Sg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 11b0fb4c0cdaae0e0a6e63d1edd2305d + - bf19391325e7f63b972e5cf88b643f71 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -390,28 +392,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18225 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19674 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18225","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18225","key":"NTEST-1865","fields":{"statuscategorychangedate":"2025-04-30T18:26:43.885+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19674","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19674","key":"NTEST-3002","fields":{"statuscategorychangedate":"2025-05-24T12:33:57.810+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1865/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:43.644+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t4v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:43.718+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3002/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:57.479+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010i7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:57.572+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/7] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/934] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/110]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/286] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/285] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/117]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/321]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/320]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/286]\n*Defect Dojo link:* http://localhost:8080/finding/286 - (286)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/321]\n*Defect Dojo link:* http://localhost:8080/finding/321 + (321)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -421,9 +424,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/285]\n*Defect - Dojo link:* http://localhost:8080/finding/285 (285)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/320]\n*Defect + Dojo link:* http://localhost:8080/finding/320 (320)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -433,14 +436,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1865/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18225/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3002/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19674/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - c31feb70-7ff7-4209-a47b-edc1bb80ad52 + - 49f09c59-96ec-4ef7-83f8-4e9d472a3879 Atl-Traceid: - - c31feb707ff74209a47bedc1bb80ad52 + - 49f09c5996ec4ef783f84e9d472a3879 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -450,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:44 GMT + - Sat, 24 May 2025 10:33:58 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -460,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=32,cdn-upstream-fbl;dur=395,atl-edge;dur=266,atl-edge-internal;dur=14,atl-edge-upstream;dur=252,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="C8ykt-W4pXsZrUVXMB0Izdd6LsoNO1KbU4GakjtzCnhLtZVZuSxYhw==",cdn-downstream-fbl;dur=399 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=260,atl-edge;dur=252,atl-edge-internal;dur=16,atl-edge-upstream;dur=237,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Z1R2FdUE6FLWmnG4sjCebpW5LUigVkWknMzpMqepqGDuANNqVHw71Q==",cdn-downstream-fbl;dur=263 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -470,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 d45e064f8c3e1035d136019303749e0e.cloudfront.net (CloudFront) + - 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - C8ykt-W4pXsZrUVXMB0Izdd6LsoNO1KbU4GakjtzCnhLtZVZuSxYhw== + - Z1R2FdUE6FLWmnG4sjCebpW5LUigVkWknMzpMqepqGDuANNqVHw71Q== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 13967563a0bb5b0dc38e5100798fc798 + - 94edba577f0dddd3fa521168ceb75ba5 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -507,12 +510,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:45.252+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:33:58.785+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - b47667a0-5ef4-4b7c-8a5b-6faec63d26a0 + - 479fa28c-0f29-4b10-8731-7a63f054fe26 Atl-Traceid: - - b47667a05ef44b7c8a5b6faec63d26a0 + - 479fa28c0f294b1087317a63f054fe26 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -522,7 +525,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:45 GMT + - Sat, 24 May 2025 10:33:58 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -532,7 +535,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="Z5JBkqA1bQv_nPxXSl4dEhppf-NpWjhyKtHwBNFFh-jpTAX0ia76RA==",cdn-downstream-fbl;dur=232,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=59,cdn-upstream-fbl;dur=230,atl-edge;dur=150,atl-edge-internal;dur=14,atl-edge-upstream;dur=137,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="v6kHLeXloa1O4QSEOxsjG3APq6JprUr47JU0vob6oSjjf5fJIHT94A==",cdn-downstream-fbl;dur=112,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=109,atl-edge;dur=101,atl-edge-internal;dur=16,atl-edge-upstream;dur=86,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -542,15 +545,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b1383a69c949c8987c982636bd26b4f2.cloudfront.net (CloudFront) + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Z5JBkqA1bQv_nPxXSl4dEhppf-NpWjhyKtHwBNFFh-jpTAX0ia76RA== + - v6kHLeXloa1O4QSEOxsjG3APq6JprUr47JU0vob6oSjjf5fJIHT94A== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 289e030b14caae8281842772238fb772 + - 97c4dab3ff7a8b96a61175853977db55 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -588,9 +591,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - efa8ef66-c25a-4558-bb57-e20b60d4d070 + - 9884a23f-674e-4093-b85a-e4eb838be157 Atl-Traceid: - - efa8ef66c25a4558bb57e20b60d4d070 + - 9884a23f674e4093b85ae4eb838be157 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -600,7 +603,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:45 GMT + - Sat, 24 May 2025 10:33:59 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -610,7 +613,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=17,cdn-upstream-fbl;dur=427,atl-edge;dur=353,atl-edge-internal;dur=18,atl-edge-upstream;dur=335,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="LxRGOkgdYFPJMEHzwPdU_Yahl6o8c15QQ3BUAH6W7MjjWi9dHQAjVA==",cdn-downstream-fbl;dur=430 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=313,atl-edge;dur=306,atl-edge-internal;dur=18,atl-edge-upstream;dur=289,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="f9L96YGBuB1U_SAGw7TCo00Zm-lIy6qWohzsbcw_xgwmKz-MZMhw1A==",cdn-downstream-fbl;dur=317 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -620,18 +623,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 41e9e91568ab5e34cd26bd32ceb4035e.cloudfront.net (CloudFront) + - 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - LxRGOkgdYFPJMEHzwPdU_Yahl6o8c15QQ3BUAH6W7MjjWi9dHQAjVA== + - f9L96YGBuB1U_SAGw7TCo00Zm-lIy6qWohzsbcw_xgwmKz-MZMhw1A== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 756aa88ddaddf56fd3857cfe7b948878 + - 9ee9d8475b7acf8d0ef5a15ba496a8ea X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -645,29 +648,31 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/8] in [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [NPM Audit Scan|http://localhost:8080/test/110]\n\n\n|| - Severity || CVE || CWE || Component || Version || Title || Status ||\n| High - | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] | [94|https://cwe.mitre.org/data/definitions/94.html] - | pg | 5.1.0 | [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < - 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= - 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/289] - | Active, Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/935] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/117]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/322]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/287] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/324]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/289]\n*Defect - Dojo link:* http://localhost:8080/finding/289 (289)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/322]\n*Defect + Dojo link:* http://localhost:8080/finding/322 (322)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -690,15 +695,15 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/287]\n*Defect Dojo link:* http://localhost:8080/finding/287 - (287)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/324]\n*Defect Dojo link:* http://localhost:8080/finding/324 + (324)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -721,7 +726,7 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' headers: Accept: @@ -733,7 +738,7 @@ interactions: Connection: - keep-alive Content-Length: - - '6803' + - '6981' Content-Type: - application/json User-Agent: @@ -742,12 +747,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18227","key":"NTEST-1866","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18227"}' + string: '{"id":"19675","key":"NTEST-3003","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19675"}' headers: Atl-Request-Id: - - f0f39464-53b1-4832-bf14-61d9b1fafde6 + - 49072c51-0f26-45af-a0cc-fff573fe894e Atl-Traceid: - - f0f3946453b14832bf1461d9b1fafde6 + - 49072c510f2645afa0ccfff573fe894e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -755,7 +760,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:46 GMT + - Sat, 24 May 2025 10:34:00 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -765,7 +770,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="0K5gZ7afVnDWvqDoi2uK0xvBqYL5AvkZof6pSWW9RAkgUGhuNy9JBg==",cdn-downstream-fbl;dur=802,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=57,cdn-upstream-fbl;dur=799,atl-edge;dur=723,atl-edge-internal;dur=16,atl-edge-upstream;dur=707,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=715,atl-edge;dur=704,atl-edge-internal;dur=15,atl-edge-upstream;dur=689,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Lq-QS8tbMaPoLPi8hrW4pM7KY6tInCwr_YJ3bYx8bwF1B5XuzAeZ3w==",cdn-downstream-fbl;dur=720 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -775,15 +780,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 595c26368a4c8eede29e4b5da7206efc.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 0K5gZ7afVnDWvqDoi2uK0xvBqYL5AvkZof6pSWW9RAkgUGhuNy9JBg== + - Lq-QS8tbMaPoLPi8hrW4pM7KY6tInCwr_YJ3bYx8bwF1B5XuzAeZ3w== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 73b9abb0a92f788ad3dc48fe3110ac99 + - bc6e247c5d1f98ea6d17111c7e33f26a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -809,39 +814,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1866 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3003 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18227","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18227","key":"NTEST-1866","fields":{"statuscategorychangedate":"2025-04-30T18:26:46.761+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19675","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19675","key":"NTEST-3003","fields":{"statuscategorychangedate":"2025-05-24T12:33:59.989+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1866/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:46.492+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t53:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:46.575+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3003/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:59.656+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010if:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:59.754+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/8] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/935] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/110]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/117]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/289] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/322]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/287] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/289]\n*Defect - Dojo link:* http://localhost:8080/finding/289 (289)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/324]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/322]\n*Defect + Dojo link:* http://localhost:8080/finding/322 (322)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -864,16 +870,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/287]\n*Defect Dojo link:* - http://localhost:8080/finding/287 (287)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/324]\n*Defect + Dojo link:* http://localhost:8080/finding/324 (324)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -896,16 +902,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1866/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18227/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3003/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19675/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 4d240e61-213f-44ab-9e02-f58ec04c7957 + - 6e376ac8-5cf5-4698-8845-e62a6b834516 Atl-Traceid: - - 4d240e61213f44ab9e02f58ec04c7957 + - 6e376ac85cf546988845e62a6b834516 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -915,7 +921,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:47 GMT + - Sat, 24 May 2025 10:34:00 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -925,7 +931,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=330,atl-edge;dur=296,atl-edge-internal;dur=14,atl-edge-upstream;dur=282,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="f_fZOvoer-AD0yhWUxfUPniCfHxRx0aobWsQknO66MZlZrATp9-m0Q==",cdn-downstream-fbl;dur=333 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=237,atl-edge;dur=230,atl-edge-internal;dur=15,atl-edge-upstream;dur=214,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="t5cYl1TxaU3bO222pgoZdyAeh33mJIL_DxxO-yT6xKNw3eOlyIvBbw==",cdn-downstream-fbl;dur=242 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -935,15 +941,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 771067dca4682f83a6c9963c412d66cc.cloudfront.net (CloudFront) + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - f_fZOvoer-AD0yhWUxfUPniCfHxRx0aobWsQknO66MZlZrATp9-m0Q== + - t5cYl1TxaU3bO222pgoZdyAeh33mJIL_DxxO-yT6xKNw3eOlyIvBbw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - b640cf4964e3fe0b8ee5a2a8daed7820 + - 76d92c53fddc3ead934dd2443f267a9d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -969,39 +975,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18227 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19675 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18227","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18227","key":"NTEST-1866","fields":{"statuscategorychangedate":"2025-04-30T18:26:46.761+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19675","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19675","key":"NTEST-3003","fields":{"statuscategorychangedate":"2025-05-24T12:33:59.989+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1866/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:46.492+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t53:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:46.575+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3003/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:33:59.656+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010if:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:33:59.754+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/8] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/935] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/110]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/117]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/289] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/322]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/287] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/289]\n*Defect - Dojo link:* http://localhost:8080/finding/289 (289)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/324]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/322]\n*Defect + Dojo link:* http://localhost:8080/finding/322 (322)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -1024,16 +1031,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/287]\n*Defect Dojo link:* - http://localhost:8080/finding/287 (287)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/324]\n*Defect + Dojo link:* http://localhost:8080/finding/324 (324)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -1056,16 +1063,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1866/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18227/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3003/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19675/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 003adfae-7d52-4335-b61a-8fc8f8cce0ce + - 865fa63b-1568-4d2f-bfb0-a3b3a498d9b9 Atl-Traceid: - - 003adfae7d524335b61a8fc8f8cce0ce + - 865fa63b15684d2fbfb0a3b3a498d9b9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1075,7 +1082,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:47 GMT + - Sat, 24 May 2025 10:34:00 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1085,7 +1092,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=284,atl-edge;dur=252,atl-edge-internal;dur=16,atl-edge-upstream;dur=236,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="BuHb_09d1NoZOmiaSCy4NhSKdJ5afZHPrjC-8IV2POuZu1Qk8zLH_A==",cdn-downstream-fbl;dur=288 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=255,atl-edge;dur=248,atl-edge-internal;dur=15,atl-edge-upstream;dur=234,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="niKHxmVp-sBPxSLiAKbGwCScG33vHWErj0yRfRkz1iTsdYuSWLD65w==",cdn-downstream-fbl;dur=259 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1095,15 +1102,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 73e04d645babcbb9ee8f20cc865b009c.cloudfront.net (CloudFront) + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - BuHb_09d1NoZOmiaSCy4NhSKdJ5afZHPrjC-8IV2POuZu1Qk8zLH_A== + - niKHxmVp-sBPxSLiAKbGwCScG33vHWErj0yRfRkz1iTsdYuSWLD65w== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 61a2c5526145c1bd6ef80871aa7a1a22 + - 100ce9326cb3574482128f3deaa4e732 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1132,12 +1139,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:48.093+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:00.944+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 27f91074-4d00-4610-9d40-046e962bb111 + - 26b92eab-6c20-4b72-9ed2-05856007578d Atl-Traceid: - - 27f910744d0046109d40046e962bb111 + - 26b92eab6c204b729ed205856007578d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1147,7 +1154,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:48 GMT + - Sat, 24 May 2025 10:34:00 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1157,7 +1164,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=192,atl-edge;dur=160,atl-edge-internal;dur=17,atl-edge-upstream;dur=143,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="QFk8_neCK1m5X1vDIX-T1iPj_AznFMLaGVFSAV81ZpV8lQN3PNSzJA==",cdn-downstream-fbl;dur=195 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=118,atl-edge;dur=110,atl-edge-internal;dur=15,atl-edge-upstream;dur=96,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="mXiPLDGTvteZVdJMGNS8_ai5ka4LkJVEMOIM7lGr6voZRftUkeGr1Q==",cdn-downstream-fbl;dur=123 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1167,15 +1174,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c7697b9c4955dc41900ab918dddd33e0.cloudfront.net (CloudFront) + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - QFk8_neCK1m5X1vDIX-T1iPj_AznFMLaGVFSAV81ZpV8lQN3PNSzJA== + - mXiPLDGTvteZVdJMGNS8_ai5ka4LkJVEMOIM7lGr6voZRftUkeGr1Q== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 6b8c2621cac7a27ba0bef7de0ffe3a22 + - 0b224c71905b5f24cc90bfe2bdea8722 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1213,9 +1220,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 511d1057-6a6e-48d1-a9e8-e62e280f2b56 + - 8cf0e674-6bd5-4a67-a766-4738c6482457 Atl-Traceid: - - 511d10576a6e48d1a9e8e62e280f2b56 + - 8cf0e6746bd54a67a7664738c6482457 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1225,7 +1232,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:48 GMT + - Sat, 24 May 2025 10:34:01 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1235,7 +1242,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=344,atl-edge;dur=311,atl-edge-internal;dur=23,atl-edge-upstream;dur=288,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="cmVRQvAC9SprsNdEFXJIaIjD9ojcG4gxfw8CskKGVQCtpU09l5dHBg==",cdn-downstream-fbl;dur=348 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=284,atl-edge;dur=277,atl-edge-internal;dur=14,atl-edge-upstream;dur=262,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="hNW-4QXpSn7EU-F8ZpvobyMiKHJpqGWe-PDJJIIX8yU85_8r5KdD3A==",cdn-downstream-fbl;dur=288 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1245,18 +1252,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2918cacbb3dda2d143059f9b5f341e32.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - cmVRQvAC9SprsNdEFXJIaIjD9ojcG4gxfw8CskKGVQCtpU09l5dHBg== + - hNW-4QXpSn7EU-F8ZpvobyMiKHJpqGWe-PDJJIIX8yU85_8r5KdD3A== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 2ddb8bd94541e062d993cf118da5ddaa + - 25bd62d9b1581021d0fdd1a461a095cc X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1270,16 +1277,18 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/9] in [Security + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/936] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/110]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/288] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/288]\n*Defect - Dojo link:* http://localhost:8080/finding/288 (288)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/117]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/323]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/323]\n*Defect + Dojo link:* http://localhost:8080/finding/323 (323)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service when @@ -1287,7 +1296,7 @@ interactions: Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* - [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' headers: Accept: - application/json,*/*;q=0.9 @@ -1298,7 +1307,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1944' + - '2139' Content-Type: - application/json User-Agent: @@ -1307,12 +1316,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18229","key":"NTEST-1867","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18229"}' + string: '{"id":"19676","key":"NTEST-3004","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19676"}' headers: Atl-Request-Id: - - baff02ed-6f43-4156-924f-ba9ff28f749c + - de478ed7-0c35-4195-bbd4-d88143beb63d Atl-Traceid: - - baff02ed6f434156924fba9ff28f749c + - de478ed70c354195bbd4d88143beb63d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1320,7 +1329,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:49 GMT + - Sat, 24 May 2025 10:34:02 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1330,7 +1339,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="JWa5sCLe4ikb15CyNrOmESvBgr47B23RUEORdnzMUPKyUTJC7OEXdA==",cdn-downstream-fbl;dur=854,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=851,atl-edge;dur=765,atl-edge-internal;dur=13,atl-edge-upstream;dur=752,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=755,atl-edge;dur=748,atl-edge-internal;dur=22,atl-edge-upstream;dur=726,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="qZJzzmEZlTa0y9af-YXtFTeHLih_FsswskrbVawqyJof94fWS3XKgg==",cdn-downstream-fbl;dur=761 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1340,15 +1349,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 05df0d22c8cc3d4b946b6f2dc43d6b9c.cloudfront.net (CloudFront) + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - JWa5sCLe4ikb15CyNrOmESvBgr47B23RUEORdnzMUPKyUTJC7OEXdA== + - qZJzzmEZlTa0y9af-YXtFTeHLih_FsswskrbVawqyJof94fWS3XKgg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - fbceda30b7b9a71f82bc0f29ae2583aa + - 99830fcb1a0a8f610dae675761f77d8e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1374,25 +1383,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1867 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3004 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18229","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18229","key":"NTEST-1867","fields":{"statuscategorychangedate":"2025-04-30T18:26:49.520+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19676","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19676","key":"NTEST-3004","fields":{"statuscategorychangedate":"2025-05-24T12:34:02.103+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1867/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:49.226+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t5b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:49.317+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3004/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:01.774+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010in:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:01.862+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/9] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/936] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/110]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/288] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/288]\n*Defect - Dojo link:* http://localhost:8080/finding/288 (288)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/117]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/323]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/323]\n*Defect + Dojo link:* http://localhost:8080/finding/323 (323)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -1401,14 +1412,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1867/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18229/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3004/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19676/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - ffd93483-3dc3-492a-87cb-6ea014583946 + - 032cdf81-14d9-4bb7-8872-b0f11e86380b Atl-Traceid: - - ffd934833dc3492a87cb6ea014583946 + - 032cdf8114d94bb78872b0f11e86380b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1418,7 +1429,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:50 GMT + - Sat, 24 May 2025 10:34:02 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1428,7 +1439,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=296,atl-edge;dur=263,atl-edge-internal;dur=14,atl-edge-upstream;dur=249,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="V9CO9wtovpJV5FxOzm5YCX2X919qykgNDDRvmoo88V2tXYBkdeosDA==",cdn-downstream-fbl;dur=299 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=229,atl-edge;dur=221,atl-edge-internal;dur=17,atl-edge-upstream;dur=205,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="36amyMmIeSxPhgyoAiHAlwbEarSpyMxfKuofxT8RQbHENaeKReF4hg==",cdn-downstream-fbl;dur=232 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1438,15 +1449,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 de5b26aba33b480d2b740b96a34fe916.cloudfront.net (CloudFront) + - 1.1 1a89beee9d72657437f5e91f57220804.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - V9CO9wtovpJV5FxOzm5YCX2X919qykgNDDRvmoo88V2tXYBkdeosDA== + - 36amyMmIeSxPhgyoAiHAlwbEarSpyMxfKuofxT8RQbHENaeKReF4hg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - a6ba10c0a0a049923191a8d03d7dad48 + - a230dbf57344a915ecae0116dcaf9efb X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1472,25 +1483,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18229 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19676 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18229","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18229","key":"NTEST-1867","fields":{"statuscategorychangedate":"2025-04-30T18:26:49.520+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19676","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19676","key":"NTEST-3004","fields":{"statuscategorychangedate":"2025-05-24T12:34:02.103+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1867/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:49.226+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t5b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:49.317+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3004/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:01.774+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010in:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:01.862+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/9] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/936] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/110]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/288] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/288]\n*Defect - Dojo link:* http://localhost:8080/finding/288 (288)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/117]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/323]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/323]\n*Defect + Dojo link:* http://localhost:8080/finding/323 (323)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -1499,14 +1512,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1867/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18229/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3004/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19676/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - aa452825-a361-4ac1-9667-7cb5a80001b7 + - 9b687f37-3f6e-434c-a765-3db541494b0b Atl-Traceid: - - aa452825a3614ac196677cb5a80001b7 + - 9b687f373f6e434ca7653db541494b0b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1516,7 +1529,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:50 GMT + - Sat, 24 May 2025 10:34:02 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1526,7 +1539,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=288,atl-edge;dur=251,atl-edge-internal;dur=18,atl-edge-upstream;dur=237,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="48C7puP3TSybxz4xSUc2ykfOg0fzL5IGQ2_QaDsGoFALaX_UqRYFkg==",cdn-downstream-fbl;dur=292 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="-ONgbtd4T2vvV_Alj4DSRvh_cm8mhKMVxo1kpM7sTHEqtmdnP5xeGA==",cdn-downstream-fbl;dur=220,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=218,atl-edge;dur=191,atl-edge-internal;dur=15,atl-edge-upstream;dur=176,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1536,15 +1549,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 895116b5366f3f5264f7b6361d3fd564.cloudfront.net (CloudFront) + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 48C7puP3TSybxz4xSUc2ykfOg0fzL5IGQ2_QaDsGoFALaX_UqRYFkg== + - -ONgbtd4T2vvV_Alj4DSRvh_cm8mhKMVxo1kpM7sTHEqtmdnP5xeGA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - d564a7698b9872461584231fb6b74383 + - 84c19538ccc6eabc2bf563a56deca431 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1557,14 +1570,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, - "url_ui": "http://localhost:8080/test/110", "url_api": "http://localhost:8080/api/v2/tests/110/", + "url_ui": "http://localhost:8080/test/117", "url_api": "http://localhost:8080/api/v2/tests/117/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 110, "url_ui": "http://localhost:8080/test/110", "url_api": "http://localhost:8080/api/v2/tests/110/"}}' + 117, "url_ui": "http://localhost:8080/test/117", "url_api": "http://localhost:8080/api/v2/tests/117/"}}' headers: Accept: - application/json @@ -1579,7 +1592,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -1593,22 +1606,22 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"849\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:41416\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:37502\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/110\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/110/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/117\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/117/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 110, \\\"url_ui\\\": \\\"http://localhost:8080/test/110\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/110/\\\"}}\",\n \"files\": + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 117, \\\"url_ui\\\": \\\"http://localhost:8080/test/117\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/117/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -1618,11 +1631,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 110,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/110/\",\n - \ \"url_ui\": \"http://localhost:8080/test/110\"\n },\n \"title\": + 117,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/117/\",\n + \ \"url_ui\": \"http://localhost:8080/test/117\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/110/\",\n \"url_ui\": - \"http://localhost:8080/test/110\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/117/\",\n \"url_ui\": + \"http://localhost:8080/test/117\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -1631,7 +1644,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:50 GMT + - Sat, 24 May 2025 10:34:00 GMT Transfer-Encoding: - chunked status: @@ -1640,32 +1653,33 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": - null, "url_ui": "http://localhost:8080/test/110", "url_api": "http://localhost:8080/api/v2/tests/110/", + null, "url_ui": "http://localhost:8080/test/117", "url_api": "http://localhost:8080/api/v2/tests/117/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 110, "url_ui": "http://localhost:8080/test/110", "url_api": "http://localhost:8080/api/v2/tests/110/"}, - "finding_count": 5, "findings": {"new": [{"id": 285, "title": "Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/285", - "url_api": "http://localhost:8080/api/v2/findings/285/"}, {"id": 286, "title": - "2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": - "High", "url_ui": "http://localhost:8080/finding/286", "url_api": "http://localhost:8080/api/v2/findings/286/"}, - {"id": 287, "title": "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 - || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 - || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 - || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/287", - "url_api": "http://localhost:8080/api/v2/findings/287/"}, {"id": 288, "title": - "Regular Expression Denial of Service - (Fresh, < 0.5.2)", "severity": "High", - "url_ui": "http://localhost:8080/finding/288", "url_api": "http://localhost:8080/api/v2/findings/288/"}, - {"id": 289, "title": "2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 - < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 - < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/289", - "url_api": "http://localhost:8080/api/v2/findings/289/"}], "reactivated": [], - "mitigated": [], "untouched": []}}' + 117, "url_ui": "http://localhost:8080/test/117", "url_api": "http://localhost:8080/api/v2/tests/117/"}, + "finding_count": 5, "findings": {"new": [{"id": 321, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/321", + "url_api": "http://localhost:8080/api/v2/findings/321/"}, {"id": 322, "title": + "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 + || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "High", "url_ui": "http://localhost:8080/finding/322", "url_api": + "http://localhost:8080/api/v2/findings/322/"}, {"id": 320, "title": "Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", + "url_ui": "http://localhost:8080/finding/320", "url_api": "http://localhost:8080/api/v2/findings/320/"}, + {"id": 323, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/323", "url_api": + "http://localhost:8080/api/v2/findings/323/"}, {"id": 324, "title": "2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= + 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || + >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/324", "url_api": + "http://localhost:8080/api/v2/findings/324/"}], "reactivated": [], "mitigated": + [], "untouched": []}}' headers: Accept: - application/json @@ -1676,11 +1690,11 @@ interactions: Connection: - keep-alive Content-Length: - - '2372' + - '2378' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -1692,84 +1706,84 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"2372\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"2378\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:41420\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:37514\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", - \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/110\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/110/\\\", \\\"product_type\\\": + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/117\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/117/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 110, \\\"url_ui\\\": \\\"http://localhost:8080/test/110\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/110/\\\"}, \\\"finding_count\\\": - 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 285, \\\"title\\\": \\\"Regular + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 117, \\\"url_ui\\\": \\\"http://localhost:8080/test/117\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/117/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 321, \\\"title\\\": \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/285\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/285/\\\"}, {\\\"id\\\": 286, \\\"title\\\": - \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", - \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/286\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/286/\\\"}, {\\\"id\\\": - 287, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/287\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/287/\\\"}, {\\\"id\\\": 288, \\\"title\\\": - \\\"Regular Expression Denial of Service - (Fresh, < 0.5.2)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/288\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/288/\\\"}, {\\\"id\\\": 289, \\\"title\\\": - \\\"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/321\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/321/\\\"}, {\\\"id\\\": 322, \\\"title\\\": + \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/289\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/289/\\\"}], - \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n - \ \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event - scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": - \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \\\"http://localhost:8080/finding/322\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/322/\\\"}, + {\\\"id\\\": 320, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/320\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/320/\\\"}, + {\\\"id\\\": 323, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/323\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/323/\\\"}, + {\\\"id\\\": 324, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/324\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/324/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 285,\n \"severity\": \"High\",\n \"title\": + \ \"id\": 321,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/321/\",\n \"url_ui\": \"http://localhost:8080/finding/321\"\n + \ },\n {\n \"id\": 322,\n \"severity\": \"High\",\n + \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < + 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 + < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/322/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/322\"\n },\n + \ {\n \"id\": 320,\n \"severity\": \"Medium\",\n \"title\": \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/285/\",\n \"url_ui\": \"http://localhost:8080/finding/285\"\n - \ },\n {\n \"id\": 286,\n \"severity\": \"High\",\n - \ \"title\": \"2222Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/286/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/286\"\n },\n - \ {\n \"id\": 287,\n \"severity\": \"High\",\n \"title\": - \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < - 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 - < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= - 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/287/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/287\"\n },\n - \ {\n \"id\": 288,\n \"severity\": \"High\",\n \"title\": - \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/288/\",\n \"url_ui\": \"http://localhost:8080/finding/288\"\n - \ },\n {\n \"id\": 289,\n \"severity\": \"High\",\n - \ \"title\": \"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/289/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/289\"\n }\n ],\n + \"http://localhost:8080/api/v2/findings/320/\",\n \"url_ui\": \"http://localhost:8080/finding/320\"\n + \ },\n {\n \"id\": 323,\n \"severity\": \"Medium\",\n + \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/323/\",\n \"url_ui\": + \"http://localhost:8080/finding/323\"\n },\n {\n \"id\": + 324,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/324/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/324\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 110,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/110/\",\n - \ \"url_ui\": \"http://localhost:8080/test/110\"\n },\n \"title\": + 117,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/117/\",\n + \ \"url_ui\": \"http://localhost:8080/test/117\"\n },\n \"title\": \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: - NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/110/\",\n - \ \"url_ui\": \"http://localhost:8080/test/110\",\n \"user\": null\n + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/117/\",\n + \ \"url_ui\": \"http://localhost:8080/test/117\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1779,7 +1793,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:50 GMT + - Sat, 24 May 2025 10:34:00 GMT Transfer-Encoding: - chunked status: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues.yaml index e1b95f84f6e..b11116048cd 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_no_push_to_jira_but_push_all_issues.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:50.960+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:03.246+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 30f30667-aa5b-4d4a-83d6-3b6281216889 + - 3eb0895c-91ec-4320-950d-ffaa626f7f1e Atl-Traceid: - - 30f30667aa5b4d4a83d63b6281216889 + - 3eb0895c91ec4320950dffaa626f7f1e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:50 GMT + - Sat, 24 May 2025 10:34:03 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=205,atl-edge;dur=172,atl-edge-internal;dur=15,atl-edge-upstream;dur=158,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="e0g0UddCObiuG_1r4yMIK9UdiAjil9fJuiSi20oK65tKSiNqE5nt8w==",cdn-downstream-fbl;dur=209 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=112,atl-edge;dur=105,atl-edge-internal;dur=15,atl-edge-upstream;dur=90,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="unWFXVezTGB6rmrDf5PCDLeVDs6Qdhv8M4k3aYPgY7-X5JREcIjwOg==",cdn-downstream-fbl;dur=116 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a183b6545fea485604515ba7931cb9b8.cloudfront.net (CloudFront) + - 1.1 9835af751c15612a813bbc131d2ce1e6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - e0g0UddCObiuG_1r4yMIK9UdiAjil9fJuiSi20oK65tKSiNqE5nt8w== + - unWFXVezTGB6rmrDf5PCDLeVDs6Qdhv8M4k3aYPgY7-X5JREcIjwOg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 0a114e6d7192d9c34fd5e196288bf8c6 + - cae644e3ca7233b7003c9855786b1ef8 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 019a5a58-353c-49e1-8bf6-386ad094bf89 + - 2c74bedb-618d-4919-92df-d700b3c0886e Atl-Traceid: - - 019a5a58353c49e18bf6386ad094bf89 + - 2c74bedb618d491992dfd700b3c0886e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:51 GMT + - Sat, 24 May 2025 10:34:03 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="ZXOfEejCCoIMqn-8BjdH8hMOxhT1mnNUv6MlKbrgIG9qMnnohVqxKg==",cdn-downstream-fbl;dur=295,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=293,atl-edge;dur=271,atl-edge-internal;dur=14,atl-edge-upstream;dur=256,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=277,atl-edge;dur=269,atl-edge-internal;dur=19,atl-edge-upstream;dur=252,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="R3R6YTcZVuvsS4HxO0RigKjvGTJDGTOk7wwu_or4jMZ3yWIRIjVJ3w==",cdn-downstream-fbl;dur=282 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 dd3ca66f64c2ab5745848b5787ca747a.cloudfront.net (CloudFront) + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ZXOfEejCCoIMqn-8BjdH8hMOxhT1mnNUv6MlKbrgIG9qMnnohVqxKg== + - R3R6YTcZVuvsS4HxO0RigKjvGTJDGTOk7wwu_or4jMZ3yWIRIjVJ3w== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 4a0effc2440b640650272b24d68b4cb0 + - 429aa2f83f6565039327b6e6792b9248 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -156,19 +156,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/10] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/937] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/290] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/326]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/325]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/291]\n*Defect Dojo link:* http://localhost:8080/finding/291 - (291)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/326]\n*Defect Dojo link:* http://localhost:8080/finding/326 + (326)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -178,9 +179,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/290]\n*Defect - Dojo link:* http://localhost:8080/finding/290 (290)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/325]\n*Defect + Dojo link:* http://localhost:8080/finding/325 (325)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -200,7 +201,7 @@ interactions: Connection: - keep-alive Content-Length: - - '3334' + - '3511' Content-Type: - application/json User-Agent: @@ -209,12 +210,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18231","key":"NTEST-1868","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18231"}' + string: '{"id":"19677","key":"NTEST-3005","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19677"}' headers: Atl-Request-Id: - - 76f32db4-4157-4c40-9024-da1d55bbf27e + - d0c030c9-6e43-41a3-8cb2-61ceed95ecbd Atl-Traceid: - - 76f32db441574c409024da1d55bbf27e + - d0c030c96e4341a38cb261ceed95ecbd Cache-Control: - no-cache, no-store, no-transform Connection: @@ -222,7 +223,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:52 GMT + - Sat, 24 May 2025 10:34:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -232,7 +233,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=758,atl-edge;dur=725,atl-edge-internal;dur=19,atl-edge-upstream;dur=705,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="h3QQfyEaeTHdCguIiLUKKXyEG3MlTox3E8KY_u2TxHF-8E0Iu8fznQ==",cdn-downstream-fbl;dur=764 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=670,atl-edge;dur=663,atl-edge-internal;dur=16,atl-edge-upstream;dur=647,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="KjW_kMTr769aKtv_b2Pv6ceS6WmWxi5eltf4bS7Ag04-ESdqXk5JUQ==",cdn-downstream-fbl;dur=675 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -242,15 +243,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2918cacbb3dda2d143059f9b5f341e32.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - h3QQfyEaeTHdCguIiLUKKXyEG3MlTox3E8KY_u2TxHF-8E0Iu8fznQ== + - KjW_kMTr769aKtv_b2Pv6ceS6WmWxi5eltf4bS7Ag04-ESdqXk5JUQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 1958b8b0b8fe6b84c236690dc6401033 + - c90c65c82f4e1739aefe7217ceb935a1 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -276,28 +277,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1868 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3005 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18231","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18231","key":"NTEST-1868","fields":{"statuscategorychangedate":"2025-04-30T18:26:52.169+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19677","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19677","key":"NTEST-3005","fields":{"statuscategorychangedate":"2025-05-24T12:34:04.348+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1868/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:51.853+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t5j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:51.942+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3005/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:04.003+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010iv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:04.090+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/10] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/937] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/290] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/326]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/325]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/291]\n*Defect Dojo link:* http://localhost:8080/finding/291 - (291)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/326]\n*Defect Dojo link:* http://localhost:8080/finding/326 + (326)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -307,9 +309,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/290]\n*Defect - Dojo link:* http://localhost:8080/finding/290 (290)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/325]\n*Defect + Dojo link:* http://localhost:8080/finding/325 (325)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -319,14 +321,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1868/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18231/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3005/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19677/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 08802491-7bfc-40c8-9601-ead622f267e5 + - 3851e443-67b0-417a-a605-ea8c9ea10602 Atl-Traceid: - - 088024917bfc40c89601ead622f267e5 + - 3851e44367b0417aa605ea8c9ea10602 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -336,7 +338,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:52 GMT + - Sat, 24 May 2025 10:34:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -346,7 +348,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=327,atl-edge;dur=295,atl-edge-internal;dur=16,atl-edge-upstream;dur=279,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="ls4WmsH8w0IQcynOSvgsMMoO9bgSpkKULOMHu0KGIIdvfjELW9HSVw==",cdn-downstream-fbl;dur=331 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=266,atl-edge;dur=259,atl-edge-internal;dur=15,atl-edge-upstream;dur=243,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="XGMnIgjtKLBhZA_kClliW1y6uWuxkWs3Kh_aDuobFLzOwl3Mmk-nkw==",cdn-downstream-fbl;dur=270 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -356,15 +358,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a65725dd05dc27eea7ae75a2e122228e.cloudfront.net (CloudFront) + - 1.1 4ab1227a56c7dfaf7a8f7750683df1be.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ls4WmsH8w0IQcynOSvgsMMoO9bgSpkKULOMHu0KGIIdvfjELW9HSVw== + - XGMnIgjtKLBhZA_kClliW1y6uWuxkWs3Kh_aDuobFLzOwl3Mmk-nkw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 6d326ac6ffbab1485092c70f5aaa9165 + - 1ef3c6c0f9c97a532862b261b9d53f39 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -390,28 +392,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18231 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19677 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18231","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18231","key":"NTEST-1868","fields":{"statuscategorychangedate":"2025-04-30T18:26:52.169+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19677","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19677","key":"NTEST-3005","fields":{"statuscategorychangedate":"2025-05-24T12:34:04.348+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1868/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:51.853+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t5j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:51.942+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3005/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:04.003+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010iv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:04.090+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/10] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/937] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/290] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/326]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/325]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/291]\n*Defect Dojo link:* http://localhost:8080/finding/291 - (291)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/326]\n*Defect Dojo link:* http://localhost:8080/finding/326 + (326)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -421,9 +424,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/290]\n*Defect - Dojo link:* http://localhost:8080/finding/290 (290)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/325]\n*Defect + Dojo link:* http://localhost:8080/finding/325 (325)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -433,14 +436,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1868/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18231/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3005/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19677/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - d10b2f9c-a56f-4201-a950-23d0e3a76ae5 + - b6a6afcc-d4a0-4c04-91e4-bfb9aa63418d Atl-Traceid: - - d10b2f9ca56f4201a95023d0e3a76ae5 + - b6a6afccd4a04c0491e4bfb9aa63418d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -450,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:53 GMT + - Sat, 24 May 2025 10:34:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -460,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="crtBDB2K21UDp9VCrpa9bktdC4m-7AkpFZNRJOKQWWiDHFNxVm20RA==",cdn-downstream-fbl;dur=363,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=360,atl-edge;dur=276,atl-edge-internal;dur=14,atl-edge-upstream;dur=262,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=200,atl-edge;dur=193,atl-edge-internal;dur=16,atl-edge-upstream;dur=177,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="A2u2sbC5vx8qDYnGoFoi2YrRSWx-EO4SbjowWEPuKbcjlXRoT41r1g==",cdn-downstream-fbl;dur=204 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -470,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a63f854fb49823d899d920c07df1bcae.cloudfront.net (CloudFront) + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - crtBDB2K21UDp9VCrpa9bktdC4m-7AkpFZNRJOKQWWiDHFNxVm20RA== + - A2u2sbC5vx8qDYnGoFoi2YrRSWx-EO4SbjowWEPuKbcjlXRoT41r1g== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 21ae98f06880744b1b9fa19b702a39a8 + - 5be12ea810dea5391c329458ff0a34dc X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -507,12 +510,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:53.604+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:05.236+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 3138cd0c-d946-4275-9675-b2ad05645cfd + - 0cde420a-5728-435c-a75c-8683215a0adf Atl-Traceid: - - 3138cd0cd94642759675b2ad05645cfd + - 0cde420a5728435ca75c8683215a0adf Cache-Control: - no-cache, no-store, no-transform Connection: @@ -522,7 +525,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:53 GMT + - Sat, 24 May 2025 10:34:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -532,7 +535,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=19,cdn-upstream-fbl;dur=242,atl-edge;dur=162,atl-edge-internal;dur=14,atl-edge-upstream;dur=149,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="IsFK6-_NC16qWWFuq61PPjRsTTC4immNtM8d34RfUUkbswqdN0c0Sg==",cdn-downstream-fbl;dur=245 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=107,atl-edge;dur=99,atl-edge-internal;dur=15,atl-edge-upstream;dur=84,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="qz_6R-0ZbVuoBwZ3stdbVTywfDZAV_4jBINrUKG_glfkxU8QPVVYPw==",cdn-downstream-fbl;dur=112 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -542,15 +545,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9b5b156d64ffeaa3e7df806f8b45cd5c.cloudfront.net (CloudFront) + - 1.1 e086ec27af2d3105a1a9fa7efa1be454.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - IsFK6-_NC16qWWFuq61PPjRsTTC4immNtM8d34RfUUkbswqdN0c0Sg== + - qz_6R-0ZbVuoBwZ3stdbVTywfDZAV_4jBINrUKG_glfkxU8QPVVYPw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 7444e39f5058f61fe76a32d181401f86 + - 7510ecdb95d5f86dc7eb177c9306def4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -588,9 +591,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 31792ba6-be7a-41dc-888b-d5ef156bf6a7 + - 50dec10c-e1aa-4faa-8fca-cceabdbd7f50 Atl-Traceid: - - 31792ba6be7a41dc888bd5ef156bf6a7 + - 50dec10ce1aa4faa8fcacceabdbd7f50 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -600,7 +603,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:54 GMT + - Sat, 24 May 2025 10:34:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -610,7 +613,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=338,atl-edge;dur=306,atl-edge-internal;dur=14,atl-edge-upstream;dur=292,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="pKk7qYe7jnfNTpz2V-XR5YpNYqZeFK1ehK8umqAnA3soUE1sS6eR3A==",cdn-downstream-fbl;dur=342 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="sHaPlQyguzmZpdm_v_WJBNJBioRDzOORnv33wTJUy5uwPBWTM5Ax2g==",cdn-downstream-fbl;dur=312,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=309,atl-edge;dur=280,atl-edge-internal;dur=19,atl-edge-upstream;dur=262,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -620,18 +623,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2918cacbb3dda2d143059f9b5f341e32.cloudfront.net (CloudFront) + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - pKk7qYe7jnfNTpz2V-XR5YpNYqZeFK1ehK8umqAnA3soUE1sS6eR3A== + - sHaPlQyguzmZpdm_v_WJBNJBioRDzOORnv33wTJUy5uwPBWTM5Ax2g== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 9e669e4bec27faa5a11a78523b2d2664 + - 013af1a578b9c40eb8d7e8b3d0b56cae X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -645,30 +648,31 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/11] in [Security + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/938] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/294] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/327]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/292] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/329]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/294]\n*Defect - Dojo link:* http://localhost:8080/finding/294 (294)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/327]\n*Defect + Dojo link:* http://localhost:8080/finding/327 (327)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -691,15 +695,15 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/292]\n*Defect Dojo link:* http://localhost:8080/finding/292 - (292)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/329]\n*Defect Dojo link:* http://localhost:8080/finding/329 + (329)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -722,7 +726,7 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' headers: Accept: @@ -734,7 +738,7 @@ interactions: Connection: - keep-alive Content-Length: - - '6804' + - '6981' Content-Type: - application/json User-Agent: @@ -743,12 +747,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18233","key":"NTEST-1869","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18233"}' + string: '{"id":"19678","key":"NTEST-3006","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19678"}' headers: Atl-Request-Id: - - 7bb8de3d-0b2d-44ed-b9e2-c74d93f9ba45 + - 6ca674a0-6d2f-4cdd-bbe7-1df6c4a94823 Atl-Traceid: - - 7bb8de3d0b2d44edb9e2c74d93f9ba45 + - 6ca674a06d2f4cddbbe71df6c4a94823 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -756,7 +760,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:55 GMT + - Sat, 24 May 2025 10:34:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -766,7 +770,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=31,cdn-upstream-fbl;dur=853,atl-edge;dur=723,atl-edge-internal;dur=17,atl-edge-upstream;dur=706,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="a-V7dlKDFRK4qq8HADXC-UUSRii7GoiJBZinMMFCudf8NX_aVZr_pA==",cdn-downstream-fbl;dur=858 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=655,atl-edge;dur=647,atl-edge-internal;dur=19,atl-edge-upstream;dur=627,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="pnFxQYN8ar-WybAV6gZMkB0rGDRNC9so1NhauD7g7_SDo3kGGXoRoA==",cdn-downstream-fbl;dur=659 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -776,15 +780,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9fe7d47ea2a815113a41181f1d63f69e.cloudfront.net (CloudFront) + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - a-V7dlKDFRK4qq8HADXC-UUSRii7GoiJBZinMMFCudf8NX_aVZr_pA== + - pnFxQYN8ar-WybAV6gZMkB0rGDRNC9so1NhauD7g7_SDo3kGGXoRoA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - a26009c7249d9f52ff1451de7ff192b6 + - 366bd6ff4a4e7d367e42defb4e355be4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -810,39 +814,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1869 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3006 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18233","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18233","key":"NTEST-1869","fields":{"statuscategorychangedate":"2025-04-30T18:26:55.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19678","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19678","key":"NTEST-3006","fields":{"statuscategorychangedate":"2025-05-24T12:34:06.367+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1869/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:54.718+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t5r:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:54.818+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3006/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:06.085+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010j3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:06.165+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/11] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/938] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/294] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/327]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/292] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/294]\n*Defect - Dojo link:* http://localhost:8080/finding/294 (294)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/329]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/327]\n*Defect + Dojo link:* http://localhost:8080/finding/327 (327)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -865,16 +870,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/292]\n*Defect Dojo link:* - http://localhost:8080/finding/292 (292)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/329]\n*Defect + Dojo link:* http://localhost:8080/finding/329 (329)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -897,16 +902,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1869/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18233/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3006/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19678/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 91ec06aa-3307-4119-8c08-499efb338e37 + - 4f9c0678-f5e5-45dd-b05e-66bd5138c9a4 Atl-Traceid: - - 91ec06aa330741198c08499efb338e37 + - 4f9c0678f5e545ddb05e66bd5138c9a4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -916,7 +921,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:55 GMT + - Sat, 24 May 2025 10:34:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -926,7 +931,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="B43gulen5h1NTO2DY5wVxxjxK5_ikIF5UiJyYGS0Gsb2z-k4lQ8fpw==",cdn-downstream-fbl;dur=374,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=371,atl-edge;dur=286,atl-edge-internal;dur=16,atl-edge-upstream;dur=270,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=298,atl-edge;dur=291,atl-edge-internal;dur=15,atl-edge-upstream;dur=276,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="QESQes-357x9ibB4AlDX9IYDshgp8Mqx_JQon6jNs6fJ4pgWuDX1Sg==",cdn-downstream-fbl;dur=301 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -936,15 +941,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 087e16218fcf1ccb7472a2c9f6a4cbe2.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - B43gulen5h1NTO2DY5wVxxjxK5_ikIF5UiJyYGS0Gsb2z-k4lQ8fpw== + - QESQes-357x9ibB4AlDX9IYDshgp8Mqx_JQon6jNs6fJ4pgWuDX1Sg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 5622d9de1def9a0745c4eee758af0067 + - b6c3b701add4ca96d159c492e361cf37 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -970,39 +975,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18233 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19678 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18233","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18233","key":"NTEST-1869","fields":{"statuscategorychangedate":"2025-04-30T18:26:55.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19678","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19678","key":"NTEST-3006","fields":{"statuscategorychangedate":"2025-05-24T12:34:06.367+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1869/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:54.718+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t5r:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:54.818+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3006/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:06.085+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010j3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:06.165+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/11] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/938] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/294] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/327]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/292] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/294]\n*Defect - Dojo link:* http://localhost:8080/finding/294 (294)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/329]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/327]\n*Defect + Dojo link:* http://localhost:8080/finding/327 (327)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -1025,16 +1031,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/292]\n*Defect Dojo link:* - http://localhost:8080/finding/292 (292)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/329]\n*Defect + Dojo link:* http://localhost:8080/finding/329 (329)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -1057,16 +1063,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1869/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18233/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3006/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19678/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 416672ed-5ad5-43b3-b658-8484462b9f84 + - 576f0420-4114-4794-8293-349755969bdd Atl-Traceid: - - 416672ed5ad543b3b6588484462b9f84 + - 576f0420411447948293349755969bdd Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1076,7 +1082,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:56 GMT + - Sat, 24 May 2025 10:34:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1086,7 +1092,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=334,atl-edge;dur=250,atl-edge-internal;dur=18,atl-edge-upstream;dur=231,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="Yd-6SukFS7n-tyLqsKSxuLYhTk8pDH6zjt7Tzye78f28ydB4eNcWCQ==",cdn-downstream-fbl;dur=338 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=248,atl-edge;dur=241,atl-edge-internal;dur=18,atl-edge-upstream;dur=223,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="J_EzbZKfiolzjPIeUi2Arz1TUCLhPrXkksYOzf_WH5u_nLjrtxmKUw==",cdn-downstream-fbl;dur=252 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1096,15 +1102,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ed78483d37e5338746e5a4b545e5818e.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Yd-6SukFS7n-tyLqsKSxuLYhTk8pDH6zjt7Tzye78f28ydB4eNcWCQ== + - J_EzbZKfiolzjPIeUi2Arz1TUCLhPrXkksYOzf_WH5u_nLjrtxmKUw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 517e460054f3e493e6cb4c1cd96f4a92 + - 41cf25baaec67d59cf13c54bac34e34f X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1133,12 +1139,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:56.550+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:07.319+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 2c5563c8-7b34-4a62-a943-5682321ec600 + - dd45e671-b252-4975-9443-e9b4f38231da Atl-Traceid: - - 2c5563c87b344a62a9435682321ec600 + - dd45e671b25249759443e9b4f38231da Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1148,7 +1154,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:56 GMT + - Sat, 24 May 2025 10:34:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1158,7 +1164,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="HAl6L9_oSNwFpE1TCX6rm--FteRzwRg6Sh5f25QTiMOFkuSkTX-P1g==",cdn-downstream-fbl;dur=228,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=53,cdn-upstream-fbl;dur=226,atl-edge;dur=154,atl-edge-internal;dur=15,atl-edge-upstream;dur=140,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=112,atl-edge;dur=105,atl-edge-internal;dur=15,atl-edge-upstream;dur=90,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="rK0kBM2RIr7VF-7jdV_t5b7IiKhYojOiwJiNP0hxgi0elW8_usGR2A==",cdn-downstream-fbl;dur=116 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1168,15 +1174,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0730d54c3f7ca2a2e0c1b4cda1ebc0aa.cloudfront.net (CloudFront) + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - HAl6L9_oSNwFpE1TCX6rm--FteRzwRg6Sh5f25QTiMOFkuSkTX-P1g== + - rK0kBM2RIr7VF-7jdV_t5b7IiKhYojOiwJiNP0hxgi0elW8_usGR2A== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - a1efb9b6cb9435afee136690b53e95e1 + - c1ef28d5ae552a8361fcd622af7064f3 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1214,9 +1220,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - ab7a0d5a-b97e-4bae-8a18-7a53cf02ada5 + - 3d927aa3-1b5f-4a3d-b471-07160e75de4e Atl-Traceid: - - ab7a0d5ab97e4bae8a187a53cf02ada5 + - 3d927aa31b5f4a3db47107160e75de4e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1226,7 +1232,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:56 GMT + - Sat, 24 May 2025 10:34:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1236,7 +1242,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=306,atl-edge;dur=274,atl-edge-internal;dur=15,atl-edge-upstream;dur=258,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="b2daBsH_ObgdlQznwH3XtXALGoj8auhy_YXDccXPt51yjHjYi6bRBg==",cdn-downstream-fbl;dur=310 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=283,atl-edge;dur=275,atl-edge-internal;dur=20,atl-edge-upstream;dur=255,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="uskjKPmfRBoqHj78hBhv2eQev4Femmokf1oOEOZrtWCMNlBsvnqJVQ==",cdn-downstream-fbl;dur=286 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1246,18 +1252,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - b2daBsH_ObgdlQznwH3XtXALGoj8auhy_YXDccXPt51yjHjYi6bRBg== + - uskjKPmfRBoqHj78hBhv2eQev4Femmokf1oOEOZrtWCMNlBsvnqJVQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 43f326895bf56d8ebd223646a03e22e1 + - 9c667c8702be118a524951fead1618d1 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1271,16 +1277,18 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/12] in [Security + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/939] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/293] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/293]\n*Defect - Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/328]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/328]\n*Defect + Dojo link:* http://localhost:8080/finding/328 (328)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service when @@ -1288,7 +1296,7 @@ interactions: Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* - [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' headers: Accept: - application/json,*/*;q=0.9 @@ -1299,7 +1307,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1945' + - '2139' Content-Type: - application/json User-Agent: @@ -1308,12 +1316,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18235","key":"NTEST-1870","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18235"}' + string: '{"id":"19679","key":"NTEST-3007","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19679"}' headers: Atl-Request-Id: - - 8869a4da-b5c1-47c1-bd14-138dfdf65694 + - d4e2d799-0926-416f-953c-97e7b12d7a0a Atl-Traceid: - - 8869a4dab5c147c1bd14138dfdf65694 + - d4e2d7990926416f953c97e7b12d7a0a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1321,7 +1329,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:57 GMT + - Sat, 24 May 2025 10:34:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1331,7 +1339,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=786,atl-edge;dur=752,atl-edge-internal;dur=16,atl-edge-upstream;dur=737,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="mRVnhZsH1GuBrSOQ_nr7yVWO6LK5ZST2NyxkGUt6FSL31L3c01pkPw==",cdn-downstream-fbl;dur=790 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=638,atl-edge;dur=630,atl-edge-internal;dur=14,atl-edge-upstream;dur=616,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="hPsT1H7NOSOVprvYAr09t80Ot770s1on6isdobV5QoARKU2udlK0eg==",cdn-downstream-fbl;dur=642 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1341,15 +1349,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 895116b5366f3f5264f7b6361d3fd564.cloudfront.net (CloudFront) + - 1.1 c337a55bb25a3540411fbbf6c8ad1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - mRVnhZsH1GuBrSOQ_nr7yVWO6LK5ZST2NyxkGUt6FSL31L3c01pkPw== + - hPsT1H7NOSOVprvYAr09t80Ot770s1on6isdobV5QoARKU2udlK0eg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - e441a8883568ccaf1d20096e6a765423 + - 53639c37c91512fea071f87fa294f9de X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1375,25 +1383,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1870 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3007 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18235","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18235","key":"NTEST-1870","fields":{"statuscategorychangedate":"2025-04-30T18:26:57.815+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19679","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19679","key":"NTEST-3007","fields":{"statuscategorychangedate":"2025-05-24T12:34:08.406+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1870/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:57.491+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t5z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:57.583+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3007/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:08.076+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:08.149+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/12] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/939] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/293] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/293]\n*Defect - Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/328]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/328]\n*Defect + Dojo link:* http://localhost:8080/finding/328 (328)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -1402,14 +1412,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1870/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18235/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3007/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19679/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 876a613b-ab50-46bb-b734-1489df50e16a + - 8d6c1fe0-5d03-4fb7-a8ca-b8db38c0b077 Atl-Traceid: - - 876a613bab5046bbb7341489df50e16a + - 8d6c1fe05d034fb7a8cab8db38c0b077 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1419,7 +1429,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:58 GMT + - Sat, 24 May 2025 10:34:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1429,7 +1439,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=291,atl-edge;dur=258,atl-edge-internal;dur=16,atl-edge-upstream;dur=242,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="uTe3UZTZVvSAFfWTenJoxizniIkt9tua2_7PwG2fmeEbrPNgCa4Qow==",cdn-downstream-fbl;dur=295 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=263,atl-edge;dur=255,atl-edge-internal;dur=17,atl-edge-upstream;dur=239,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="FNaENR1cn6of4qaDYqLYadQw6XTalhf24y-h-EQ38MbfD83D1A-XwA==",cdn-downstream-fbl;dur=268 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1439,15 +1449,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b3ac893abff0a2c3dda216fe4cd9157a.cloudfront.net (CloudFront) + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - uTe3UZTZVvSAFfWTenJoxizniIkt9tua2_7PwG2fmeEbrPNgCa4Qow== + - FNaENR1cn6of4qaDYqLYadQw6XTalhf24y-h-EQ38MbfD83D1A-XwA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c45952d3f82ad5439693dd9df3cfd177 + - c7c278f5f0e9c744c4f646ca90b9d843 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1473,25 +1483,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18235 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19679 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18235","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18235","key":"NTEST-1870","fields":{"statuscategorychangedate":"2025-04-30T18:26:57.815+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19679","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19679","key":"NTEST-3007","fields":{"statuscategorychangedate":"2025-05-24T12:34:08.406+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1870/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:57.491+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t5z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:57.583+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3007/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:08.076+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:08.149+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/12] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/939] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/293] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/293]\n*Defect - Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/328]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/328]\n*Defect + Dojo link:* http://localhost:8080/finding/328 (328)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -1500,14 +1512,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1870/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18235/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3007/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19679/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - c7a57874-b23a-4ca5-b93d-d0ee9bc6ec05 + - 571f09d7-496a-48c3-ae39-45317536ce51 Atl-Traceid: - - c7a57874b23a4ca5b93dd0ee9bc6ec05 + - 571f09d7496a48c3ae3945317536ce51 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1517,7 +1529,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:58 GMT + - Sat, 24 May 2025 10:34:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1527,7 +1539,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="F3Kar6h3x3orWn1GwBt396WJysXpmjllN_x1_GU6ZtsT8KloC3nutQ==",cdn-downstream-fbl;dur=370,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=366,atl-edge;dur=283,atl-edge-internal;dur=20,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=250,atl-edge;dur=243,atl-edge-internal;dur=16,atl-edge-upstream;dur=227,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="poe1QDe7kpnd4cj2fK7pJH0MUlG1-mnD6g0TEpylk2XJrywJaIO7EA==",cdn-downstream-fbl;dur=254 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1537,15 +1549,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2bdfafaaaec33c116889588ecd9de280.cloudfront.net (CloudFront) + - 1.1 f5d6b2021b5a22554c0e7f5b20207324.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - F3Kar6h3x3orWn1GwBt396WJysXpmjllN_x1_GU6ZtsT8KloC3nutQ== + - poe1QDe7kpnd4cj2fK7pJH0MUlG1-mnD6g0TEpylk2XJrywJaIO7EA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 36710155ee546fdcde17e753646c3c01 + - 27c3c688008bb096701191728f2fcd05 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1558,14 +1570,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, - "url_ui": "http://localhost:8080/test/111", "url_api": "http://localhost:8080/api/v2/tests/111/", + "url_ui": "http://localhost:8080/test/118", "url_api": "http://localhost:8080/api/v2/tests/118/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 111, "url_ui": "http://localhost:8080/test/111", "url_api": "http://localhost:8080/api/v2/tests/111/"}}' + 118, "url_ui": "http://localhost:8080/test/118", "url_api": "http://localhost:8080/api/v2/tests/118/"}}' headers: Accept: - application/json @@ -1580,7 +1592,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -1594,22 +1606,22 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"849\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:56602\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:53130\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/111\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/111/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/118\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/118/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 111, \\\"url_ui\\\": \\\"http://localhost:8080/test/111\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/111/\\\"}}\",\n \"files\": + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 118, \\\"url_ui\\\": \\\"http://localhost:8080/test/118\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/118/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -1619,11 +1631,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 111,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/111/\",\n - \ \"url_ui\": \"http://localhost:8080/test/111\"\n },\n \"title\": + 118,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/118/\",\n + \ \"url_ui\": \"http://localhost:8080/test/118\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/111/\",\n \"url_ui\": - \"http://localhost:8080/test/111\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/118/\",\n \"url_ui\": + \"http://localhost:8080/test/118\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -1632,7 +1644,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:58 GMT + - Sat, 24 May 2025 10:34:08 GMT Transfer-Encoding: - chunked status: @@ -1641,32 +1653,33 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": - null, "url_ui": "http://localhost:8080/test/111", "url_api": "http://localhost:8080/api/v2/tests/111/", + null, "url_ui": "http://localhost:8080/test/118", "url_api": "http://localhost:8080/api/v2/tests/118/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 111, "url_ui": "http://localhost:8080/test/111", "url_api": "http://localhost:8080/api/v2/tests/111/"}, - "finding_count": 5, "findings": {"new": [{"id": 290, "title": "Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/290", - "url_api": "http://localhost:8080/api/v2/findings/290/"}, {"id": 291, "title": - "2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": - "High", "url_ui": "http://localhost:8080/finding/291", "url_api": "http://localhost:8080/api/v2/findings/291/"}, - {"id": 292, "title": "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 - || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 - || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 - || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/292", - "url_api": "http://localhost:8080/api/v2/findings/292/"}, {"id": 293, "title": - "Regular Expression Denial of Service - (Fresh, < 0.5.2)", "severity": "High", - "url_ui": "http://localhost:8080/finding/293", "url_api": "http://localhost:8080/api/v2/findings/293/"}, - {"id": 294, "title": "2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 - < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 - < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/294", - "url_api": "http://localhost:8080/api/v2/findings/294/"}], "reactivated": [], - "mitigated": [], "untouched": []}}' + 118, "url_ui": "http://localhost:8080/test/118", "url_api": "http://localhost:8080/api/v2/tests/118/"}, + "finding_count": 5, "findings": {"new": [{"id": 326, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/326", + "url_api": "http://localhost:8080/api/v2/findings/326/"}, {"id": 327, "title": + "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 + || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "High", "url_ui": "http://localhost:8080/finding/327", "url_api": + "http://localhost:8080/api/v2/findings/327/"}, {"id": 325, "title": "Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", + "url_ui": "http://localhost:8080/finding/325", "url_api": "http://localhost:8080/api/v2/findings/325/"}, + {"id": 328, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/328", "url_api": + "http://localhost:8080/api/v2/findings/328/"}, {"id": 329, "title": "2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= + 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || + >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/329", "url_api": + "http://localhost:8080/api/v2/findings/329/"}], "reactivated": [], "mitigated": + [], "untouched": []}}' headers: Accept: - application/json @@ -1677,11 +1690,11 @@ interactions: Connection: - keep-alive Content-Length: - - '2372' + - '2378' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -1693,84 +1706,84 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"2372\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"2378\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:56610\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:53142\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", - \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/111\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/111/\\\", \\\"product_type\\\": + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/118\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/118/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 111, \\\"url_ui\\\": \\\"http://localhost:8080/test/111\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/111/\\\"}, \\\"finding_count\\\": - 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 290, \\\"title\\\": \\\"Regular + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 118, \\\"url_ui\\\": \\\"http://localhost:8080/test/118\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/118/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 326, \\\"title\\\": \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/290\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/290/\\\"}, {\\\"id\\\": 291, \\\"title\\\": - \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", - \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/291\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/291/\\\"}, {\\\"id\\\": - 292, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/292\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/292/\\\"}, {\\\"id\\\": 293, \\\"title\\\": - \\\"Regular Expression Denial of Service - (Fresh, < 0.5.2)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/293\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/293/\\\"}, {\\\"id\\\": 294, \\\"title\\\": - \\\"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/326\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/326/\\\"}, {\\\"id\\\": 327, \\\"title\\\": + \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/294\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/294/\\\"}], - \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n - \ \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event - scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": - \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \\\"http://localhost:8080/finding/327\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/327/\\\"}, + {\\\"id\\\": 325, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/325\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/325/\\\"}, + {\\\"id\\\": 328, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/328\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/328/\\\"}, + {\\\"id\\\": 329, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/329\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/329/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 290,\n \"severity\": \"High\",\n \"title\": + \ \"id\": 326,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/326/\",\n \"url_ui\": \"http://localhost:8080/finding/326\"\n + \ },\n {\n \"id\": 327,\n \"severity\": \"High\",\n + \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < + 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 + < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/327/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/327\"\n },\n + \ {\n \"id\": 325,\n \"severity\": \"Medium\",\n \"title\": \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/290/\",\n \"url_ui\": \"http://localhost:8080/finding/290\"\n - \ },\n {\n \"id\": 291,\n \"severity\": \"High\",\n - \ \"title\": \"2222Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/291/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/291\"\n },\n - \ {\n \"id\": 292,\n \"severity\": \"High\",\n \"title\": - \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < - 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 - < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= - 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/292/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/292\"\n },\n - \ {\n \"id\": 293,\n \"severity\": \"High\",\n \"title\": - \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/293/\",\n \"url_ui\": \"http://localhost:8080/finding/293\"\n - \ },\n {\n \"id\": 294,\n \"severity\": \"High\",\n - \ \"title\": \"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/294/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/294\"\n }\n ],\n + \"http://localhost:8080/api/v2/findings/325/\",\n \"url_ui\": \"http://localhost:8080/finding/325\"\n + \ },\n {\n \"id\": 328,\n \"severity\": \"Medium\",\n + \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/328/\",\n \"url_ui\": + \"http://localhost:8080/finding/328\"\n },\n {\n \"id\": + 329,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/329/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/329\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 111,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/111/\",\n - \ \"url_ui\": \"http://localhost:8080/test/111\"\n },\n \"title\": + 118,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/118/\",\n + \ \"url_ui\": \"http://localhost:8080/test/118\"\n },\n \"title\": \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: - NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/111/\",\n - \ \"url_ui\": \"http://localhost:8080/test/111\",\n \"user\": null\n + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/118/\",\n + \ \"url_ui\": \"http://localhost:8080/test/118\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1780,7 +1793,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:26:58 GMT + - Sat, 24 May 2025 10:34:08 GMT Transfer-Encoding: - chunked status: @@ -1805,12 +1818,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:26:59.291+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:09.534+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 3f9f02ab-d01e-44a0-ab71-bf10c8114a20 + - 607cdd85-7a12-418f-af42-c2f4a73203ec Atl-Traceid: - - 3f9f02abd01e44a0ab71bf10c8114a20 + - 607cdd857a12418faf42c2f4a73203ec Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1820,7 +1833,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:59 GMT + - Sat, 24 May 2025 10:34:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1830,7 +1843,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=180,atl-edge;dur=148,atl-edge-internal;dur=14,atl-edge-upstream;dur=132,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="WH7UpNR2eSGGPjl0IyJ5pJmsUuOeRKFB8dCzHZvVrlOl9wPfX5uJQQ==",cdn-downstream-fbl;dur=184 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=112,atl-edge;dur=104,atl-edge-internal;dur=17,atl-edge-upstream;dur=88,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="CmrEQlKZGDFeuVM8ESlGki_D0lv5IB-O6dVMTWw4vKZXtUGd85BWVg==",cdn-downstream-fbl;dur=116 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1840,15 +1853,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a65725dd05dc27eea7ae75a2e122228e.cloudfront.net (CloudFront) + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - WH7UpNR2eSGGPjl0IyJ5pJmsUuOeRKFB8dCzHZvVrlOl9wPfX5uJQQ== + - CmrEQlKZGDFeuVM8ESlGki_D0lv5IB-O6dVMTWw4vKZXtUGd85BWVg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c0eb58bbc83ee452cb10f39a6d2c27d9 + - 2e246460a49869b00bb259b3a433e4cf X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1874,28 +1887,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18231 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19677 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18231","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18231","key":"NTEST-1868","fields":{"statuscategorychangedate":"2025-04-30T18:26:52.169+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19677","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19677","key":"NTEST-3005","fields":{"statuscategorychangedate":"2025-05-24T12:34:04.348+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1868/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:51.853+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t5j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:51.942+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3005/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:04.003+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010iv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:04.090+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/10] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/937] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/290] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/326]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/325]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/291]\n*Defect Dojo link:* http://localhost:8080/finding/291 - (291)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/326]\n*Defect Dojo link:* http://localhost:8080/finding/326 + (326)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1905,9 +1919,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/290]\n*Defect - Dojo link:* http://localhost:8080/finding/290 (290)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/325]\n*Defect + Dojo link:* http://localhost:8080/finding/325 (325)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1917,14 +1931,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1868/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18231/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3005/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19677/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - fdee71ce-8dca-4a50-8316-fc11e5307af0 + - c9410a05-fa0b-4713-8973-7a64f5d8403b Atl-Traceid: - - fdee71ce8dca4a508316fc11e5307af0 + - c9410a05fa0b471389737a64f5d8403b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1934,7 +1948,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:26:59 GMT + - Sat, 24 May 2025 10:34:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1944,7 +1958,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=302,atl-edge;dur=270,atl-edge-internal;dur=16,atl-edge-upstream;dur=253,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="0oqdZQiynyZ9V13A12_LmFdJwwu8mh0ukhlZ8WY12X_7FlJ0I3_gJQ==",cdn-downstream-fbl;dur=305 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=257,atl-edge;dur=250,atl-edge-internal;dur=18,atl-edge-upstream;dur=233,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="uiFYAYRF0k2pZIEETZJMV6JJV5_G0sQXklYr0mPzAExmLJRrlrgBaQ==",cdn-downstream-fbl;dur=262 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1954,15 +1968,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 535c2b5354e6ba6798fd64420ee97a2c.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 0oqdZQiynyZ9V13A12_LmFdJwwu8mh0ukhlZ8WY12X_7FlJ0I3_gJQ== + - uiFYAYRF0k2pZIEETZJMV6JJV5_G0sQXklYr0mPzAExmLJRrlrgBaQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 384fede8a9cb56b14f707b55eea655c8 + - 212e31f47c20448f51fe6cfe6bed7722 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2000,9 +2014,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 94294542-d510-4900-9601-5121ac38aa2e + - cb92b47f-2b54-4922-83c8-436ff48cf5e0 Atl-Traceid: - - 94294542d510490096015121ac38aa2e + - cb92b47f2b54492283c8436ff48cf5e0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2012,7 +2026,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:00 GMT + - Sat, 24 May 2025 10:34:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2022,7 +2036,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=31,cdn-upstream-fbl;dur=420,atl-edge;dur=293,atl-edge-internal;dur=17,atl-edge-upstream;dur=276,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="lhb8ajaPGdlDZRhJ81VY945Ui35q41pQX_OohaTOIyn9p5ugGKKwew==",cdn-downstream-fbl;dur=424 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=299,atl-edge;dur=291,atl-edge-internal;dur=15,atl-edge-upstream;dur=277,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="tVjfdbjehx3IBzHXS4KLqFSxPpeDS7B0-07LXoeR6CVikKpUcGgIkA==",cdn-downstream-fbl;dur=302 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2032,18 +2046,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront) + - 1.1 4ab1227a56c7dfaf7a8f7750683df1be.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - lhb8ajaPGdlDZRhJ81VY945Ui35q41pQX_OohaTOIyn9p5ugGKKwew== + - tVjfdbjehx3IBzHXS4KLqFSxPpeDS7B0-07LXoeR6CVikKpUcGgIkA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 92272351b9d413f138b3fe32200379d9 + - e8f18bdab5eb147b997ea8c8013b7103 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2057,19 +2071,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/10] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/937] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/290] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/326]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/325]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/291]\n*Defect Dojo link:* http://localhost:8080/finding/291 - (291)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/326]\n*Defect Dojo link:* http://localhost:8080/finding/326 + (326)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2079,9 +2094,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/290]\n*Defect - Dojo link:* http://localhost:8080/finding/290 (290)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/325]\n*Defect + Dojo link:* http://localhost:8080/finding/325 (325)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2090,7 +2105,7 @@ interactions: Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -2101,21 +2116,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3318' + - '3525' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18231 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19677 response: body: string: '' headers: Atl-Request-Id: - - d108beba-fb1e-433b-b83a-0c5344c27dc2 + - 772a89b3-16c0-4d0d-867e-53339ac08591 Atl-Traceid: - - d108bebafb1e433bb83a0c5344c27dc2 + - 772a89b316c04d0d867e53339ac08591 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2123,7 +2138,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:00 GMT + - Sat, 24 May 2025 10:34:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2133,7 +2148,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=334,atl-edge;dur=300,atl-edge-internal;dur=16,atl-edge-upstream;dur=285,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="NZe4VPwDN-XJfJRtTz1ZwoOPF4BWhqW4P8EDaxBPEot8GbO0bU3xHw==",cdn-downstream-fbl;dur=340 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=297,atl-edge;dur=289,atl-edge-internal;dur=16,atl-edge-upstream;dur=273,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="e1l6rVRTtPPqFif-0t4MDkPBi5s2bl0XkNQhNQnLD3rRIFb3z7QivA==",cdn-downstream-fbl;dur=301 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2141,15 +2156,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - NZe4VPwDN-XJfJRtTz1ZwoOPF4BWhqW4P8EDaxBPEot8GbO0bU3xHw== + - e1l6rVRTtPPqFif-0t4MDkPBi5s2bl0XkNQhNQnLD3rRIFb3z7QivA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - f0e6fd2eee9c4bda4c683cdc7ba9e626 + - b4914f840db85ba909bceda6741da818 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2175,28 +2190,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18231 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19677 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18231","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18231","key":"NTEST-1868","fields":{"statuscategorychangedate":"2025-04-30T18:26:52.169+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19677","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19677","key":"NTEST-3005","fields":{"statuscategorychangedate":"2025-05-24T12:34:04.348+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1868/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:51.853+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t5j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:51.942+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3005/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:04.003+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010iv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:04.090+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/10] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/937] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/291] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/290] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/326]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/325]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/291]\n*Defect Dojo link:* http://localhost:8080/finding/291 - (291)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/326]\n*Defect Dojo link:* http://localhost:8080/finding/326 + (326)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2206,9 +2222,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/290]\n*Defect - Dojo link:* http://localhost:8080/finding/290 (290)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/325]\n*Defect + Dojo link:* http://localhost:8080/finding/325 (325)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2218,14 +2234,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1868/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18231/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3005/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19677/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 4f75e7be-8278-4d1a-9496-e69ba7b5a9b8 + - c10a1f53-000b-4e15-b6ca-7ce836504030 Atl-Traceid: - - 4f75e7be82784d1a9496e69ba7b5a9b8 + - c10a1f53000b4e15b6ca7ce836504030 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2235,7 +2251,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:01 GMT + - Sat, 24 May 2025 10:34:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2245,7 +2261,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=294,atl-edge;dur=261,atl-edge-internal;dur=16,atl-edge-upstream;dur=246,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="l5SmI3Ctnx4pUWTZ3kOvYLwMNcaz34bo2se6QkB1biW6MpRNd0navw==",cdn-downstream-fbl;dur=299 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=236,atl-edge;dur=208,atl-edge-internal;dur=17,atl-edge-upstream;dur=191,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="l0AGEf25bd3UpZui0ZKxVInhYT-8XRp7x_fkTmZJwUoND4HVzMaqzg==",cdn-downstream-fbl;dur=239 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2255,15 +2271,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 60b2b330807c6611e06e3923c8e315cc.cloudfront.net (CloudFront) + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - l5SmI3Ctnx4pUWTZ3kOvYLwMNcaz34bo2se6QkB1biW6MpRNd0navw== + - l0AGEf25bd3UpZui0ZKxVInhYT-8XRp7x_fkTmZJwUoND4HVzMaqzg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - d2d7090c0bc1b0042927d8d9bf2a7859 + - 07ebcb725070d119a75255703c02a4c4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2292,12 +2308,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:01.728+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:11.199+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 0831a300-9dcf-4459-bf1e-025a4f587929 + - 19908f9a-688d-474f-a881-82ff7c8ae2ff Atl-Traceid: - - 0831a3009dcf4459bf1e025a4f587929 + - 19908f9a688d474fa88182ff7c8ae2ff Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2307,7 +2323,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:01 GMT + - Sat, 24 May 2025 10:34:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2317,7 +2333,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="OrrvYD6X_9M3_CQ13b-gN8_NY_rBbTZExtcrrXDypjRdAEgFaoPlFA==",cdn-downstream-fbl;dur=188,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=185,atl-edge;dur=164,atl-edge-internal;dur=14,atl-edge-upstream;dur=150,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=109,atl-edge;dur=102,atl-edge-internal;dur=13,atl-edge-upstream;dur=88,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="u9SA9BP9AnjbmcANthTFaKLDKpQgfjPC4-cTV5PL63s1JQTvwYNivA==",cdn-downstream-fbl;dur=112 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2327,15 +2343,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 48f2e5da4dd7651bfa3bfd0054610cf4.cloudfront.net (CloudFront) + - 1.1 5de5e66003332bec09dff893114ac06c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - OrrvYD6X_9M3_CQ13b-gN8_NY_rBbTZExtcrrXDypjRdAEgFaoPlFA== + - u9SA9BP9AnjbmcANthTFaKLDKpQgfjPC4-cTV5PL63s1JQTvwYNivA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 9af5ef74b8a8cbfa9fc1d5518ec3fe06 + - 19c23b558dea6b06685e362a51ee6eff X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2361,39 +2377,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18233 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19678 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18233","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18233","key":"NTEST-1869","fields":{"statuscategorychangedate":"2025-04-30T18:26:55.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19678","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19678","key":"NTEST-3006","fields":{"statuscategorychangedate":"2025-05-24T12:34:06.367+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1869/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:54.718+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t5r:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:54.818+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3006/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:06.085+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010j3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:06.165+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/11] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/938] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/294] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/327]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/292] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/294]\n*Defect - Dojo link:* http://localhost:8080/finding/294 (294)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/329]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/327]\n*Defect + Dojo link:* http://localhost:8080/finding/327 (327)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -2416,16 +2433,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/292]\n*Defect Dojo link:* - http://localhost:8080/finding/292 (292)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/329]\n*Defect + Dojo link:* http://localhost:8080/finding/329 (329)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -2448,16 +2465,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1869/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18233/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3006/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19678/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 8457dd67-3cef-4484-9a15-4628f892a5f6 + - aecdbf51-2bc6-4aa8-8b81-a8391c325678 Atl-Traceid: - - 8457dd673cef44849a154628f892a5f6 + - aecdbf512bc64aa88b81a8391c325678 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2467,7 +2484,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:02 GMT + - Sat, 24 May 2025 10:34:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2477,7 +2494,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=32,cdn-upstream-fbl;dur=528,atl-edge;dur=398,atl-edge-internal;dur=18,atl-edge-upstream;dur=381,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="rO7XI72LIuV8CZqiC6HiLPO48cnK1JPcMocVAQBQDZNlEKE3sCxD_Q==",cdn-downstream-fbl;dur=532 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=221,atl-edge;dur=214,atl-edge-internal;dur=14,atl-edge-upstream;dur=200,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="SMfQc3ol2S56PkSRmIPFVYziUac9f6V4qDvhB3-tPKwpkU6EWg54yw==",cdn-downstream-fbl;dur=227 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2487,15 +2504,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 d45e064f8c3e1035d136019303749e0e.cloudfront.net (CloudFront) + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - rO7XI72LIuV8CZqiC6HiLPO48cnK1JPcMocVAQBQDZNlEKE3sCxD_Q== + - SMfQc3ol2S56PkSRmIPFVYziUac9f6V4qDvhB3-tPKwpkU6EWg54yw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 39123c580c643d1b2f053685af26154f + - 4727d8d7287fda3ca6e2e90962a34949 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2533,9 +2550,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - b1a07c3b-b8cb-4a22-a77e-e5d68bbde541 + - dd264e94-a504-4ce3-a567-f6941767309e Atl-Traceid: - - b1a07c3bb8cb4a22a77ee5d68bbde541 + - dd264e94a5044ce3a567f6941767309e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2545,7 +2562,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:02 GMT + - Sat, 24 May 2025 10:34:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2555,7 +2572,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=292,atl-edge;dur=259,atl-edge-internal;dur=15,atl-edge-upstream;dur=244,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="oJm3zALDk0oBbsJVQFV4WLOGfRDzt1OU54yC8g2AGBNTvHx9BzdxlQ==",cdn-downstream-fbl;dur=297 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=247,atl-edge;dur=239,atl-edge-internal;dur=15,atl-edge-upstream;dur=224,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="2Wks9pJKTM3Oac0PdbyzHrJcCrIUs5PU-CLYc0I_mXjGsLCru3Jq0w==",cdn-downstream-fbl;dur=251 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2565,18 +2582,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2918cacbb3dda2d143059f9b5f341e32.cloudfront.net (CloudFront) + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - oJm3zALDk0oBbsJVQFV4WLOGfRDzt1OU54yC8g2AGBNTvHx9BzdxlQ== + - 2Wks9pJKTM3Oac0PdbyzHrJcCrIUs5PU-CLYc0I_mXjGsLCru3Jq0w== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 3010d698ed8c99de508fba4a00d3e819 + - 0bf10bb9ee148aefa37c59e69365354c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2590,30 +2607,31 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/11] in [Security + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/938] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/294] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/327]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/292] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/329]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/294]\n*Defect - Dojo link:* http://localhost:8080/finding/294 (294)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/327]\n*Defect + Dojo link:* http://localhost:8080/finding/327 (327)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -2636,15 +2654,15 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/292]\n*Defect Dojo link:* http://localhost:8080/finding/292 - (292)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/329]\n*Defect Dojo link:* http://localhost:8080/finding/329 + (329)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -2667,8 +2685,8 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -2679,21 +2697,21 @@ interactions: Connection: - keep-alive Content-Length: - - '6788' + - '6995' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18233 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19678 response: body: string: '' headers: Atl-Request-Id: - - e259a943-3bac-41db-be78-c6fe37662862 + - 67736eee-05e4-401a-a421-ca0f91e592d8 Atl-Traceid: - - e259a9433bac41dbbe78c6fe37662862 + - 67736eee05e4401aa421ca0f91e592d8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2701,7 +2719,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:03 GMT + - Sat, 24 May 2025 10:34:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2711,7 +2729,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="-Q5c0h6c93vb2Hv6735ol-5dmawXvNqg4DIF54AHYX84By1233oxLQ==",cdn-downstream-fbl;dur=427,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=98,cdn-upstream-fbl;dur=422,atl-edge;dur=290,atl-edge-internal;dur=17,atl-edge-upstream;dur=273,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=230,atl-edge;dur=222,atl-edge-internal;dur=19,atl-edge-upstream;dur=204,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="NjpHp66a-W1O_onUFpcmGXcswsTo0ParUEskBeHuugbusvxa3bsDcg==",cdn-downstream-fbl;dur=236 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2719,15 +2737,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5538280951642fc71308aa997730220e.cloudfront.net (CloudFront) + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - -Q5c0h6c93vb2Hv6735ol-5dmawXvNqg4DIF54AHYX84By1233oxLQ== + - NjpHp66a-W1O_onUFpcmGXcswsTo0ParUEskBeHuugbusvxa3bsDcg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 8bb33cc9b291db78712dda6ed2ac6fa8 + - 52e12bf8fb58434498dc49af69aa14ea X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2753,39 +2771,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18233 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19678 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18233","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18233","key":"NTEST-1869","fields":{"statuscategorychangedate":"2025-04-30T18:26:55.036+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19678","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19678","key":"NTEST-3006","fields":{"statuscategorychangedate":"2025-05-24T12:34:06.367+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1869/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:54.718+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t5r:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:54.818+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3006/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:06.085+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010j3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:06.165+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/11] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/938] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/294] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/327]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/292] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/294]\n*Defect - Dojo link:* http://localhost:8080/finding/294 (294)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/329]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/327]\n*Defect + Dojo link:* http://localhost:8080/finding/327 (327)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -2808,16 +2827,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/292]\n*Defect Dojo link:* - http://localhost:8080/finding/292 (292)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/329]\n*Defect + Dojo link:* http://localhost:8080/finding/329 (329)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -2840,16 +2859,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1869/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18233/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3006/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19678/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 249894a4-edd0-416e-96d6-4fdd71cf3289 + - 21b6f0f6-775a-424c-99d8-2d8795297779 Atl-Traceid: - - 249894a4edd0416e96d64fdd71cf3289 + - 21b6f0f6775a424c99d82d8795297779 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2859,7 +2878,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:03 GMT + - Sat, 24 May 2025 10:34:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2869,7 +2888,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=302,atl-edge;dur=269,atl-edge-internal;dur=15,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="4yiioaqfnVo7dRJuNKRTLpL5ogBNvaYG-H8yE6hKYreTKoIur0jA0Q==",cdn-downstream-fbl;dur=305 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=276,atl-edge;dur=268,atl-edge-internal;dur=16,atl-edge-upstream;dur=253,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="qrPMS-8pwr5FAmbK7Kc6UfaMzCXlCFRpAjINSv3ooRJuPwAvNgcAdg==",cdn-downstream-fbl;dur=282 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2879,15 +2898,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 4yiioaqfnVo7dRJuNKRTLpL5ogBNvaYG-H8yE6hKYreTKoIur0jA0Q== + - qrPMS-8pwr5FAmbK7Kc6UfaMzCXlCFRpAjINSv3ooRJuPwAvNgcAdg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - bf00ffea46b639eb059ebce523c1a3b8 + - dd21fb50c69b5a2038733934481b66fc X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2916,12 +2935,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:04.132+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:12.716+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - bc7df2f7-e28f-452f-af7c-62b352b034c8 + - fe2f2463-de8c-44fc-b776-730936943302 Atl-Traceid: - - bc7df2f7e28f452faf7c62b352b034c8 + - fe2f2463de8c44fcb776730936943302 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2931,7 +2950,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:04 GMT + - Sat, 24 May 2025 10:34:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2941,7 +2960,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=232,atl-edge;dur=146,atl-edge-internal;dur=17,atl-edge-upstream;dur=129,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="3X4twFu-PIo5KhX5C1zqvtXaa1y34OPR_wQ3orcXR0m7lESyQQO5Yw==",cdn-downstream-fbl;dur=236 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=106,atl-edge;dur=98,atl-edge-internal;dur=14,atl-edge-upstream;dur=84,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="G9vzoRuMPg75Qfe2rUG394tdyouKBtwr02y58TXP0KUlKLOzVy41SQ==",cdn-downstream-fbl;dur=109 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2951,15 +2970,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3699bc5ea5aacbe1d32ebe3e874f0c68.cloudfront.net (CloudFront) + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 3X4twFu-PIo5KhX5C1zqvtXaa1y34OPR_wQ3orcXR0m7lESyQQO5Yw== + - G9vzoRuMPg75Qfe2rUG394tdyouKBtwr02y58TXP0KUlKLOzVy41SQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 6d924dcc9c4e18df5555210422b8d179 + - e02e79ed6cdc638bf9371a75afeb4044 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2985,25 +3004,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18235 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19679 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18235","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18235","key":"NTEST-1870","fields":{"statuscategorychangedate":"2025-04-30T18:26:57.815+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19679","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19679","key":"NTEST-3007","fields":{"statuscategorychangedate":"2025-05-24T12:34:08.406+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1870/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:57.491+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t5z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:57.583+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3007/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:08.076+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:08.149+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/12] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/939] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/293] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/293]\n*Defect - Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/328]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/328]\n*Defect + Dojo link:* http://localhost:8080/finding/328 (328)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -3012,14 +3033,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1870/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18235/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3007/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19679/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 73255519-4bf9-470f-b6a1-653656f3dc0c + - 18906e1f-1921-4168-a83e-24efcad866f8 Atl-Traceid: - - 732555194bf9470fb6a1653656f3dc0c + - 18906e1f19214168a83e24efcad866f8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3029,7 +3050,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:04 GMT + - Sat, 24 May 2025 10:34:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3039,7 +3060,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="vFA3gfuw6Zr-_KroMQ5KEmep0lmCattOdtjkH7exFtv39n6y0bYobQ==",cdn-downstream-fbl;dur=354,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=351,atl-edge;dur=277,atl-edge-internal;dur=19,atl-edge-upstream;dur=257,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=216,atl-edge;dur=209,atl-edge-internal;dur=17,atl-edge-upstream;dur=192,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="GUrbk3yVC1UqFQlmsdcJKL3qbyiSSQ-lm-LZda4KIByulbi-krgD4A==",cdn-downstream-fbl;dur=220 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3049,15 +3070,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8913ce09707cf3a865704b4fbd2875de.cloudfront.net (CloudFront) + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - vFA3gfuw6Zr-_KroMQ5KEmep0lmCattOdtjkH7exFtv39n6y0bYobQ== + - GUrbk3yVC1UqFQlmsdcJKL3qbyiSSQ-lm-LZda4KIByulbi-krgD4A== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 4d9edb669a32849b70e0253307d95109 + - 75e1025ea8412e802618eb281ac387b9 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3095,9 +3116,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 32f79301-afa6-47da-9c3e-925527eb3c3c + - 37955262-d8a8-4a5c-8775-a6183c197e9f Atl-Traceid: - - 32f79301afa647da9c3e925527eb3c3c + - 37955262d8a84a5c8775a6183c197e9f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3107,7 +3128,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:05 GMT + - Sat, 24 May 2025 10:34:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3117,7 +3138,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=303,atl-edge;dur=270,atl-edge-internal;dur=16,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="noDRAKAb6UkLXzUhEBs9cDhw8ACrHX5WSl8qQxmNmUjCFcbztu-bWQ==",cdn-downstream-fbl;dur=306 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=255,atl-edge;dur=248,atl-edge-internal;dur=16,atl-edge-upstream;dur=232,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="NiqnxgxIUt3YvfRJClc5HLdSNuyQnaUwnnkUSQuFZJgN8TdWNxuqpA==",cdn-downstream-fbl;dur=259 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3127,18 +3148,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 848ee9f48eafd6caa6bf5371a2f79f28.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - noDRAKAb6UkLXzUhEBs9cDhw8ACrHX5WSl8qQxmNmUjCFcbztu-bWQ== + - NiqnxgxIUt3YvfRJClc5HLdSNuyQnaUwnnkUSQuFZJgN8TdWNxuqpA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c84562387471e565c041a9848a1afd53 + - f83b81c3e6250013b6374677d1cb55a9 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3152,16 +3173,18 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/12] in [Security + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/939] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/293] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/293]\n*Defect - Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/328]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/328]\n*Defect + Dojo link:* http://localhost:8080/finding/328 (328)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service when @@ -3169,7 +3192,7 @@ interactions: Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -3180,21 +3203,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1929' + - '2153' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18235 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19679 response: body: string: '' headers: Atl-Request-Id: - - 6d7f7f87-332b-4e6e-88ec-226e24e26c1e + - 22a21426-0ef2-4891-bab4-50bc75cd9232 Atl-Traceid: - - 6d7f7f87332b4e6e88ec226e24e26c1e + - 22a214260ef24891bab450bc75cd9232 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3202,7 +3225,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:05 GMT + - Sat, 24 May 2025 10:34:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3212,7 +3235,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=312,atl-edge;dur=279,atl-edge-internal;dur=14,atl-edge-upstream;dur=265,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="b42TCaGpn7NbvsYqMLzAsSIgIpri87vIeshtZam4knGlaPfSW8Vl9A==",cdn-downstream-fbl;dur=317 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=293,atl-edge;dur=285,atl-edge-internal;dur=18,atl-edge-upstream;dur=268,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="EwmqskuAta54x_MKzJTWeib9-vZOz6G5mC6UZB0MVHWdZhlTz44QpA==",cdn-downstream-fbl;dur=297 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3220,15 +3243,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 edb5724c2fa0963fde9c6c5089b747ce.cloudfront.net (CloudFront) + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - b42TCaGpn7NbvsYqMLzAsSIgIpri87vIeshtZam4knGlaPfSW8Vl9A== + - EwmqskuAta54x_MKzJTWeib9-vZOz6G5mC6UZB0MVHWdZhlTz44QpA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 3fb186fda874ec6597076de9262ff1ed + - 1d06078063fcc482253129f5c3ec8d03 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3254,25 +3277,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18235 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19679 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18235","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18235","key":"NTEST-1870","fields":{"statuscategorychangedate":"2025-04-30T18:26:57.815+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19679","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19679","key":"NTEST-3007","fields":{"statuscategorychangedate":"2025-05-24T12:34:08.406+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1870/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:26:57.491+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t5z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:26:57.583+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3007/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:08.076+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:08.149+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/12] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/939] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/111]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/293] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/293]\n*Defect - Dojo link:* http://localhost:8080/finding/293 (293)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/118]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/328]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/328]\n*Defect + Dojo link:* http://localhost:8080/finding/328 (328)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -3281,14 +3306,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1870/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18235/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3007/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19679/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 0e42fe7b-2544-49fd-97a6-de68b62dde04 + - 6a94ba78-5a14-4da0-be0f-815eb7ff58c6 Atl-Traceid: - - 0e42fe7b254449fd97a6de68b62dde04 + - 6a94ba785a144da0be0f815eb7ff58c6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3298,7 +3323,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:06 GMT + - Sat, 24 May 2025 10:34:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3308,7 +3333,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=31,cdn-upstream-fbl;dur=375,atl-edge;dur=246,atl-edge-internal;dur=17,atl-edge-upstream;dur=230,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="qd378KNUsowzi21eFfytwGwk5PyeiYfER9U3SOODCDcmxLRNY9LMNA==",cdn-downstream-fbl;dur=378 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=229,atl-edge;dur=221,atl-edge-internal;dur=16,atl-edge-upstream;dur=205,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="rkvGh_xA4NYsvW94GSCn3YKxI5HT92-OnR3eXOuNg4j7ofCeHpKk6Q==",cdn-downstream-fbl;dur=233 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3318,15 +3343,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 de5b26aba33b480d2b740b96a34fe916.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - qd378KNUsowzi21eFfytwGwk5PyeiYfER9U3SOODCDcmxLRNY9LMNA== + - rkvGh_xA4NYsvW94GSCn3YKxI5HT92-OnR3eXOuNg4j7ofCeHpKk6Q== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 9448b52adfc133e8a25e5122aa5c7a35 + - 71e84ec39141b7fcbe1d613a4e75ce05 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3337,34 +3362,7 @@ interactions: code: 200 message: OK - request: - body: '{"description": "Event scan_added_empty has occurred.", "title": "Created/Updated - 0 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": - null, "url_ui": "http://localhost:8080/test/111", "url_api": "http://localhost:8080/api/v2/tests/111/", - "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", - "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": - "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": - "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter - Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": - "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 111, "url_ui": "http://localhost:8080/test/111", "url_api": "http://localhost:8080/api/v2/tests/111/"}, - "finding_count": 0, "findings": {"new": [], "reactivated": [], "mitigated": - [], "untouched": [{"id": 290, "title": "Regular Expression Denial of Service - - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/290", - "url_api": "http://localhost:8080/api/v2/findings/290/"}, {"id": 291, "title": - "2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": - "High", "url_ui": "http://localhost:8080/finding/291", "url_api": "http://localhost:8080/api/v2/findings/291/"}, - {"id": 292, "title": "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 - || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 - || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 - || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/292", - "url_api": "http://localhost:8080/api/v2/findings/292/"}, {"id": 293, "title": - "Regular Expression Denial of Service - (Fresh, < 0.5.2)", "severity": "High", - "url_ui": "http://localhost:8080/finding/293", "url_api": "http://localhost:8080/api/v2/findings/293/"}, - {"id": 294, "title": "2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 - < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 - < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/294", - "url_api": "http://localhost:8080/api/v2/findings/294/"}]}}' + body: '"scan_added.tpl"' headers: Accept: - application/json @@ -3375,11 +3373,11 @@ interactions: Connection: - keep-alive Content-Length: - - '2378' + - '16' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added_empty X-DefectDojo-Instance: @@ -3391,95 +3389,25 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"2378\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"16\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added_empty\"\n ],\n \"X-Defectdojo-Instance\": [\n \ \"http://localhost:8080\"\n ]\n },\n \"method\": \"POST\",\n \"origin\": - \"172.18.0.9:56618\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n - \ \"data\": \"{\\\"description\\\": \\\"Event scan_added_empty has occurred.\\\", - \\\"title\\\": \\\"Created/Updated 0 findings for Security How-to: 1st Quarter - Engagement: NPM Audit Scan\\\", \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/111\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/111/\\\", \\\"product_type\\\": - {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": - {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": - {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": - \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 111, \\\"url_ui\\\": \\\"http://localhost:8080/test/111\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/111/\\\"}, \\\"finding_count\\\": - 0, \\\"findings\\\": {\\\"new\\\": [], \\\"reactivated\\\": [], \\\"mitigated\\\": - [], \\\"untouched\\\": [{\\\"id\\\": 290, \\\"title\\\": \\\"Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"High\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/290\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/290/\\\"}, {\\\"id\\\": 291, \\\"title\\\": - \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", - \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/291\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/291/\\\"}, {\\\"id\\\": - 292, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/292\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/292/\\\"}, {\\\"id\\\": 293, \\\"title\\\": - \\\"Regular Expression Denial of Service - (Fresh, < 0.5.2)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/293\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/293/\\\"}, {\\\"id\\\": 294, \\\"title\\\": - \\\"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 - < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= - 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 - || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/294\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/294/\\\"}]}}\",\n - \ \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event - scan_added_empty has occurred.\",\n \"engagement\": {\n \"id\": 1,\n - \ \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n - \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": - 0,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [],\n \"reactivated\": - [],\n \"untouched\": [\n {\n \"id\": 290,\n \"severity\": - \"High\",\n \"title\": \"Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/290/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/290\"\n },\n - \ {\n \"id\": 291,\n \"severity\": \"High\",\n \"title\": - \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/291/\",\n \"url_ui\": \"http://localhost:8080/finding/291\"\n - \ },\n {\n \"id\": 292,\n \"severity\": \"High\",\n - \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < - 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 - < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= - 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/292/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/292\"\n },\n - \ {\n \"id\": 293,\n \"severity\": \"High\",\n \"title\": - \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/293/\",\n \"url_ui\": \"http://localhost:8080/finding/293\"\n - \ },\n {\n \"id\": 294,\n \"severity\": \"High\",\n - \ \"title\": \"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/294/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/294\"\n }\n ]\n - \ },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": - \"http://localhost:8080/product/2\"\n },\n \"product_type\": {\n \"id\": - 2,\n \"name\": \"ebooks\",\n \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n - \ \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": - {\n \"id\": 111,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/111/\",\n - \ \"url_ui\": \"http://localhost:8080/test/111\"\n },\n \"title\": - \"Created/Updated 0 findings for Security How-to: 1st Quarter Engagement: - NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/111/\",\n - \ \"url_ui\": \"http://localhost:8080/test/111\",\n \"user\": null\n - \ }\n}\n" + \"10.250.1.6:53158\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n + \ \"data\": \"\\\"scan_added.tpl\\\"\",\n \"files\": {},\n \"form\": {},\n + \ \"json\": \"scan_added.tpl\"\n}\n" headers: Access-Control-Allow-Credentials: - 'true' Access-Control-Allow-Origin: - '*' + Content-Length: + - '738' Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:27:06 GMT - Transfer-Encoding: - - chunked + - Sat, 24 May 2025 10:34:13 GMT status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues.yaml index ad7e2e4b171..8f7b26a5b51 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_push_to_jira_is_false_but_push_all_issues.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:06.657+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:14.525+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - baf70614-ea69-421f-8324-762c0ba29a32 + - fd2a180c-ece3-4812-8cc1-9d44c0aa08d7 Atl-Traceid: - - baf70614ea69421f8324762c0ba29a32 + - fd2a180cece348128cc19d44c0aa08d7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:06 GMT + - Sat, 24 May 2025 10:34:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=188,atl-edge;dur=156,atl-edge-internal;dur=13,atl-edge-upstream;dur=143,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="f-flpPnlZmIKk_MdmRk7hNATPsqYclRDdofqXnEBYqfzKb-j2yWTSQ==",cdn-downstream-fbl;dur=192 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=107,atl-edge;dur=100,atl-edge-internal;dur=15,atl-edge-upstream;dur=85,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="d6xycZZPPiqXLXorDEXd_h0O7HZXNrGkh87pfFsg7Y2G282aCVOdFA==",cdn-downstream-fbl;dur=111 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1918cab433d8a05c792c3cff85897f3c.cloudfront.net (CloudFront) + - 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - f-flpPnlZmIKk_MdmRk7hNATPsqYclRDdofqXnEBYqfzKb-j2yWTSQ== + - d6xycZZPPiqXLXorDEXd_h0O7HZXNrGkh87pfFsg7Y2G282aCVOdFA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 5c562bbd660ce496e321345612fdaa27 + - 00e7de7bc64d8c28bb9bcc14058ea281 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 3ffee7ec-2a96-4922-bacf-eceda04f0689 + - 4842434d-71f2-463f-beb1-3cc8a43ecaf8 Atl-Traceid: - - 3ffee7ec2a964922bacfeceda04f0689 + - 4842434d71f2463fbeb13cc8a43ecaf8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:07 GMT + - Sat, 24 May 2025 10:34:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="F-9FIygu8hv1AjUuk43ABoOXCpzU_Tn9t2UAwDj96oEeXuqCwjvVIA==",cdn-downstream-fbl;dur=357,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=55,cdn-upstream-fbl;dur=355,atl-edge;dur=281,atl-edge-internal;dur=19,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=232,atl-edge;dur=224,atl-edge-internal;dur=16,atl-edge-upstream;dur=208,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="jMX5Fx4KHQtqspmwJlTZqz-qs8KGR67rXTSJ7Lk6m6vbIa1T1i-o9A==",cdn-downstream-fbl;dur=236 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 6bddabf0adf0131ec8169647c939d30c.cloudfront.net (CloudFront) + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - F-9FIygu8hv1AjUuk43ABoOXCpzU_Tn9t2UAwDj96oEeXuqCwjvVIA== + - jMX5Fx4KHQtqspmwJlTZqz-qs8KGR67rXTSJ7Lk6m6vbIa1T1i-o9A== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - a9ff00c7c1dc580dc9c1301dd793958a + - aeb90a79ac309f112a90c878ea1891a8 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -156,19 +156,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/13] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/940] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/296] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/331]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/296]\n*Defect Dojo link:* http://localhost:8080/finding/296 - (296)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/331]\n*Defect Dojo link:* http://localhost:8080/finding/331 + (331)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -178,9 +179,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295]\n*Defect - Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]\n*Defect + Dojo link:* http://localhost:8080/finding/330 (330)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -200,7 +201,7 @@ interactions: Connection: - keep-alive Content-Length: - - '3334' + - '3511' Content-Type: - application/json User-Agent: @@ -209,12 +210,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18237","key":"NTEST-1871","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18237"}' + string: '{"id":"19680","key":"NTEST-3008","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19680"}' headers: Atl-Request-Id: - - 5787c8b9-9028-4adb-9b55-ba75f49fc947 + - 0754f1c6-1a7f-4931-aa2d-f57f55615d24 Atl-Traceid: - - 5787c8b990284adb9b55ba75f49fc947 + - 0754f1c61a7f4931aa2df57f55615d24 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -222,7 +223,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:08 GMT + - Sat, 24 May 2025 10:34:15 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -232,7 +233,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="5x79LKruCJTUqCGJsndSFYpU0pUOloo90YDv_L5AoW9SM9m4RLz6Iw==",cdn-downstream-fbl;dur=753,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=60,cdn-upstream-fbl;dur=751,atl-edge;dur=670,atl-edge-internal;dur=15,atl-edge-upstream;dur=655,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=765,atl-edge;dur=758,atl-edge-internal;dur=16,atl-edge-upstream;dur=741,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="sJFIJ2xArcH4MZmq-ewgCgiTbu_nMSDlJ5Mdkv5lDPnwL8tTUSptEA==",cdn-downstream-fbl;dur=769 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -242,15 +243,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 124fcc45b0cac625cd0077abe70a7c60.cloudfront.net (CloudFront) + - 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 5x79LKruCJTUqCGJsndSFYpU0pUOloo90YDv_L5AoW9SM9m4RLz6Iw== + - sJFIJ2xArcH4MZmq-ewgCgiTbu_nMSDlJ5Mdkv5lDPnwL8tTUSptEA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - de725dfdf78f5df9cb09fcc10c45e7f8 + - febd8be5df1d561d62751ee7c789df51 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -276,28 +277,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1871 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3008 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18237","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18237","key":"NTEST-1871","fields":{"statuscategorychangedate":"2025-04-30T18:27:07.952+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19680","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19680","key":"NTEST-3008","fields":{"statuscategorychangedate":"2025-05-24T12:34:15.654+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1871/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:07.681+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t67:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:07.763+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3008/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:15.295+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:15.382+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/13] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/940] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/296] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/331]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/296]\n*Defect Dojo link:* http://localhost:8080/finding/296 - (296)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/331]\n*Defect Dojo link:* http://localhost:8080/finding/331 + (331)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -307,9 +309,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295]\n*Defect - Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]\n*Defect + Dojo link:* http://localhost:8080/finding/330 (330)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -319,14 +321,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1871/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18237/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3008/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19680/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - baaa5cda-f495-4607-bb72-ca88a33694ff + - bb6c33a0-a10b-4515-8052-5307a4160f8f Atl-Traceid: - - baaa5cdaf4954607bb72ca88a33694ff + - bb6c33a0a10b451580525307a4160f8f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -336,7 +338,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:08 GMT + - Sat, 24 May 2025 10:34:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -346,7 +348,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="RL9FYT8Tucz6Ki641TW5_7iEfztNfKkwcOzU7jYJwf4d3JnfOsKIsQ==",cdn-downstream-fbl;dur=332,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=59,cdn-upstream-fbl;dur=330,atl-edge;dur=249,atl-edge-internal;dur=17,atl-edge-upstream;dur=233,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=232,atl-edge;dur=224,atl-edge-internal;dur=14,atl-edge-upstream;dur=210,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="awpeBaQR07_-1vXcuTQOCJmbTdRA3Q-a_EsytMurKMQD8AhM4J3bfg==",cdn-downstream-fbl;dur=236 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -356,15 +358,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9b5b156d64ffeaa3e7df806f8b45cd5c.cloudfront.net (CloudFront) + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - RL9FYT8Tucz6Ki641TW5_7iEfztNfKkwcOzU7jYJwf4d3JnfOsKIsQ== + - awpeBaQR07_-1vXcuTQOCJmbTdRA3Q-a_EsytMurKMQD8AhM4J3bfg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 23db20188537a63454e0ac1a27ecb532 + - c72f02d3de892e13fa5bbebb23bb9212 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -390,28 +392,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18237 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19680 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18237","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18237","key":"NTEST-1871","fields":{"statuscategorychangedate":"2025-04-30T18:27:07.952+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19680","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19680","key":"NTEST-3008","fields":{"statuscategorychangedate":"2025-05-24T12:34:15.654+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1871/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:07.681+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t67:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:07.763+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3008/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:15.295+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:15.382+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/13] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/940] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/296] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/331]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/296]\n*Defect Dojo link:* http://localhost:8080/finding/296 - (296)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/331]\n*Defect Dojo link:* http://localhost:8080/finding/331 + (331)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -421,9 +424,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295]\n*Defect - Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]\n*Defect + Dojo link:* http://localhost:8080/finding/330 (330)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -433,14 +436,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1871/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18237/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3008/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19680/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 50cf6bd7-8731-4509-8edd-75feb5046727 + - 4b4a730c-9e75-4a7b-a965-e441097000d0 Atl-Traceid: - - 50cf6bd7873145098edd75feb5046727 + - 4b4a730c9e754a7ba965e441097000d0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -450,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:08 GMT + - Sat, 24 May 2025 10:34:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -460,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=284,atl-edge;dur=250,atl-edge-internal;dur=16,atl-edge-upstream;dur=235,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="J4_RJa6NATJvTb0clXQ-ldbqeckMxfWo1jeevqe1CXf7tQ5YKQ4mGQ==",cdn-downstream-fbl;dur=288 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=236,atl-edge;dur=229,atl-edge-internal;dur=18,atl-edge-upstream;dur=211,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="A_A3kyf563kW6qbShsixroUnHJtGl-ol5g4OxByM9WTo914kFmo4Ww==",cdn-downstream-fbl;dur=239 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -470,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ad310b4d7c581c35032fa3fce068e53c.cloudfront.net (CloudFront) + - 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - J4_RJa6NATJvTb0clXQ-ldbqeckMxfWo1jeevqe1CXf7tQ5YKQ4mGQ== + - A_A3kyf563kW6qbShsixroUnHJtGl-ol5g4OxByM9WTo914kFmo4Ww== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - df80d564afd75418aa52dc7dd9a73d72 + - e07f43caa888b9dff9365e31c15df53b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -507,12 +510,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:09.302+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:16.593+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - ae5a8208-76e6-4fbb-a4e8-ac21901c9d51 + - 2e08ca39-220a-4378-a0c6-d6f965e3729c Atl-Traceid: - - ae5a820876e64fbba4e8ac21901c9d51 + - 2e08ca39220a4378a0c6d6f965e3729c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -522,7 +525,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:09 GMT + - Sat, 24 May 2025 10:34:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -532,7 +535,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=201,atl-edge;dur=169,atl-edge-internal;dur=14,atl-edge-upstream;dur=155,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="wNVtZufip32hTKNBSIUfKiNk1VVmJJcwL2xGRONPeWquWIUAQODU1A==",cdn-downstream-fbl;dur=205 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=115,atl-edge;dur=107,atl-edge-internal;dur=15,atl-edge-upstream;dur=92,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="hUpA_cuLgQZ8MYFm7krIptx6i8BGr0RN_Ivk9q1kXgFrxPBquDDyXg==",cdn-downstream-fbl;dur=119 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -542,15 +545,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4bbf91f2f9edc22eb68408b6405ae452.cloudfront.net (CloudFront) + - 1.1 f5d6b2021b5a22554c0e7f5b20207324.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - wNVtZufip32hTKNBSIUfKiNk1VVmJJcwL2xGRONPeWquWIUAQODU1A== + - hUpA_cuLgQZ8MYFm7krIptx6i8BGr0RN_Ivk9q1kXgFrxPBquDDyXg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - b6fc35966d4bea320f56efb9e9e5a668 + - 838f9ed96a18bbd635566743ddba7f77 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -588,9 +591,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 2b0a5e53-9c72-49de-a765-c52d05eee9c9 + - 4d551eb7-1b73-4752-b741-3b878bf9fa29 Atl-Traceid: - - 2b0a5e539c7249dea765c52d05eee9c9 + - 4d551eb71b734752b7413b878bf9fa29 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -600,7 +603,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:09 GMT + - Sat, 24 May 2025 10:34:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -610,7 +613,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=312,atl-edge;dur=280,atl-edge-internal;dur=14,atl-edge-upstream;dur=265,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="pHSRmE3QD0PJu30mMjUR16AXMcW6fXzMrmy4-4aCMCeTIVfU7EHd-g==",cdn-downstream-fbl;dur=316 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=253,atl-edge;dur=246,atl-edge-internal;dur=18,atl-edge-upstream;dur=227,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="iIpeO_-cLK51MrFXla4G8zhwo6Kcoe9JMNZVMs36DnrVWzqhg7-tBQ==",cdn-downstream-fbl;dur=257 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -620,18 +623,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2918cacbb3dda2d143059f9b5f341e32.cloudfront.net (CloudFront) + - 1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - pHSRmE3QD0PJu30mMjUR16AXMcW6fXzMrmy4-4aCMCeTIVfU7EHd-g== + - iIpeO_-cLK51MrFXla4G8zhwo6Kcoe9JMNZVMs36DnrVWzqhg7-tBQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c5a3b4d30796c4610f812b34602e2e00 + - 76fb9d6256623f2ee8edfad62c5e136e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -645,30 +648,31 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/14] in [Security + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/941] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/297] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299]\n*Defect - Dojo link:* http://localhost:8080/finding/299 (299)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]\n*Defect + Dojo link:* http://localhost:8080/finding/332 (332)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -691,15 +695,15 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/297]\n*Defect Dojo link:* http://localhost:8080/finding/297 - (297)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]\n*Defect Dojo link:* http://localhost:8080/finding/334 + (334)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -722,7 +726,7 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' headers: Accept: @@ -734,7 +738,7 @@ interactions: Connection: - keep-alive Content-Length: - - '6804' + - '6981' Content-Type: - application/json User-Agent: @@ -743,12 +747,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18239","key":"NTEST-1872","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18239"}' + string: '{"id":"19681","key":"NTEST-3009","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19681"}' headers: Atl-Request-Id: - - bf96c8d7-b500-4623-8987-0cad5e00d0b2 + - efd9b65a-1332-43cd-b993-3147974ab4d0 Atl-Traceid: - - bf96c8d7b500462389870cad5e00d0b2 + - efd9b65a133243cdb9933147974ab4d0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -756,7 +760,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:10 GMT + - Sat, 24 May 2025 10:34:17 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -766,7 +770,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="-AbmJU8YaGI-UW1G6BFG5WA2xKOUs84_fpDq5pEw-aDcZjYpY5Pd2A==",cdn-downstream-fbl;dur=855,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=852,atl-edge;dur=767,atl-edge-internal;dur=17,atl-edge-upstream;dur=750,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=778,atl-edge;dur=770,atl-edge-internal;dur=14,atl-edge-upstream;dur=756,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="HeIl8MV567Rt4hVfT7Wb6HFXGoUVUgtVw4Wb-Op3gp0jjTOqCgsNAg==",cdn-downstream-fbl;dur=782 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -776,15 +780,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 dd3ca66f64c2ab5745848b5787ca747a.cloudfront.net (CloudFront) + - 1.1 b0062bb33b961b53be87d688f2bdd9f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - -AbmJU8YaGI-UW1G6BFG5WA2xKOUs84_fpDq5pEw-aDcZjYpY5Pd2A== + - HeIl8MV567Rt4hVfT7Wb6HFXGoUVUgtVw4Wb-Op3gp0jjTOqCgsNAg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 325fec219066c1d61b6c13e802cd7437 + - 7eb0a2bc748fd3654e6ed1a73c8d4278 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -810,39 +814,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1872 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3009 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18239","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18239","key":"NTEST-1872","fields":{"statuscategorychangedate":"2025-04-30T18:27:10.705+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19681","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19681","key":"NTEST-3009","fields":{"statuscategorychangedate":"2025-05-24T12:34:17.728+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1872/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:10.389+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t6f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:10.491+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3009/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:17.372+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:17.481+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/14] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/941] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/297] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299]\n*Defect - Dojo link:* http://localhost:8080/finding/299 (299)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]\n*Defect + Dojo link:* http://localhost:8080/finding/332 (332)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -865,16 +870,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/297]\n*Defect Dojo link:* - http://localhost:8080/finding/297 (297)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]\n*Defect + Dojo link:* http://localhost:8080/finding/334 (334)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -897,16 +902,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1872/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18239/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3009/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19681/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - e3502de0-168a-475f-baef-922fcf0068c6 + - 7e076a75-f250-46c8-b3ab-1c3789d96c01 Atl-Traceid: - - e3502de0168a475fbaef922fcf0068c6 + - 7e076a75f25046c8b3ab1c3789d96c01 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -916,7 +921,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:11 GMT + - Sat, 24 May 2025 10:34:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -926,7 +931,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="4DfM-yIjn8hOB1oRFiLZSwOqyhW9ulPcpGiA3T0HOlpo7uVJ7vRTsA==",cdn-downstream-fbl;dur=306,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=304,atl-edge;dur=282,atl-edge-internal;dur=17,atl-edge-upstream;dur=265,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=250,atl-edge;dur=242,atl-edge-internal;dur=16,atl-edge-upstream;dur=226,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Y2Q_tWPeOyQ8VT86CRIF50jtmesfeC5b78urFGd-HmwUIzvl5GxGuw==",cdn-downstream-fbl;dur=253 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -936,15 +941,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 72fcd81c14e3eb0facf41fedad65e9e4.cloudfront.net (CloudFront) + - 1.1 f5d6b2021b5a22554c0e7f5b20207324.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 4DfM-yIjn8hOB1oRFiLZSwOqyhW9ulPcpGiA3T0HOlpo7uVJ7vRTsA== + - Y2Q_tWPeOyQ8VT86CRIF50jtmesfeC5b78urFGd-HmwUIzvl5GxGuw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - f24b00bd672319fd5cfcb0ec4e506860 + - 05a0993e2fde2f50f331479fc75091dc X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -970,39 +975,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18239 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19681 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18239","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18239","key":"NTEST-1872","fields":{"statuscategorychangedate":"2025-04-30T18:27:10.705+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19681","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19681","key":"NTEST-3009","fields":{"statuscategorychangedate":"2025-05-24T12:34:17.728+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1872/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:10.389+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t6f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:10.491+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3009/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:17.372+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:17.481+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/14] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/941] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/297] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299]\n*Defect - Dojo link:* http://localhost:8080/finding/299 (299)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]\n*Defect + Dojo link:* http://localhost:8080/finding/332 (332)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -1025,16 +1031,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/297]\n*Defect Dojo link:* - http://localhost:8080/finding/297 (297)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]\n*Defect + Dojo link:* http://localhost:8080/finding/334 (334)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -1057,16 +1063,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1872/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18239/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3009/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19681/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 51855ece-df0e-4a9f-9684-bdfead3ea68d + - 04649497-6dde-4ed2-ba07-226bf04e72cd Atl-Traceid: - - 51855ecedf0e4a9f9684bdfead3ea68d + - 046494976dde4ed2ba07226bf04e72cd Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1076,7 +1082,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:11 GMT + - Sat, 24 May 2025 10:34:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1086,7 +1092,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=307,atl-edge;dur=274,atl-edge-internal;dur=15,atl-edge-upstream;dur=260,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="aATX_Rkd3p_8i97X0oZshfSjGSy6KHZIDfWmKAtWMuqkmUfgthLZzA==",cdn-downstream-fbl;dur=311 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=254,atl-edge;dur=247,atl-edge-internal;dur=16,atl-edge-upstream;dur=231,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="srCvcsURmNNNcRPn5ZnDNsGe3ImrtZFN5B2IaStwZ_W3haIzCVcf4g==",cdn-downstream-fbl;dur=258 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1096,15 +1102,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 60b2b330807c6611e06e3923c8e315cc.cloudfront.net (CloudFront) + - 1.1 c337a55bb25a3540411fbbf6c8ad1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - aATX_Rkd3p_8i97X0oZshfSjGSy6KHZIDfWmKAtWMuqkmUfgthLZzA== + - srCvcsURmNNNcRPn5ZnDNsGe3ImrtZFN5B2IaStwZ_W3haIzCVcf4g== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 9058453bcbaee95f842397c45a72f91e + - c98d017baaaa0bda8af1ef77dc49f67e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1133,12 +1139,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:12.019+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:18.680+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 3d58a454-1bc5-4d2b-9f77-1a3c1e5ca7fa + - cf76464e-650b-432d-a15c-3863ad7f16c2 Atl-Traceid: - - 3d58a4541bc54d2b9f771a3c1e5ca7fa + - cf76464e650b432da15c3863ad7f16c2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1148,7 +1154,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:12 GMT + - Sat, 24 May 2025 10:34:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1158,7 +1164,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=172,atl-edge;dur=140,atl-edge-internal;dur=11,atl-edge-upstream;dur=129,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="ZArIC5qamMsF3aoibNFepG1xaGPJrKc--xUJ-1PU4KaMsAoYmTgjLg==",cdn-downstream-fbl;dur=176 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=113,atl-edge;dur=105,atl-edge-internal;dur=16,atl-edge-upstream;dur=90,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="d7b7dtaldvoi89R7_1QcLfi1sXlcDxHbwXAniiQZIazqQ7Bt7jJMFA==",cdn-downstream-fbl;dur=117 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1168,15 +1174,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 995d6494814d695ff2add6899f970080.cloudfront.net (CloudFront) + - 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ZArIC5qamMsF3aoibNFepG1xaGPJrKc--xUJ-1PU4KaMsAoYmTgjLg== + - d7b7dtaldvoi89R7_1QcLfi1sXlcDxHbwXAniiQZIazqQ7Bt7jJMFA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 5f687ccefbc626e6e1ea953f6c9bde34 + - 102dd389f4b48191ccee7d70f7e592a3 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1214,9 +1220,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - e595053c-b189-4782-9308-10a016fd46ee + - 92497721-3601-4757-b662-991ae220795c Atl-Traceid: - - e595053cb1894782930810a016fd46ee + - 9249772136014757b662991ae220795c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1226,7 +1232,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:12 GMT + - Sat, 24 May 2025 10:34:19 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1236,7 +1242,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=323,atl-edge;dur=290,atl-edge-internal;dur=17,atl-edge-upstream;dur=273,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="I-2Jq2Jkp3MAa3ooel-DwmFt5pXvEU0_vdJL4VVxIgOdNBZnwrWa4A==",cdn-downstream-fbl;dur=326 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=294,atl-edge;dur=286,atl-edge-internal;dur=16,atl-edge-upstream;dur=271,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="tZm7fnnNHBwURANHC9vbtUvQ0NnbYVzMilFIpgmErSq2SEJql4-xWA==",cdn-downstream-fbl;dur=298 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1246,18 +1252,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8139bc666c011a53bdc5037ba6d5931e.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - I-2Jq2Jkp3MAa3ooel-DwmFt5pXvEU0_vdJL4VVxIgOdNBZnwrWa4A== + - tZm7fnnNHBwURANHC9vbtUvQ0NnbYVzMilFIpgmErSq2SEJql4-xWA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 59557da26c3c21ec75d3f92fbe2cb409 + - 220c6961a13207e955279a4852e6a083 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1271,16 +1277,18 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/15] in [Security + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/942] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/298] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/298]\n*Defect - Dojo link:* http://localhost:8080/finding/298 (298)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/333]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/333]\n*Defect + Dojo link:* http://localhost:8080/finding/333 (333)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service when @@ -1288,7 +1296,7 @@ interactions: Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* - [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' headers: Accept: - application/json,*/*;q=0.9 @@ -1299,7 +1307,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1945' + - '2139' Content-Type: - application/json User-Agent: @@ -1308,12 +1316,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18241","key":"NTEST-1873","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18241"}' + string: '{"id":"19682","key":"NTEST-3010","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19682"}' headers: Atl-Request-Id: - - 2fa8d22e-31fb-4393-a07b-f062358e19dc + - 36fc3ca4-627b-4514-87af-6e315f7ecd94 Atl-Traceid: - - 2fa8d22e31fb4393a07bf062358e19dc + - 36fc3ca4627b451487af6e315f7ecd94 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1321,7 +1329,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:13 GMT + - Sat, 24 May 2025 10:34:19 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1331,7 +1339,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="27lhmFKSvlzeZ6FxZxE_ojQEDV-IUkcShGkta0w8mLcr-uWwrJvbww==",cdn-downstream-fbl;dur=791,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=70,cdn-upstream-fbl;dur=789,atl-edge;dur=695,atl-edge-internal;dur=16,atl-edge-upstream;dur=679,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=718,atl-edge;dur=710,atl-edge-internal;dur=18,atl-edge-upstream;dur=692,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="e5jzOaIlGrdBdcU73vUfYj4CWjl48JRpvCASag1bQYfTyI1b0Aw2WA==",cdn-downstream-fbl;dur=723 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1341,15 +1349,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 87d6d7b4889aec5ce2bf57d717a99d3c.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 27lhmFKSvlzeZ6FxZxE_ojQEDV-IUkcShGkta0w8mLcr-uWwrJvbww== + - e5jzOaIlGrdBdcU73vUfYj4CWjl48JRpvCASag1bQYfTyI1b0Aw2WA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 9f6ef5c36c4fc8e94ddbaaf3a54f775b + - d90ff33b0696c6726a08bb005743409a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1375,25 +1383,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1873 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3010 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18241","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18241","key":"NTEST-1873","fields":{"statuscategorychangedate":"2025-04-30T18:27:13.285+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19682","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19682","key":"NTEST-3010","fields":{"statuscategorychangedate":"2025-05-24T12:34:19.825+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1873/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:12.994+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t6n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:13.082+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3010/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:19.481+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:19.578+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/15] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/942] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/298] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/298]\n*Defect - Dojo link:* http://localhost:8080/finding/298 (298)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/333]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/333]\n*Defect + Dojo link:* http://localhost:8080/finding/333 (333)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -1402,14 +1412,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1873/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18241/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3010/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19682/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 15a3f501-d393-4dc3-bda1-0e6181bf5425 + - 7db5e839-8cfa-4065-94b2-bd3534b5f0cd Atl-Traceid: - - 15a3f501d3934dc3bda10e6181bf5425 + - 7db5e8398cfa406594b2bd3534b5f0cd Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1419,7 +1429,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:13 GMT + - Sat, 24 May 2025 10:34:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1429,7 +1439,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="E0Bp2n8Lj_mWfw3j__Ud8yqrihLS38N1VTUn1N318Hk8sXzidzAlnw==",cdn-downstream-fbl;dur=409,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=96,cdn-upstream-fbl;dur=406,atl-edge;dur=277,atl-edge-internal;dur=16,atl-edge-upstream;dur=260,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=235,atl-edge;dur=228,atl-edge-internal;dur=16,atl-edge-upstream;dur=212,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="zlEGkA5Qs2rSusheDsvF_kkxGGzJ7E79JpRtWvBk2UTOj7qt7z4iKg==",cdn-downstream-fbl;dur=238 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1439,15 +1449,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c7697b9c4955dc41900ab918dddd33e0.cloudfront.net (CloudFront) + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - E0Bp2n8Lj_mWfw3j__Ud8yqrihLS38N1VTUn1N318Hk8sXzidzAlnw== + - zlEGkA5Qs2rSusheDsvF_kkxGGzJ7E79JpRtWvBk2UTOj7qt7z4iKg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 8f50900a67b41e788eaae12b968ea417 + - e8cdbb5592ac08a9868fc6adcab1d4a4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1473,25 +1483,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18241 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19682 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18241","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18241","key":"NTEST-1873","fields":{"statuscategorychangedate":"2025-04-30T18:27:13.285+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19682","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19682","key":"NTEST-3010","fields":{"statuscategorychangedate":"2025-05-24T12:34:19.825+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1873/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:12.994+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t6n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:13.082+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3010/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:19.481+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:19.578+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/15] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/942] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/298] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/298]\n*Defect - Dojo link:* http://localhost:8080/finding/298 (298)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/333]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/333]\n*Defect + Dojo link:* http://localhost:8080/finding/333 (333)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -1500,14 +1512,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1873/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18241/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3010/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19682/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - b561eebf-c920-4660-9a78-c25abf35b855 + - 635a2fce-cd7c-44c2-854d-c54021142d7a Atl-Traceid: - - b561eebfc92046609a78c25abf35b855 + - 635a2fcecd7c44c2854dc54021142d7a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1517,7 +1529,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:14 GMT + - Sat, 24 May 2025 10:34:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1527,7 +1539,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="w8wY7HZvCJfs21GjZvzMsi2TC5qafGFKFyUk9MwXtPdkK3pLSRYuxQ==",cdn-downstream-fbl;dur=352,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=349,atl-edge;dur=276,atl-edge-internal;dur=16,atl-edge-upstream;dur=260,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=239,atl-edge;dur=231,atl-edge-internal;dur=16,atl-edge-upstream;dur=214,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Xd7rkkArLCYaYHEz4HTjVEiMxP4OyV_GIapl0wwzJCAtJoPshGGvCQ==",cdn-downstream-fbl;dur=244 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1537,15 +1549,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a9a3eef6ee6df44793fb3d5e366a7238.cloudfront.net (CloudFront) + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - w8wY7HZvCJfs21GjZvzMsi2TC5qafGFKFyUk9MwXtPdkK3pLSRYuxQ== + - Xd7rkkArLCYaYHEz4HTjVEiMxP4OyV_GIapl0wwzJCAtJoPshGGvCQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 263bd2f59d960d466cf5fc92410bbe78 + - e37482e13e7c3e47e072b3356552e2dc X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1558,14 +1570,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, - "url_ui": "http://localhost:8080/test/112", "url_api": "http://localhost:8080/api/v2/tests/112/", + "url_ui": "http://localhost:8080/test/119", "url_api": "http://localhost:8080/api/v2/tests/119/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 112, "url_ui": "http://localhost:8080/test/112", "url_api": "http://localhost:8080/api/v2/tests/112/"}}' + 119, "url_ui": "http://localhost:8080/test/119", "url_api": "http://localhost:8080/api/v2/tests/119/"}}' headers: Accept: - application/json @@ -1580,7 +1592,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -1594,22 +1606,22 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"849\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:59800\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:49760\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/112\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/112/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/119\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/119/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 112, \\\"url_ui\\\": \\\"http://localhost:8080/test/112\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/112/\\\"}}\",\n \"files\": + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 119, \\\"url_ui\\\": \\\"http://localhost:8080/test/119\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/119/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -1619,11 +1631,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 112,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/112/\",\n - \ \"url_ui\": \"http://localhost:8080/test/112\"\n },\n \"title\": + 119,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/119/\",\n + \ \"url_ui\": \"http://localhost:8080/test/119\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/112/\",\n \"url_ui\": - \"http://localhost:8080/test/112\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/119/\",\n \"url_ui\": + \"http://localhost:8080/test/119\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -1632,7 +1644,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:27:14 GMT + - Sat, 24 May 2025 10:34:19 GMT Transfer-Encoding: - chunked status: @@ -1641,32 +1653,33 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": - null, "url_ui": "http://localhost:8080/test/112", "url_api": "http://localhost:8080/api/v2/tests/112/", + null, "url_ui": "http://localhost:8080/test/119", "url_api": "http://localhost:8080/api/v2/tests/119/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 112, "url_ui": "http://localhost:8080/test/112", "url_api": "http://localhost:8080/api/v2/tests/112/"}, - "finding_count": 5, "findings": {"new": [{"id": 295, "title": "Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/295", - "url_api": "http://localhost:8080/api/v2/findings/295/"}, {"id": 296, "title": - "2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": - "High", "url_ui": "http://localhost:8080/finding/296", "url_api": "http://localhost:8080/api/v2/findings/296/"}, - {"id": 297, "title": "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 - || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 - || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 - || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/297", - "url_api": "http://localhost:8080/api/v2/findings/297/"}, {"id": 298, "title": - "Regular Expression Denial of Service - (Fresh, < 0.5.2)", "severity": "High", - "url_ui": "http://localhost:8080/finding/298", "url_api": "http://localhost:8080/api/v2/findings/298/"}, - {"id": 299, "title": "2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 - < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 - < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/299", - "url_api": "http://localhost:8080/api/v2/findings/299/"}], "reactivated": [], - "mitigated": [], "untouched": []}}' + 119, "url_ui": "http://localhost:8080/test/119", "url_api": "http://localhost:8080/api/v2/tests/119/"}, + "finding_count": 5, "findings": {"new": [{"id": 331, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/331", + "url_api": "http://localhost:8080/api/v2/findings/331/"}, {"id": 332, "title": + "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 + || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "High", "url_ui": "http://localhost:8080/finding/332", "url_api": + "http://localhost:8080/api/v2/findings/332/"}, {"id": 330, "title": "Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", + "url_ui": "http://localhost:8080/finding/330", "url_api": "http://localhost:8080/api/v2/findings/330/"}, + {"id": 333, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/333", "url_api": + "http://localhost:8080/api/v2/findings/333/"}, {"id": 334, "title": "2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= + 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || + >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/334", "url_api": + "http://localhost:8080/api/v2/findings/334/"}], "reactivated": [], "mitigated": + [], "untouched": []}}' headers: Accept: - application/json @@ -1677,11 +1690,11 @@ interactions: Connection: - keep-alive Content-Length: - - '2372' + - '2378' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -1693,84 +1706,84 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"2372\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"2378\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:59802\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:49770\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", - \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/112\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/112/\\\", \\\"product_type\\\": + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/119\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/119/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 112, \\\"url_ui\\\": \\\"http://localhost:8080/test/112\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/112/\\\"}, \\\"finding_count\\\": - 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 295, \\\"title\\\": \\\"Regular + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 119, \\\"url_ui\\\": \\\"http://localhost:8080/test/119\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/119/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 331, \\\"title\\\": \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/295\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/295/\\\"}, {\\\"id\\\": 296, \\\"title\\\": - \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", - \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/296\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/296/\\\"}, {\\\"id\\\": - 297, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/297\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/297/\\\"}, {\\\"id\\\": 298, \\\"title\\\": - \\\"Regular Expression Denial of Service - (Fresh, < 0.5.2)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/298\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/298/\\\"}, {\\\"id\\\": 299, \\\"title\\\": - \\\"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/331\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/331/\\\"}, {\\\"id\\\": 332, \\\"title\\\": + \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/299\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/299/\\\"}], - \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n - \ \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event - scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": - \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \\\"http://localhost:8080/finding/332\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/332/\\\"}, + {\\\"id\\\": 330, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/330\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/330/\\\"}, + {\\\"id\\\": 333, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/333\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/333/\\\"}, + {\\\"id\\\": 334, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/334\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/334/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 295,\n \"severity\": \"High\",\n \"title\": + \ \"id\": 331,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/331/\",\n \"url_ui\": \"http://localhost:8080/finding/331\"\n + \ },\n {\n \"id\": 332,\n \"severity\": \"High\",\n + \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < + 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 + < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/332/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/332\"\n },\n + \ {\n \"id\": 330,\n \"severity\": \"Medium\",\n \"title\": \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/295/\",\n \"url_ui\": \"http://localhost:8080/finding/295\"\n - \ },\n {\n \"id\": 296,\n \"severity\": \"High\",\n - \ \"title\": \"2222Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/296/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/296\"\n },\n - \ {\n \"id\": 297,\n \"severity\": \"High\",\n \"title\": - \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < - 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 - < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= - 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/297/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/297\"\n },\n - \ {\n \"id\": 298,\n \"severity\": \"High\",\n \"title\": - \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/298/\",\n \"url_ui\": \"http://localhost:8080/finding/298\"\n - \ },\n {\n \"id\": 299,\n \"severity\": \"High\",\n - \ \"title\": \"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/299/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/299\"\n }\n ],\n + \"http://localhost:8080/api/v2/findings/330/\",\n \"url_ui\": \"http://localhost:8080/finding/330\"\n + \ },\n {\n \"id\": 333,\n \"severity\": \"Medium\",\n + \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/333/\",\n \"url_ui\": + \"http://localhost:8080/finding/333\"\n },\n {\n \"id\": + 334,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/334/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/334\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 112,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/112/\",\n - \ \"url_ui\": \"http://localhost:8080/test/112\"\n },\n \"title\": + 119,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/119/\",\n + \ \"url_ui\": \"http://localhost:8080/test/119\"\n },\n \"title\": \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: - NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/112/\",\n - \ \"url_ui\": \"http://localhost:8080/test/112\",\n \"user\": null\n + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/119/\",\n + \ \"url_ui\": \"http://localhost:8080/test/119\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1780,7 +1793,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:27:14 GMT + - Sat, 24 May 2025 10:34:19 GMT Transfer-Encoding: - chunked status: @@ -1805,12 +1818,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:14.845+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:20.828+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 382c3606-5b0c-4b63-87ca-d94d703ab485 + - 6a09aed0-835e-4aa0-a99c-fbd046a9af5d Atl-Traceid: - - 382c36065b0c4b6387cad94d703ab485 + - 6a09aed0835e4aa0a99cfbd046a9af5d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1820,7 +1833,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:14 GMT + - Sat, 24 May 2025 10:34:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1830,7 +1843,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=236,atl-edge;dur=150,atl-edge-internal;dur=18,atl-edge-upstream;dur=132,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="IcJUDto9OkRn4-LosCwKtIQ8TYGsd7epzYM7yqX9PrbtYLUgMWPR9g==",cdn-downstream-fbl;dur=240 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="irJfEAhbTTHsGtVk6r9zk8NAwTmHGXS3wKTtBg-64xR-A74VoUpHLA==",cdn-downstream-fbl;dur=146,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=143,atl-edge;dur=111,atl-edge-internal;dur=15,atl-edge-upstream;dur=97,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1840,15 +1853,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 87d6d7b4889aec5ce2bf57d717a99d3c.cloudfront.net (CloudFront) + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - IcJUDto9OkRn4-LosCwKtIQ8TYGsd7epzYM7yqX9PrbtYLUgMWPR9g== + - irJfEAhbTTHsGtVk6r9zk8NAwTmHGXS3wKTtBg-64xR-A74VoUpHLA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - c8986911d728c8386da25e3e958f57da + - 2203eb39c48e44b344779e778cf81019 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1874,28 +1887,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18237 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19680 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18237","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18237","key":"NTEST-1871","fields":{"statuscategorychangedate":"2025-04-30T18:27:07.952+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19680","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19680","key":"NTEST-3008","fields":{"statuscategorychangedate":"2025-05-24T12:34:15.654+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1871/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:07.681+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t67:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:07.763+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3008/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:15.295+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:15.382+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/13] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/940] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/296] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/331]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/296]\n*Defect Dojo link:* http://localhost:8080/finding/296 - (296)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/331]\n*Defect Dojo link:* http://localhost:8080/finding/331 + (331)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1905,9 +1919,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295]\n*Defect - Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]\n*Defect + Dojo link:* http://localhost:8080/finding/330 (330)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1917,14 +1931,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1871/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18237/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3008/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19680/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 3cd06cc0-7589-46db-99ed-f0db827a22f5 + - c6e50b49-ca0b-4cae-972d-b41989b2f90b Atl-Traceid: - - 3cd06cc0758946db99edf0db827a22f5 + - c6e50b49ca0b4cae972db41989b2f90b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1934,7 +1948,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:15 GMT + - Sat, 24 May 2025 10:34:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1944,7 +1958,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=311,atl-edge;dur=279,atl-edge-internal;dur=16,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="KNVBiwVNKuOUwuQ_rV0Y8sti0SE0SzCmPGUl9uqzxgDFpkN4T6v3GA==",cdn-downstream-fbl;dur=315 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=237,atl-edge;dur=229,atl-edge-internal;dur=16,atl-edge-upstream;dur=213,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="HjTop3NWhevnd2CyR_hJlfJRAY_NU_yk9IIzsSfCKzR3QxrtXlkeWA==",cdn-downstream-fbl;dur=240 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1954,15 +1968,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5ea7f8bcbac3004590a821cdd0466e1c.cloudfront.net (CloudFront) + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - KNVBiwVNKuOUwuQ_rV0Y8sti0SE0SzCmPGUl9uqzxgDFpkN4T6v3GA== + - HjTop3NWhevnd2CyR_hJlfJRAY_NU_yk9IIzsSfCKzR3QxrtXlkeWA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 3df13d041090b39107dd85d005d49720 + - 77a0114cdda893246adc34b9a4e4eda4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1991,12 +2005,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:15.661+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:21.380+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 98d77342-ed77-484b-bd75-fddc1471ccbd + - ab568798-739d-497c-9adf-60b026ae4455 Atl-Traceid: - - 98d77342ed77484bbd75fddc1471ccbd + - ab568798739d497c9adf60b026ae4455 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2006,7 +2020,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:15 GMT + - Sat, 24 May 2025 10:34:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2016,7 +2030,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=193,atl-edge;dur=160,atl-edge-internal;dur=14,atl-edge-upstream;dur=147,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="qPYMjd-1ux8z75PiqbMXhVDbBuFmpO6BT9KsWTOoFz4wrXyT7ODBAA==",cdn-downstream-fbl;dur=198 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=165,atl-edge;dur=158,atl-edge-internal;dur=14,atl-edge-upstream;dur=143,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="GMkTX1_4JreD2N7ITRLBaQ6RT_X7hby4gb-xEEz66IH-IH6sT4NerQ==",cdn-downstream-fbl;dur=169 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2026,15 +2040,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b3ac893abff0a2c3dda216fe4cd9157a.cloudfront.net (CloudFront) + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - qPYMjd-1ux8z75PiqbMXhVDbBuFmpO6BT9KsWTOoFz4wrXyT7ODBAA== + - GMkTX1_4JreD2N7ITRLBaQ6RT_X7hby4gb-xEEz66IH-IH6sT4NerQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 7d69d2d71205a901570fda2144c44746 + - 904523a28f5ee8421a6f5869336bd80b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2060,39 +2074,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18239 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19681 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18239","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18239","key":"NTEST-1872","fields":{"statuscategorychangedate":"2025-04-30T18:27:10.705+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19681","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19681","key":"NTEST-3009","fields":{"statuscategorychangedate":"2025-05-24T12:34:17.728+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1872/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:10.389+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t6f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:10.491+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3009/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:17.372+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:17.481+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/14] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/941] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/297] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299]\n*Defect - Dojo link:* http://localhost:8080/finding/299 (299)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]\n*Defect + Dojo link:* http://localhost:8080/finding/332 (332)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -2115,16 +2130,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/297]\n*Defect Dojo link:* - http://localhost:8080/finding/297 (297)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]\n*Defect + Dojo link:* http://localhost:8080/finding/334 (334)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -2147,16 +2162,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1872/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18239/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3009/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19681/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - b3e34215-ec6b-4e40-9a66-063178074cf5 + - 4f739cc8-de09-4229-9937-cad234c0308e Atl-Traceid: - - b3e34215ec6b4e409a66063178074cf5 + - 4f739cc8de0942299937cad234c0308e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2166,7 +2181,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:16 GMT + - Sat, 24 May 2025 10:34:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2176,7 +2191,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="IER3DkjJ4ycT8laFtfE443lSrtS31H6Bs6TdREc5wx5vFeHvTExKhw==",cdn-downstream-fbl;dur=370,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=367,atl-edge;dur=281,atl-edge-internal;dur=20,atl-edge-upstream;dur=261,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=242,atl-edge;dur=235,atl-edge-internal;dur=15,atl-edge-upstream;dur=219,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="rH8O2XAYpexfLs8cZEnxKHytOZ-G8-QoK1bwQ4528l1nhxfGRI0aDQ==",cdn-downstream-fbl;dur=246 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2186,15 +2201,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 35f3ad5aa26e63a13ffedf420998e698.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - IER3DkjJ4ycT8laFtfE443lSrtS31H6Bs6TdREc5wx5vFeHvTExKhw== + - rH8O2XAYpexfLs8cZEnxKHytOZ-G8-QoK1bwQ4528l1nhxfGRI0aDQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 1882ee5d9b0c29a7df092a8c45bd6e87 + - 28f900d01c2b504ccd88f8044a91459d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2223,12 +2238,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:16.483+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:21.903+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 9b0312d4-900c-46c3-9f17-601183a97215 + - bec5033b-1e94-475c-8591-8f63cf732b97 Atl-Traceid: - - 9b0312d4900c46c39f17601183a97215 + - bec5033b1e94475c85918f63cf732b97 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2238,7 +2253,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:16 GMT + - Sat, 24 May 2025 10:34:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2248,7 +2263,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="XW8ZfMs8OOJW4BuIHUzZ6XZc5syuxAb_GlOSAtIxD1Yz6l-v5-zViw==",cdn-downstream-fbl;dur=229,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=227,atl-edge;dur=138,atl-edge-internal;dur=13,atl-edge-upstream;dur=125,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=117,atl-edge;dur=109,atl-edge-internal;dur=15,atl-edge-upstream;dur=94,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="KEzpOxdSY6jzj_orylebodzY9u1PaIKe3FeoP00HnJhDimaS0upRZQ==",cdn-downstream-fbl;dur=121 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2258,15 +2273,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c80d7d73c19744418338fdf12216d306.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - XW8ZfMs8OOJW4BuIHUzZ6XZc5syuxAb_GlOSAtIxD1Yz6l-v5-zViw== + - KEzpOxdSY6jzj_orylebodzY9u1PaIKe3FeoP00HnJhDimaS0upRZQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 467405bde6bb74b72e296e7f81dc7958 + - fcf694c025e31f024e074c311c7a4763 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2292,41 +2307,104 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18241 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19681 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18241","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18241","key":"NTEST-1873","fields":{"statuscategorychangedate":"2025-04-30T18:27:13.285+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19681","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19681","key":"NTEST-3009","fields":{"statuscategorychangedate":"2025-05-24T12:34:17.728+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1873/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:12.994+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t6n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:13.082+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3009/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:17.372+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:17.481+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/15] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/941] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/298] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/298]\n*Defect - Dojo link:* http://localhost:8080/finding/298 (298)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source - File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected - versions of `fresh` are vulnerable to regular expression denial of service - when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable - Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n - CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 - or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]\n*Defect + Dojo link:* http://localhost:8080/finding/332 (332)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]\n*Defect + Dojo link:* http://localhost:8080/finding/334 (334)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1873/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18241/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3009/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19681/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 6b286c97-9726-48ee-97c5-e892bf56fb0f + - 69a3b2b2-21c3-491d-9bad-c571c859a88b Atl-Traceid: - - 6b286c97972648ee97c5e892bf56fb0f + - 69a3b2b221c3491d9badc571c859a88b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2336,7 +2414,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:16 GMT + - Sat, 24 May 2025 10:34:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2346,7 +2424,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=283,atl-edge;dur=250,atl-edge-internal;dur=16,atl-edge-upstream;dur=234,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="hlI1DyJcBukiItVrqHMP8wGyQBK9TbYVC92lE2Vu5_YSyqanBqQLKQ==",cdn-downstream-fbl;dur=287 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=239,atl-edge;dur=231,atl-edge-internal;dur=16,atl-edge-upstream;dur=215,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ne60721vjJnFuiaqQELlFHMsWJj_hjbsgo7SV4jOPbSE33uGSMGkbg==",cdn-downstream-fbl;dur=243 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2356,15 +2434,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 535c2b5354e6ba6798fd64420ee97a2c.cloudfront.net (CloudFront) + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - hlI1DyJcBukiItVrqHMP8wGyQBK9TbYVC92lE2Vu5_YSyqanBqQLKQ== + - ne60721vjJnFuiaqQELlFHMsWJj_hjbsgo7SV4jOPbSE33uGSMGkbg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 2453cbbf73f38771c1a25151c73a90c4 + - e1d1413e9428254bfbb025f62d538768 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2393,12 +2471,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:17.139+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:22.389+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 88b7f058-44c5-4647-a355-16126b8d464e + - d9922f17-27f6-43ba-b0ba-b08c0b2fc1c6 Atl-Traceid: - - 88b7f05844c54647a35516126b8d464e + - d9922f1727f643bab0bab08c0b2fc1c6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2408,7 +2486,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:17 GMT + - Sat, 24 May 2025 10:34:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2418,7 +2496,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=186,atl-edge;dur=153,atl-edge-internal;dur=13,atl-edge-upstream;dur=141,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="k0waTFgVJWJuNYgtRHg1d7ufGZlDGGSD3TBLFxmquTC3K4k1ZL5BMA==",cdn-downstream-fbl;dur=189 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=109,atl-edge;dur=102,atl-edge-internal;dur=15,atl-edge-upstream;dur=87,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="0rnRWi1YfXkzBcgtK_RL1jZXJ9h8SZI7Ej5DaBpv8n9aydfckOprNQ==",cdn-downstream-fbl;dur=113 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2428,15 +2506,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 71ab92edd02bc8ec941d842529d753d0.cloudfront.net (CloudFront) + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - k0waTFgVJWJuNYgtRHg1d7ufGZlDGGSD3TBLFxmquTC3K4k1ZL5BMA== + - 0rnRWi1YfXkzBcgtK_RL1jZXJ9h8SZI7Ej5DaBpv8n9aydfckOprNQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - d9c5eabe4f49478c1dc921bb650f37a9 + - 8db64462e8a201c3e59f0e2bf0780436 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2462,57 +2540,43 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18237 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19682 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18237","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18237","key":"NTEST-1871","fields":{"statuscategorychangedate":"2025-04-30T18:27:07.952+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19682","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19682","key":"NTEST-3010","fields":{"statuscategorychangedate":"2025-05-24T12:34:19.825+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1871/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:07.681+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t67:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:07.763+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3010/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:19.481+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:19.578+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/13] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/942] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/296] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/296]\n*Defect Dojo link:* http://localhost:8080/finding/296 - (296)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] - \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source - File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` - header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= - 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 - or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295]\n*Defect - Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source - File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` - header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= - 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 - or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/333]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/333]\n*Defect + Dojo link:* http://localhost:8080/finding/333 (333)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service + when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1871/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18237/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3010/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19682/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 3b8476f9-278e-4841-8a22-29760e92603a + - 207d65f6-8c2a-4c5b-b520-c010e78de0fe Atl-Traceid: - - 3b8476f9278e48418a2229760e92603a + - 207d65f68c2a4c5bb520c010e78de0fe Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2522,7 +2586,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:17 GMT + - Sat, 24 May 2025 10:34:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2532,7 +2596,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=270,atl-edge;dur=237,atl-edge-internal;dur=17,atl-edge-upstream;dur=220,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="56L_LuHKqS3g61WDaIrM3LaiMXEfVjezYlAJfmnABWtyUIkDAFV5mg==",cdn-downstream-fbl;dur=274 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=235,atl-edge;dur=228,atl-edge-internal;dur=15,atl-edge-upstream;dur=213,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="xv85aUlpI89PgfXWeCgu0FF83O1rFbflFtPqyKgXAJ1U54Yyf_z3nA==",cdn-downstream-fbl;dur=240 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2542,15 +2606,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 895116b5366f3f5264f7b6361d3fd564.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 56L_LuHKqS3g61WDaIrM3LaiMXEfVjezYlAJfmnABWtyUIkDAFV5mg== + - xv85aUlpI89PgfXWeCgu0FF83O1rFbflFtPqyKgXAJ1U54Yyf_z3nA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 88f65248912853bac5d8ebe3439a8b38 + - 38c77c7dd24e7c43e203bb9ad70497e0 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2579,12 +2643,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:17.943+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:22.915+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 8e7cd073-2e82-4005-810e-d18303b60db4 + - 21942e0c-e518-43bb-b16f-0ba1ab451078 Atl-Traceid: - - 8e7cd0732e824005810ed18303b60db4 + - 21942e0ce51843bbb16f0ba1ab451078 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2594,7 +2658,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:17 GMT + - Sat, 24 May 2025 10:34:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2604,7 +2668,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=18,cdn-upstream-fbl;dur=233,atl-edge;dur=160,atl-edge-internal;dur=14,atl-edge-upstream;dur=146,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="BFWvDxDEvPh9sGnsFwCr_eyi077laEGV3dfBBhiZw0NxMAbqjjnNag==",cdn-downstream-fbl;dur=237 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=114,atl-edge;dur=106,atl-edge-internal;dur=14,atl-edge-upstream;dur=93,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="wHepNzEGTa-bmbRPBDgX1i4K-149QZ8VfHlpiQEyM_dTNIQ6RE5E6A==",cdn-downstream-fbl;dur=120 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2614,15 +2678,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 471c951325b4c2c11c6c583a1d28e92a.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - BFWvDxDEvPh9sGnsFwCr_eyi077laEGV3dfBBhiZw0NxMAbqjjnNag== + - wHepNzEGTa-bmbRPBDgX1i4K-149QZ8VfHlpiQEyM_dTNIQ6RE5E6A== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 0148bafb821dfec54187a9e6b8bfebf0 + - d992f4d958208011d0a4d64ad9692d1b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2648,103 +2712,58 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18239 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19680 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18239","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18239","key":"NTEST-1872","fields":{"statuscategorychangedate":"2025-04-30T18:27:10.705+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19680","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19680","key":"NTEST-3008","fields":{"statuscategorychangedate":"2025-05-24T12:34:15.654+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1872/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:10.389+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t6f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:10.491+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3008/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:15.295+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:15.382+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/14] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/940] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/297] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299]\n*Defect - Dojo link:* http://localhost:8080/finding/299 (299)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs - when the remote database or query specifies a crafted column name. \n\nThere - are two specific scenarios in which it is likely for an application to be - vulnerable:\n1. The application executes unsafe, user-supplied sql which contains - malicious column names.\n2. The application connects to an untrusted database - and executes a query returning results which contain a malicious column name.\n\n## - Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = - new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 - AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < - 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 - < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched - Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= - 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable - Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* - Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update - to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* - Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update - to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are - also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/297]\n*Defect Dojo link:* - http://localhost:8080/finding/297 (297)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs - when the remote database or query specifies a crafted column name. \n\nThere - are two specific scenarios in which it is likely for an application to be - vulnerable:\n1. The application executes unsafe, user-supplied sql which contains - malicious column names.\n2. The application connects to an untrusted database - and executes a query returning results which contain a malicious column name.\n\n## - Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = - new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 - AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < - 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 - < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched - Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= - 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable - Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* - Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update - to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* - Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update - to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are - also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/331]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/331]\n*Defect Dojo link:* http://localhost:8080/finding/331 + (331)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]\n*Defect + Dojo link:* http://localhost:8080/finding/330 (330)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1872/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18239/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3008/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19680/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 0f728370-3b4e-411b-b532-e59c6ec7b071 + - a70e7d80-e4aa-4202-bd01-c2b3e9c03105 Atl-Traceid: - - 0f7283703b4e411bb532e59c6ec7b071 + - a70e7d80e4aa4202bd01c2b3e9c03105 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2754,7 +2773,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:18 GMT + - Sat, 24 May 2025 10:34:23 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2764,7 +2783,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=269,atl-edge;dur=236,atl-edge-internal;dur=23,atl-edge-upstream;dur=213,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="QwZBFrhG_fo2pmdx-nbVzOrmOGbM2XX1wgZvDi3M3c5g9vBjJaKrEg==",cdn-downstream-fbl;dur=273 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=243,atl-edge;dur=234,atl-edge-internal;dur=17,atl-edge-upstream;dur=218,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="GkdcapMxzXqEtPyVI9NzAZVQrV-_-WeApke4ngORLPfk7U6oiLoOaw==",cdn-downstream-fbl;dur=246 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2774,15 +2793,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 9835af751c15612a813bbc131d2ce1e6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - QwZBFrhG_fo2pmdx-nbVzOrmOGbM2XX1wgZvDi3M3c5g9vBjJaKrEg== + - GkdcapMxzXqEtPyVI9NzAZVQrV-_-WeApke4ngORLPfk7U6oiLoOaw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c9c14e3a3372b643780f8b2934d12e89 + - 387912c255523d67ac1f71016108ae6c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2811,12 +2830,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:18.773+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:23.569+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 26e9a737-6ff4-4068-b159-66a459ba6c4f + - e111ebe7-9d14-4bc8-9c6f-160159a33b67 Atl-Traceid: - - 26e9a7376ff44068b15966a459ba6c4f + - e111ebe79d144bc89c6f160159a33b67 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2826,7 +2845,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:18 GMT + - Sat, 24 May 2025 10:34:23 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2836,7 +2855,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="7w_JXsRUOSRWVZwo0a9md1o-12wKYI-Jn4jzOyZnWgFF_G8jE-VgAA==",cdn-downstream-fbl;dur=264,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=73,cdn-upstream-fbl;dur=262,atl-edge;dur=163,atl-edge-internal;dur=15,atl-edge-upstream;dur=149,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=111,atl-edge;dur=103,atl-edge-internal;dur=16,atl-edge-upstream;dur=88,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Ha9pnpQR-r5h0uA7eFJ1CrzgPdxOyWvhFns-oLy8Z-nIMDh-8-ZmEQ==",cdn-downstream-fbl;dur=114 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2846,15 +2865,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f82a4020c8fc9b14a403737c65661074.cloudfront.net (CloudFront) + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 7w_JXsRUOSRWVZwo0a9md1o-12wKYI-Jn4jzOyZnWgFF_G8jE-VgAA== + - Ha9pnpQR-r5h0uA7eFJ1CrzgPdxOyWvhFns-oLy8Z-nIMDh-8-ZmEQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 823df7f5cdbfd608825aa35fcb96ee9c + - 9d7e42b13c39ed7b83ccd51c719d9033 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2880,28 +2899,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18237 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19680 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18237","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18237","key":"NTEST-1871","fields":{"statuscategorychangedate":"2025-04-30T18:27:07.952+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19680","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19680","key":"NTEST-3008","fields":{"statuscategorychangedate":"2025-05-24T12:34:15.654+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1871/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:07.681+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t67:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:07.763+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3008/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:15.295+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:15.382+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/13] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/940] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/296] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/331]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/296]\n*Defect Dojo link:* http://localhost:8080/finding/296 - (296)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/331]\n*Defect Dojo link:* http://localhost:8080/finding/331 + (331)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2911,9 +2931,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295]\n*Defect - Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]\n*Defect + Dojo link:* http://localhost:8080/finding/330 (330)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2923,14 +2943,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1871/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18237/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3008/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19680/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - b77beb98-6eb6-46a4-9168-7d5c2f0adb67 + - 636c35bd-77a9-4434-a114-5c40a12868f2 Atl-Traceid: - - b77beb986eb646a491687d5c2f0adb67 + - 636c35bd77a94434a1145c40a12868f2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2940,7 +2960,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:19 GMT + - Sat, 24 May 2025 10:34:23 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2950,7 +2970,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=353,atl-edge;dur=320,atl-edge-internal;dur=15,atl-edge-upstream;dur=306,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="CpxIcnIddJ05q2ZdTlm0xaCTw8abcRunQC5ryzuEM9yB9hbb8St5kw==",cdn-downstream-fbl;dur=377 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=321,atl-edge;dur=313,atl-edge-internal;dur=17,atl-edge-upstream;dur=296,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="eNUlDn0eYKFBs6VxOm9UMkhOQpUzJWEYomFX1jL-JXfp_S9cEdIAug==",cdn-downstream-fbl;dur=325 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2960,15 +2980,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 22067fb5d7eb764108747a104222f50a.cloudfront.net (CloudFront) + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - CpxIcnIddJ05q2ZdTlm0xaCTw8abcRunQC5ryzuEM9yB9hbb8St5kw== + - eNUlDn0eYKFBs6VxOm9UMkhOQpUzJWEYomFX1jL-JXfp_S9cEdIAug== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 260a5e105fa6a6223399c7268c8a5a83 + - 2f80e82bc2c7e640ff35e2c2d4b5ca53 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3006,9 +3026,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 02a06098-5469-45d9-ae8f-8cca5e810651 + - 8ffab282-8f24-42d3-a1bb-b3896a471bd0 Atl-Traceid: - - 02a06098546945d9ae8f8cca5e810651 + - 8ffab2828f2442d3a1bbb3896a471bd0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3018,7 +3038,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:19 GMT + - Sat, 24 May 2025 10:34:24 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3028,7 +3048,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="I4N5lnnND8e60zU36QmGTbRbhNiZ2OM_ks8_y6J9YmpDkwuzl6WhDQ==",cdn-downstream-fbl;dur=562,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=59,cdn-upstream-fbl;dur=559,atl-edge;dur=477,atl-edge-internal;dur=17,atl-edge-upstream;dur=458,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=288,atl-edge;dur=281,atl-edge-internal;dur=18,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="pVT06-0UlYmSTF-T_ZAxuILgqORryOupUSGZK3TqCdtHjV2zHMHUzg==",cdn-downstream-fbl;dur=292 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3038,18 +3058,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 471c951325b4c2c11c6c583a1d28e92a.cloudfront.net (CloudFront) + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - I4N5lnnND8e60zU36QmGTbRbhNiZ2OM_ks8_y6J9YmpDkwuzl6WhDQ== + - pVT06-0UlYmSTF-T_ZAxuILgqORryOupUSGZK3TqCdtHjV2zHMHUzg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 49e72c2223cdd596591c510a666ded12 + - 56071ed56e1b06d3c3d97167216e8443 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3063,19 +3083,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/13] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/940] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/296] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/331]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/296]\n*Defect Dojo link:* http://localhost:8080/finding/296 - (296)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/331]\n*Defect Dojo link:* http://localhost:8080/finding/331 + (331)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3085,9 +3106,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295]\n*Defect - Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]\n*Defect + Dojo link:* http://localhost:8080/finding/330 (330)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3096,7 +3117,7 @@ interactions: Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -3107,21 +3128,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3318' + - '3525' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18237 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19680 response: body: string: '' headers: Atl-Request-Id: - - e30ad935-41e6-4596-8660-93b7fa467a7a + - 01d1e45f-ccab-437f-b746-1b46df03f5b7 Atl-Traceid: - - e30ad93541e64596866093b7fa467a7a + - 01d1e45fccab437fb7461b46df03f5b7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3129,7 +3150,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:20 GMT + - Sat, 24 May 2025 10:34:24 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3139,7 +3160,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="p2KD9DxP579KSVzRqYNU0MZbJpLQ-4d47uSgIIa-WBLKGwu14E9nPw==",cdn-downstream-fbl;dur=424,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=97,cdn-upstream-fbl;dur=421,atl-edge;dur=290,atl-edge-internal;dur=22,atl-edge-upstream;dur=267,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=314,atl-edge;dur=306,atl-edge-internal;dur=15,atl-edge-upstream;dur=291,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="JCbTU_phsJVmownzIq9i-4BzCWhLnRjCOVeKedobTbVQAVlKt3ChkA==",cdn-downstream-fbl;dur=318 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3147,15 +3168,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9dbecd95f02024b36225d6b521598db6.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - p2KD9DxP579KSVzRqYNU0MZbJpLQ-4d47uSgIIa-WBLKGwu14E9nPw== + - JCbTU_phsJVmownzIq9i-4BzCWhLnRjCOVeKedobTbVQAVlKt3ChkA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - b65a3bcd8fa3767ea5b42bc63a051635 + - 6bea12c85508d301a6852952f3bfcc75 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3181,28 +3202,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18237 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19680 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18237","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18237","key":"NTEST-1871","fields":{"statuscategorychangedate":"2025-04-30T18:27:07.952+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19680","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19680","key":"NTEST-3008","fields":{"statuscategorychangedate":"2025-05-24T12:34:15.654+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1871/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:07.681+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t67:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:07.763+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3008/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:15.295+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:15.382+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/13] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/940] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/296] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/331]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/296]\n*Defect Dojo link:* http://localhost:8080/finding/296 - (296)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/331]\n*Defect Dojo link:* http://localhost:8080/finding/331 + (331)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3212,9 +3234,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295]\n*Defect - Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]\n*Defect + Dojo link:* http://localhost:8080/finding/330 (330)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3224,14 +3246,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1871/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18237/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3008/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19680/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - d1433816-c868-41be-a2cf-93e40b170a4d + - 66b4a1cd-863f-4f62-8665-3eee5cdb131d Atl-Traceid: - - d1433816c86841bea2cf93e40b170a4d + - 66b4a1cd863f4f6286653eee5cdb131d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3241,7 +3263,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:21 GMT + - Sat, 24 May 2025 10:34:25 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3251,7 +3273,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=282,atl-edge;dur=248,atl-edge-internal;dur=16,atl-edge-upstream;dur=233,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="uhmOPzWG-KH9yzfXFX8MXz-DktnAmhkuzkAupqHsklnqzxw2NU4_yQ==",cdn-downstream-fbl;dur=287 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=246,atl-edge;dur=238,atl-edge-internal;dur=16,atl-edge-upstream;dur=223,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="RZS0GZwgr3gswOV_1Ng8XIPFn7aeFY0Z1kvF9_fzGyKY0Uc6sPGLYg==",cdn-downstream-fbl;dur=250 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3261,15 +3283,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 73e04d645babcbb9ee8f20cc865b009c.cloudfront.net (CloudFront) + - 1.1 f5d6b2021b5a22554c0e7f5b20207324.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - uhmOPzWG-KH9yzfXFX8MXz-DktnAmhkuzkAupqHsklnqzxw2NU4_yQ== + - RZS0GZwgr3gswOV_1Ng8XIPFn7aeFY0Z1kvF9_fzGyKY0Uc6sPGLYg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 2af0cb7fc8819465cc64c3eb5b878cb6 + - 0d07bd73d2cad840c5b3d4124242d069 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3298,12 +3320,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:21.504+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:25.296+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 8e30a877-ce63-4817-b008-00e98799dfde + - b10a23d8-3107-4e2c-8dbd-c7a98b5ce15a Atl-Traceid: - - 8e30a877ce634817b00800e98799dfde + - b10a23d831074e2c8dbdc7a98b5ce15a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3313,7 +3335,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:21 GMT + - Sat, 24 May 2025 10:34:25 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3323,7 +3345,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="-NFlI-maCVdtJOtCG1-vFpK1r9zEC5aWQoRs20ER8ExE7xhci0QAbQ==",cdn-downstream-fbl;dur=330,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=97,cdn-upstream-fbl;dur=328,atl-edge;dur=197,atl-edge-internal;dur=14,atl-edge-upstream;dur=183,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=110,atl-edge;dur=102,atl-edge-internal;dur=14,atl-edge-upstream;dur=89,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="gs1YMN4qwxR0EX0xVX4mTsjgqmI9QwP7iToavuCmU0wtnneTXobYUg==",cdn-downstream-fbl;dur=114 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3333,15 +3355,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 60b2b330807c6611e06e3923c8e315cc.cloudfront.net (CloudFront) + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - -NFlI-maCVdtJOtCG1-vFpK1r9zEC5aWQoRs20ER8ExE7xhci0QAbQ== + - gs1YMN4qwxR0EX0xVX4mTsjgqmI9QwP7iToavuCmU0wtnneTXobYUg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 969fae0bf299bd07b479b5d919e26309 + - 38b393b3aece968057e1425deb046ea4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3367,39 +3389,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18239 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19681 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18239","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18239","key":"NTEST-1872","fields":{"statuscategorychangedate":"2025-04-30T18:27:10.705+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19681","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19681","key":"NTEST-3009","fields":{"statuscategorychangedate":"2025-05-24T12:34:17.728+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1872/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:10.389+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t6f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:10.491+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3009/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:17.372+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:17.481+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/14] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/941] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/297] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299]\n*Defect - Dojo link:* http://localhost:8080/finding/299 (299)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]\n*Defect + Dojo link:* http://localhost:8080/finding/332 (332)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -3422,16 +3445,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/297]\n*Defect Dojo link:* - http://localhost:8080/finding/297 (297)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]\n*Defect + Dojo link:* http://localhost:8080/finding/334 (334)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -3454,16 +3477,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1872/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18239/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3009/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19681/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 312c0944-dd69-40de-b2df-dcde3226762c + - b3ec28c3-ed91-40b2-9f63-fb789159be82 Atl-Traceid: - - 312c0944dd6940deb2dfdcde3226762c + - b3ec28c3ed9140b29f63fb789159be82 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3473,7 +3496,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:22 GMT + - Sat, 24 May 2025 10:34:25 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3483,7 +3506,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="Yx47jXO6QrNZqPRtu7BtCdGkGiTpPA69lPBffs9knaYXXu2PMx6AvQ==",cdn-downstream-fbl;dur=360,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=60,cdn-upstream-fbl;dur=357,atl-edge;dur=276,atl-edge-internal;dur=17,atl-edge-upstream;dur=259,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=238,atl-edge;dur=230,atl-edge-internal;dur=17,atl-edge-upstream;dur=214,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="yS0kaRjY1gcfVnN6GSeNOvpDcqeHzLx2YGvjnxKCk6AA43m63kH2cA==",cdn-downstream-fbl;dur=242 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3493,15 +3516,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f5c1da639a075ecd7bb86ffc181e3dd8.cloudfront.net (CloudFront) + - 1.1 b0062bb33b961b53be87d688f2bdd9f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Yx47jXO6QrNZqPRtu7BtCdGkGiTpPA69lPBffs9knaYXXu2PMx6AvQ== + - yS0kaRjY1gcfVnN6GSeNOvpDcqeHzLx2YGvjnxKCk6AA43m63kH2cA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 234b4e070fa408293a6a4b26817858a4 + - 59841c33a2396a12e203632c4e67e069 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3539,9 +3562,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 5072521a-b743-4bf7-96fa-f417fe618a45 + - a4511929-b97c-4dc2-ac33-3477ca807c6e Atl-Traceid: - - 5072521ab7434bf796faf417fe618a45 + - a4511929b97c4dc2ac333477ca807c6e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3551,7 +3574,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:22 GMT + - Sat, 24 May 2025 10:34:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3561,7 +3584,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=326,atl-edge;dur=304,atl-edge-internal;dur=15,atl-edge-upstream;dur=288,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="MfdS3o6C--vMlfpbYu66bMs_MDsIYf4gROSAKpXHpqSrnkc83HkvRw==",cdn-downstream-fbl;dur=329 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=303,atl-edge;dur=296,atl-edge-internal;dur=18,atl-edge-upstream;dur=278,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="__lt1BAKTYActyLTPJbqcfK6omjM9iKf2Yy1nwKw2HhR8pmhQ4-r6A==",cdn-downstream-fbl;dur=308 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3571,18 +3594,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 36e36df999d8d13e1e708941d33a5866.cloudfront.net (CloudFront) + - 1.1 e086ec27af2d3105a1a9fa7efa1be454.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - MfdS3o6C--vMlfpbYu66bMs_MDsIYf4gROSAKpXHpqSrnkc83HkvRw== + - __lt1BAKTYActyLTPJbqcfK6omjM9iKf2Yy1nwKw2HhR8pmhQ4-r6A== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 40ce7ed954af62abdfe046c7e5ed68d9 + - 472566a58a5fd8beec6f8e018f89a86f X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3596,30 +3619,31 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/14] in [Security + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/941] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/297] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299]\n*Defect - Dojo link:* http://localhost:8080/finding/299 (299)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]\n*Defect + Dojo link:* http://localhost:8080/finding/332 (332)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -3642,15 +3666,15 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/297]\n*Defect Dojo link:* http://localhost:8080/finding/297 - (297)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]\n*Defect Dojo link:* http://localhost:8080/finding/334 + (334)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -3673,8 +3697,8 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -3685,21 +3709,21 @@ interactions: Connection: - keep-alive Content-Length: - - '6788' + - '6995' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18239 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19681 response: body: string: '' headers: Atl-Request-Id: - - 2ef3c624-f6f8-4add-8303-8eeab3e1f9d1 + - 9957ae10-7386-4ca1-be4a-55d1bf0fd7d5 Atl-Traceid: - - 2ef3c624f6f84add83038eeab3e1f9d1 + - 9957ae1073864ca1be4a55d1bf0fd7d5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3707,7 +3731,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:23 GMT + - Sat, 24 May 2025 10:34:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3717,7 +3741,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="yMXPvssp9BIPHqH23qJWa3UUxH2DqaORjzlqXKZHriS36ycW-jPqbg==",cdn-downstream-fbl;dur=361,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=357,atl-edge;dur=270,atl-edge-internal;dur=15,atl-edge-upstream;dur=256,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=262,atl-edge;dur=254,atl-edge-internal;dur=16,atl-edge-upstream;dur=239,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="VCl-unGbd4hRwubOAQIl9Z2JT4LQlxuax3irDJXVhCplxDNG8gNlCw==",cdn-downstream-fbl;dur=266 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3725,15 +3749,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 595c26368a4c8eede29e4b5da7206efc.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - yMXPvssp9BIPHqH23qJWa3UUxH2DqaORjzlqXKZHriS36ycW-jPqbg== + - VCl-unGbd4hRwubOAQIl9Z2JT4LQlxuax3irDJXVhCplxDNG8gNlCw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 0f04e02fc2ae89cd24ec16b4df63cb34 + - bdf96073202d628bc595b68dfee190aa X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3759,39 +3783,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18239 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19681 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18239","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18239","key":"NTEST-1872","fields":{"statuscategorychangedate":"2025-04-30T18:27:10.705+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19681","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19681","key":"NTEST-3009","fields":{"statuscategorychangedate":"2025-05-24T12:34:17.728+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1872/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:10.389+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t6f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:10.491+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3009/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:17.372+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:17.481+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/14] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/941] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/297] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299]\n*Defect - Dojo link:* http://localhost:8080/finding/299 (299)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]\n*Defect + Dojo link:* http://localhost:8080/finding/332 (332)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -3814,16 +3839,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/297]\n*Defect Dojo link:* - http://localhost:8080/finding/297 (297)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]\n*Defect + Dojo link:* http://localhost:8080/finding/334 (334)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -3846,16 +3871,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1872/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18239/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3009/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19681/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - def69e7a-d6ce-4a1f-a628-a634c10a4703 + - 95c9ff58-739e-4064-9002-f50c8f99156f Atl-Traceid: - - def69e7ad6ce4a1fa628a634c10a4703 + - 95c9ff58739e40649002f50c8f99156f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3865,7 +3890,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:23 GMT + - Sat, 24 May 2025 10:34:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3875,7 +3900,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="QeFDTdIyDjIocKAcmSANO8-CqcPPXkrsnNrxZvcVUWmYisTTEIlGLQ==",cdn-downstream-fbl;dur=339,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=56,cdn-upstream-fbl;dur=336,atl-edge;dur=261,atl-edge-internal;dur=21,atl-edge-upstream;dur=240,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=198,atl-edge;dur=191,atl-edge-internal;dur=15,atl-edge-upstream;dur=175,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="irOj3v-qqUmFTd4demMLu3kXX5FHZia77tGERQ49rUBegrS5qw338Q==",cdn-downstream-fbl;dur=202 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3885,15 +3910,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b6805b08a4af317938604723e3f3424a.cloudfront.net (CloudFront) + - 1.1 c337a55bb25a3540411fbbf6c8ad1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - QeFDTdIyDjIocKAcmSANO8-CqcPPXkrsnNrxZvcVUWmYisTTEIlGLQ== + - irOj3v-qqUmFTd4demMLu3kXX5FHZia77tGERQ49rUBegrS5qw338Q== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 1947227d3b473f4d8c83ac360d332c80 + - 782be1d52c43effb6046e31bec85217a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3922,12 +3947,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:23.964+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:26.924+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - ddfd5c11-e3ee-4eb6-a2f4-0679675a8648 + - 5d3d4ba2-9423-418d-acdf-f34536fab372 Atl-Traceid: - - ddfd5c11e3ee4eb6a2f40679675a8648 + - 5d3d4ba29423418dacdff34536fab372 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3937,7 +3962,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:23 GMT + - Sat, 24 May 2025 10:34:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3947,7 +3972,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=18,cdn-upstream-fbl;dur=236,atl-edge;dur=161,atl-edge-internal;dur=15,atl-edge-upstream;dur=147,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="oBjQGjQkWSrHoDIObOxwd12Br9xnaxTjWIQdprdvTeGENbxr7H14KQ==",cdn-downstream-fbl;dur=239 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=119,atl-edge;dur=111,atl-edge-internal;dur=16,atl-edge-upstream;dur=96,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Z2RzsfMvPMAs6uPjioQrX8WftwtzlI7TEAevPD5EiYv0yB_TlX5t6Q==",cdn-downstream-fbl;dur=123 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3957,15 +3982,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 452324c4cfd54555e3a2d8c074edaf78.cloudfront.net (CloudFront) + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - oBjQGjQkWSrHoDIObOxwd12Br9xnaxTjWIQdprdvTeGENbxr7H14KQ== + - Z2RzsfMvPMAs6uPjioQrX8WftwtzlI7TEAevPD5EiYv0yB_TlX5t6Q== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 6710e6ad70d09d33ac4d014fd2418f10 + - 5222568a1ffc07d3c0a2f0056e44b005 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3991,25 +4016,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18241 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19682 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18241","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18241","key":"NTEST-1873","fields":{"statuscategorychangedate":"2025-04-30T18:27:13.285+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19682","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19682","key":"NTEST-3010","fields":{"statuscategorychangedate":"2025-05-24T12:34:19.825+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1873/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:12.994+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t6n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:13.082+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3010/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:19.481+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:19.578+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/15] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/942] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/298] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/298]\n*Defect - Dojo link:* http://localhost:8080/finding/298 (298)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/333]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/333]\n*Defect + Dojo link:* http://localhost:8080/finding/333 (333)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -4018,14 +4045,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1873/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18241/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3010/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19682/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 474d0b26-34a1-4bd0-a67d-318b8f8791fa + - 8b27240d-43a5-402d-8a77-3c7df213615e Atl-Traceid: - - 474d0b2634a14bd0a67d318b8f8791fa + - 8b27240d43a5402d8a773c7df213615e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4035,7 +4062,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:24 GMT + - Sat, 24 May 2025 10:34:27 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4045,7 +4072,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=303,atl-edge;dur=270,atl-edge-internal;dur=16,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="qNB3f5A4cAupBVQgS_vLGeLwNAowUXCFkrVbsknAEmLgEXP4QxV3Rg==",cdn-downstream-fbl;dur=308 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=236,atl-edge;dur=229,atl-edge-internal;dur=17,atl-edge-upstream;dur=212,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="xqGQ-3cSOJJUxMFjBP5pGERPC0o57Da-oGsBABw_6aeeteAzMR1scw==",cdn-downstream-fbl;dur=243 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4055,15 +4082,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1918cab433d8a05c792c3cff85897f3c.cloudfront.net (CloudFront) + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - qNB3f5A4cAupBVQgS_vLGeLwNAowUXCFkrVbsknAEmLgEXP4QxV3Rg== + - xqGQ-3cSOJJUxMFjBP5pGERPC0o57Da-oGsBABw_6aeeteAzMR1scw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - d53d2d5399618301d93d29aad04412ab + - f576adaceff4dad94236c0c0f5dc3086 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4101,9 +4128,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 3cd92b82-f187-42f9-88ef-5af67d50bafc + - 51fbf32a-a802-4d21-a684-f2b44eaa394a Atl-Traceid: - - 3cd92b82f18742f988ef5af67d50bafc + - 51fbf32aa8024d21a684f2b44eaa394a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4113,7 +4140,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:24 GMT + - Sat, 24 May 2025 10:34:27 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4123,7 +4150,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=326,atl-edge;dur=304,atl-edge-internal;dur=19,atl-edge-upstream;dur=286,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="sVPgZB93y5RJDWux-I2sqrVIsjmeEjgHudX9SHqyCnMsSTNcUi0pyQ==",cdn-downstream-fbl;dur=329 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=270,atl-edge;dur=263,atl-edge-internal;dur=16,atl-edge-upstream;dur=247,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="m4xUbaxlibixbJlbbnFgsB4NqYwdzCJDhapzGPHNHyGDIxapf3PVjQ==",cdn-downstream-fbl;dur=279 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4133,18 +4160,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5a3010bd9376613ba1249daca87b27a2.cloudfront.net (CloudFront) + - 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - sVPgZB93y5RJDWux-I2sqrVIsjmeEjgHudX9SHqyCnMsSTNcUi0pyQ== + - m4xUbaxlibixbJlbbnFgsB4NqYwdzCJDhapzGPHNHyGDIxapf3PVjQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 5be602ad6fa8f38a0b17327bf0b10d6a + - 7ae9ee09598f7948a6557d5df1ec1fc9 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4158,16 +4185,18 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/15] in [Security + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/942] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/298] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/298]\n*Defect - Dojo link:* http://localhost:8080/finding/298 (298)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/333]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/333]\n*Defect + Dojo link:* http://localhost:8080/finding/333 (333)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service when @@ -4175,7 +4204,7 @@ interactions: Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* - [(admin) ()|mailto:]\n"}, "update": {}}' + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}, "update": {}}' headers: Accept: - application/json,*/*;q=0.9 @@ -4186,21 +4215,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1929' + - '2153' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18241 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19682 response: body: string: '' headers: Atl-Request-Id: - - 11e5cdd3-b867-4849-9d4b-6819ddfef1dd + - 80f6ecf1-de72-4a5f-a98a-f44a1ce12645 Atl-Traceid: - - 11e5cdd3b86748499d4b6819ddfef1dd + - 80f6ecf1de724a5fa98af44a1ce12645 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4208,7 +4237,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:25 GMT + - Sat, 24 May 2025 10:34:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4218,7 +4247,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=310,atl-edge;dur=277,atl-edge-internal;dur=15,atl-edge-upstream;dur=262,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="4qJ6dQCZgs9m-Vnt9KiIptIG1JchqvpI6GbqFvoylDJnI_qDn5IJhw==",cdn-downstream-fbl;dur=316 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=312,atl-edge;dur=304,atl-edge-internal;dur=18,atl-edge-upstream;dur=286,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="-rdpWXpNhtgq8zA8eMYvqqfn287QOqbFrUvbFrWi_ptmwlWy2CFC7A==",cdn-downstream-fbl;dur=317 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4226,15 +4255,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e9bcf307d6ed54e3e501e39bc538dcfc.cloudfront.net (CloudFront) + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 4qJ6dQCZgs9m-Vnt9KiIptIG1JchqvpI6GbqFvoylDJnI_qDn5IJhw== + - -rdpWXpNhtgq8zA8eMYvqqfn287QOqbFrUvbFrWi_ptmwlWy2CFC7A== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 189e663ca4c7a7542b2cde8b6c067c59 + - fa0d7b72a679b121046c96714873b4e9 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4260,25 +4289,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18241 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19682 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18241","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18241","key":"NTEST-1873","fields":{"statuscategorychangedate":"2025-04-30T18:27:13.285+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19682","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19682","key":"NTEST-3010","fields":{"statuscategorychangedate":"2025-05-24T12:34:19.825+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1873/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:12.994+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t6n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:13.082+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3010/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:19.481+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:19.578+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/15] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/942] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/298] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/298]\n*Defect - Dojo link:* http://localhost:8080/finding/298 (298)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/333]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/333]\n*Defect + Dojo link:* http://localhost:8080/finding/333 (333)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -4287,14 +4318,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1873/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18241/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3010/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19682/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - ef16cf31-0620-4c77-9bdb-9c0c37c72877 + - 4ee7ca34-2095-46b6-83fa-78b19c4d7815 Atl-Traceid: - - ef16cf3106204c779bdb9c0c37c72877 + - 4ee7ca34209546b683fa78b19c4d7815 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4304,7 +4335,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:25 GMT + - Sat, 24 May 2025 10:34:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4314,7 +4345,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="wDR4rHAljQdGR6g_-gSSF4XLh3kdzQrQ2LqhjMu7gog8MDvvnQwqAQ==",cdn-downstream-fbl;dur=345,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=61,cdn-upstream-fbl;dur=342,atl-edge;dur=257,atl-edge-internal;dur=15,atl-edge-upstream;dur=242,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=222,atl-edge;dur=215,atl-edge-internal;dur=17,atl-edge-upstream;dur=198,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="LpSWx1m7bMMfr6Axv8O3CAp6BonTLGTDG-wB0syLj-J6oYv_-rB64Q==",cdn-downstream-fbl;dur=226 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4324,15 +4355,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c973663b623c0e82cd366d5ae7837bf4.cloudfront.net (CloudFront) + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - wDR4rHAljQdGR6g_-gSSF4XLh3kdzQrQ2LqhjMu7gog8MDvvnQwqAQ== + - LpSWx1m7bMMfr6Axv8O3CAp6BonTLGTDG-wB0syLj-J6oYv_-rB64Q== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 728fc706b4414d9373d9986f89db0411 + - 15b4fc35f5d2b1907c1228cb153db214 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4343,34 +4374,7 @@ interactions: code: 200 message: OK - request: - body: '{"description": "Event scan_added_empty has occurred.", "title": "Created/Updated - 0 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": - null, "url_ui": "http://localhost:8080/test/112", "url_api": "http://localhost:8080/api/v2/tests/112/", - "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", - "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": - "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": - "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter - Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": - "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 112, "url_ui": "http://localhost:8080/test/112", "url_api": "http://localhost:8080/api/v2/tests/112/"}, - "finding_count": 0, "findings": {"new": [], "reactivated": [], "mitigated": - [], "untouched": [{"id": 295, "title": "Regular Expression Denial of Service - - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/295", - "url_api": "http://localhost:8080/api/v2/findings/295/"}, {"id": 296, "title": - "2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": - "High", "url_ui": "http://localhost:8080/finding/296", "url_api": "http://localhost:8080/api/v2/findings/296/"}, - {"id": 297, "title": "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 - || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 - || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 - || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/297", - "url_api": "http://localhost:8080/api/v2/findings/297/"}, {"id": 298, "title": - "Regular Expression Denial of Service - (Fresh, < 0.5.2)", "severity": "High", - "url_ui": "http://localhost:8080/finding/298", "url_api": "http://localhost:8080/api/v2/findings/298/"}, - {"id": 299, "title": "2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 - < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 - < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/299", - "url_api": "http://localhost:8080/api/v2/findings/299/"}]}}' + body: '"scan_added.tpl"' headers: Accept: - application/json @@ -4381,11 +4385,11 @@ interactions: Connection: - keep-alive Content-Length: - - '2378' + - '16' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added_empty X-DefectDojo-Instance: @@ -4397,95 +4401,25 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"2378\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"16\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added_empty\"\n ],\n \"X-Defectdojo-Instance\": [\n \ \"http://localhost:8080\"\n ]\n },\n \"method\": \"POST\",\n \"origin\": - \"172.18.0.9:47798\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n - \ \"data\": \"{\\\"description\\\": \\\"Event scan_added_empty has occurred.\\\", - \\\"title\\\": \\\"Created/Updated 0 findings for Security How-to: 1st Quarter - Engagement: NPM Audit Scan\\\", \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/112\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/112/\\\", \\\"product_type\\\": - {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": - {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": - {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": - \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 112, \\\"url_ui\\\": \\\"http://localhost:8080/test/112\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/112/\\\"}, \\\"finding_count\\\": - 0, \\\"findings\\\": {\\\"new\\\": [], \\\"reactivated\\\": [], \\\"mitigated\\\": - [], \\\"untouched\\\": [{\\\"id\\\": 295, \\\"title\\\": \\\"Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"High\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/295\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/295/\\\"}, {\\\"id\\\": 296, \\\"title\\\": - \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", - \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/296\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/296/\\\"}, {\\\"id\\\": - 297, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/297\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/297/\\\"}, {\\\"id\\\": 298, \\\"title\\\": - \\\"Regular Expression Denial of Service - (Fresh, < 0.5.2)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/298\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/298/\\\"}, {\\\"id\\\": 299, \\\"title\\\": - \\\"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 - < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= - 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 - || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/299\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/299/\\\"}]}}\",\n - \ \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event - scan_added_empty has occurred.\",\n \"engagement\": {\n \"id\": 1,\n - \ \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n - \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": - 0,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [],\n \"reactivated\": - [],\n \"untouched\": [\n {\n \"id\": 295,\n \"severity\": - \"High\",\n \"title\": \"Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/295/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/295\"\n },\n - \ {\n \"id\": 296,\n \"severity\": \"High\",\n \"title\": - \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/296/\",\n \"url_ui\": \"http://localhost:8080/finding/296\"\n - \ },\n {\n \"id\": 297,\n \"severity\": \"High\",\n - \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < - 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 - < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= - 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/297/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/297\"\n },\n - \ {\n \"id\": 298,\n \"severity\": \"High\",\n \"title\": - \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/298/\",\n \"url_ui\": \"http://localhost:8080/finding/298\"\n - \ },\n {\n \"id\": 299,\n \"severity\": \"High\",\n - \ \"title\": \"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/299/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/299\"\n }\n ]\n - \ },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": - \"http://localhost:8080/product/2\"\n },\n \"product_type\": {\n \"id\": - 2,\n \"name\": \"ebooks\",\n \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n - \ \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": - {\n \"id\": 112,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/112/\",\n - \ \"url_ui\": \"http://localhost:8080/test/112\"\n },\n \"title\": - \"Created/Updated 0 findings for Security How-to: 1st Quarter Engagement: - NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/112/\",\n - \ \"url_ui\": \"http://localhost:8080/test/112\",\n \"user\": null\n - \ }\n}\n" + \"10.250.1.6:45542\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n + \ \"data\": \"\\\"scan_added.tpl\\\"\",\n \"files\": {},\n \"form\": {},\n + \ \"json\": \"scan_added.tpl\"\n}\n" headers: Access-Control-Allow-Credentials: - 'true' Access-Control-Allow-Origin: - '*' + Content-Length: + - '738' Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:27:25 GMT - Transfer-Encoding: - - chunked + - Sat, 24 May 2025 10:34:26 GMT status: code: 200 message: OK @@ -4508,12 +4442,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:26.449+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:28.645+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - e5c65114-da4a-4193-bdd9-616b1e4e9a8b + - 7c81d04a-2982-462f-9541-60a9182e424e Atl-Traceid: - - e5c65114da4a4193bdd9616b1e4e9a8b + - 7c81d04a2982462f954160a9182e424e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4523,7 +4457,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:26 GMT + - Sat, 24 May 2025 10:34:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4533,7 +4467,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="buuLxxdgse-rjbvjYtC_HEAWAAYzJmQvH80vhlfTL6mfTgofOQaO9A==",cdn-downstream-fbl;dur=377,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=55,cdn-upstream-fbl;dur=375,atl-edge;dur=297,atl-edge-internal;dur=17,atl-edge-upstream;dur=283,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=128,atl-edge;dur=121,atl-edge-internal;dur=15,atl-edge-upstream;dur=106,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="YfLhqmcc0YjK7ZrK-9ux9eFYFUk5LSeHMo6G_NrRRRboXxGjkdVORQ==",cdn-downstream-fbl;dur=132 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4543,15 +4477,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 087e16218fcf1ccb7472a2c9f6a4cbe2.cloudfront.net (CloudFront) + - 1.1 c337a55bb25a3540411fbbf6c8ad1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - buuLxxdgse-rjbvjYtC_HEAWAAYzJmQvH80vhlfTL6mfTgofOQaO9A== + - YfLhqmcc0YjK7ZrK-9ux9eFYFUk5LSeHMo6G_NrRRRboXxGjkdVORQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 312d483ab1a69c8a004ba92086400db2 + - d322099559025dc2d9dcb5b59b3b9817 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4577,28 +4511,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18237 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19680 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18237","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18237","key":"NTEST-1871","fields":{"statuscategorychangedate":"2025-04-30T18:27:07.952+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19680","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19680","key":"NTEST-3008","fields":{"statuscategorychangedate":"2025-05-24T12:34:15.654+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1871/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:07.681+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t67:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:07.763+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3008/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:15.295+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:15.382+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/13] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/940] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/296] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/331]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/296]\n*Defect Dojo link:* http://localhost:8080/finding/296 - (296)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/331]\n*Defect Dojo link:* http://localhost:8080/finding/331 + (331)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4608,9 +4543,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295]\n*Defect - Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]\n*Defect + Dojo link:* http://localhost:8080/finding/330 (330)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4620,14 +4555,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1871/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18237/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3008/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19680/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - f565d004-5a60-40c9-a44c-02e12aaa56db + - f4ec3df6-f8bc-4d4e-80c5-1f797063d928 Atl-Traceid: - - f565d0045a6040c9a44c02e12aaa56db + - f4ec3df6f8bc4d4e80c51f797063d928 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4637,7 +4572,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:26 GMT + - Sat, 24 May 2025 10:34:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4647,7 +4582,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="qK90YnCC2Zsm50VYxNbF6YhEesPI1LV-ApvHQ16dFCaRyFCRP3gy9w==",cdn-downstream-fbl;dur=344,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=341,atl-edge;dur=258,atl-edge-internal;dur=18,atl-edge-upstream;dur=239,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=225,atl-edge;dur=217,atl-edge-internal;dur=15,atl-edge-upstream;dur=202,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="d4N_879ZykmTC2AX6HK8q9JteopKPk_yR9WcbwQUJOgdgg6EzRalcg==",cdn-downstream-fbl;dur=228 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4657,15 +4592,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e111150962050a0e90ab08053c0f9778.cloudfront.net (CloudFront) + - 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - qK90YnCC2Zsm50VYxNbF6YhEesPI1LV-ApvHQ16dFCaRyFCRP3gy9w== + - d4N_879ZykmTC2AX6HK8q9JteopKPk_yR9WcbwQUJOgdgg6EzRalcg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 6aa5c2c0580c26cb0b2c003d1bc28eba + - f8e1285813363311db10a02923538b5e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4694,12 +4629,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:27.258+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:29.181+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 5eb758e5-4ba1-4970-b4e9-920493ec3dd1 + - 8eaa92be-ac6e-48de-a939-33aac3d81c78 Atl-Traceid: - - 5eb758e54ba14970b4e9920493ec3dd1 + - 8eaa92beac6e48dea93933aac3d81c78 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4709,7 +4644,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:27 GMT + - Sat, 24 May 2025 10:34:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4719,7 +4654,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="0wN-N5CtXlHy9pYvFzhS8nCQkil-h_GRgACRkltp_ZtPd2lFNgeIOw==",cdn-downstream-fbl;dur=244,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=241,atl-edge;dur=155,atl-edge-internal;dur=14,atl-edge-upstream;dur=142,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=168,atl-edge;dur=160,atl-edge-internal;dur=15,atl-edge-upstream;dur=144,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="xdS9a-0WXF2JJbyOrogEeZ4rydvm4iIi_LJdjYziI13zlaM_08_BTg==",cdn-downstream-fbl;dur=172 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4729,15 +4664,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 51e6f466f192ce588105b138cebcc0d0.cloudfront.net (CloudFront) + - 1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 0wN-N5CtXlHy9pYvFzhS8nCQkil-h_GRgACRkltp_ZtPd2lFNgeIOw== + - xdS9a-0WXF2JJbyOrogEeZ4rydvm4iIi_LJdjYziI13zlaM_08_BTg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 9655fcee1f1c51f776daa341ab67f60a + - 6caa1c85d70a3e96aa3707019bbc2619 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4763,39 +4698,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18239 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19681 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18239","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18239","key":"NTEST-1872","fields":{"statuscategorychangedate":"2025-04-30T18:27:10.705+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19681","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19681","key":"NTEST-3009","fields":{"statuscategorychangedate":"2025-05-24T12:34:17.728+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1872/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:10.389+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t6f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:10.491+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3009/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:17.372+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:17.481+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/14] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/941] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/297] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299]\n*Defect - Dojo link:* http://localhost:8080/finding/299 (299)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]\n*Defect + Dojo link:* http://localhost:8080/finding/332 (332)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -4818,16 +4754,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/297]\n*Defect Dojo link:* - http://localhost:8080/finding/297 (297)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]\n*Defect + Dojo link:* http://localhost:8080/finding/334 (334)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -4850,16 +4786,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1872/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18239/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3009/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19681/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 3d858399-0275-44dc-a533-1055681ebb27 + - 56d5c6b7-1209-479c-8888-9ae95242ea20 Atl-Traceid: - - 3d858399027544dca5331055681ebb27 + - 56d5c6b71209479c88889ae95242ea20 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4869,7 +4805,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:27 GMT + - Sat, 24 May 2025 10:34:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4879,7 +4815,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=314,atl-edge;dur=281,atl-edge-internal;dur=17,atl-edge-upstream;dur=265,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="0Fz_iwxlc7RQLlN1w_6RMj_PpLgtTtsr9jEhEeVDgoG80CLrpBvqXA==",cdn-downstream-fbl;dur=318 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=235,atl-edge;dur=228,atl-edge-internal;dur=18,atl-edge-upstream;dur=211,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="nX9CZZhZfjc6y2YT-GcIgZuOcg2YlLIrfAw9CkUnvPBi5Ufg1YM7Jg==",cdn-downstream-fbl;dur=240 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4889,15 +4825,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 cbe94ab27088fc4bb73abf8e3179b3d2.cloudfront.net (CloudFront) + - 1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 0Fz_iwxlc7RQLlN1w_6RMj_PpLgtTtsr9jEhEeVDgoG80CLrpBvqXA== + - nX9CZZhZfjc6y2YT-GcIgZuOcg2YlLIrfAw9CkUnvPBi5Ufg1YM7Jg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - a480c371cdeb1be333aea05315b9da00 + - d73efd529f263a1292bf4f2230b2b7dc X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4926,12 +4862,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:28.034+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:29.698+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 121f2864-7c0c-44f8-90db-6125cefb6ead + - ffcc9165-c31f-4cf7-8ee4-5f070784d906 Atl-Traceid: - - 121f28647c0c44f890db6125cefb6ead + - ffcc9165c31f4cf78ee45f070784d906 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4941,7 +4877,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:28 GMT + - Sat, 24 May 2025 10:34:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4951,7 +4887,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="Yktfh4aUOyH1zG1A9WiQc4atVxkMFw66wLkVAIsgH_GsSX2OMKD5uw==",cdn-downstream-fbl;dur=246,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=244,atl-edge;dur=157,atl-edge-internal;dur=14,atl-edge-upstream;dur=144,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=115,atl-edge;dur=107,atl-edge-internal;dur=16,atl-edge-upstream;dur=91,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="-rbUQv7_uT2CHKfeaThvNG0WZy3QQ5ApDi3H0K2lPjk3WrowOZ9R0A==",cdn-downstream-fbl;dur=119 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4961,15 +4897,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c973663b623c0e82cd366d5ae7837bf4.cloudfront.net (CloudFront) + - 1.1 9835af751c15612a813bbc131d2ce1e6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Yktfh4aUOyH1zG1A9WiQc4atVxkMFw66wLkVAIsgH_GsSX2OMKD5uw== + - -rbUQv7_uT2CHKfeaThvNG0WZy3QQ5ApDi3H0K2lPjk3WrowOZ9R0A== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 877b1ba61a646df40b21e70841af1ae3 + - cb6c0501c95e02d562d21e5afae20aa7 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4995,41 +4931,104 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18241 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19681 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18241","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18241","key":"NTEST-1873","fields":{"statuscategorychangedate":"2025-04-30T18:27:13.285+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19681","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19681","key":"NTEST-3009","fields":{"statuscategorychangedate":"2025-05-24T12:34:17.728+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1873/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:12.994+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t6n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:13.082+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3009/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:17.372+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:17.481+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/15] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/941] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/298] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/298]\n*Defect - Dojo link:* http://localhost:8080/finding/298 (298)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source - File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected - versions of `fresh` are vulnerable to regular expression denial of service - when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable - Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n - CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 - or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/332]\n*Defect + Dojo link:* http://localhost:8080/finding/332 (332)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/334]\n*Defect + Dojo link:* http://localhost:8080/finding/334 (334)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1873/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18241/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3009/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19681/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - f80cde24-d863-4741-85a5-08d3dee752f6 + - 3507cbec-18b1-46c8-9603-b558ea7bfe14 Atl-Traceid: - - f80cde24d863474185a508d3dee752f6 + - 3507cbec18b146c89603b558ea7bfe14 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5039,7 +5038,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:28 GMT + - Sat, 24 May 2025 10:34:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5049,7 +5048,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=304,atl-edge;dur=271,atl-edge-internal;dur=18,atl-edge-upstream;dur=253,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="58-8504-NblBCsqSn9Zb-SXQxLI0mSM-TcdcpqttnldWhIqlQhrnsg==",cdn-downstream-fbl;dur=308 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=242,atl-edge;dur=235,atl-edge-internal;dur=16,atl-edge-upstream;dur=219,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="XvrmX_U5BgOdWl9_5P0TF_WTqi6vzgHZgouROI097rL8X26C2Jg-pg==",cdn-downstream-fbl;dur=246 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5059,15 +5058,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a78d8f4a6ccd81221651cd6112d5330a.cloudfront.net (CloudFront) + - 1.1 b0062bb33b961b53be87d688f2bdd9f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 58-8504-NblBCsqSn9Zb-SXQxLI0mSM-TcdcpqttnldWhIqlQhrnsg== + - XvrmX_U5BgOdWl9_5P0TF_WTqi6vzgHZgouROI097rL8X26C2Jg-pg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - ebf45c23f61a8fa4c2a97ddba9987c83 + - 6f81ecc5c950fd4061d1503210290212 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5096,12 +5095,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:28.700+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:30.207+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 1bc859ea-1ef6-4152-9db8-3af750f05b47 + - 0c4a2956-8e08-4847-9d0b-57f6fbb69fe7 Atl-Traceid: - - 1bc859ea1ef641529db83af750f05b47 + - 0c4a29568e0848479d0b57f6fbb69fe7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5111,7 +5110,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:28 GMT + - Sat, 24 May 2025 10:34:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5121,7 +5120,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=177,atl-edge;dur=144,atl-edge-internal;dur=15,atl-edge-upstream;dur=128,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="jLwp-D_tacHhXq_5YX2wikREQ1TN59iB_gpEl6SGZtrLMaXcZoVJpg==",cdn-downstream-fbl;dur=182 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=117,atl-edge;dur=109,atl-edge-internal;dur=16,atl-edge-upstream;dur=94,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="7hnfWQT45HVIcpX6Yah6HkRi4UKOGodbWFzD7t9SPVnYZSjCcdebuA==",cdn-downstream-fbl;dur=121 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5131,15 +5130,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2918cacbb3dda2d143059f9b5f341e32.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - jLwp-D_tacHhXq_5YX2wikREQ1TN59iB_gpEl6SGZtrLMaXcZoVJpg== + - 7hnfWQT45HVIcpX6Yah6HkRi4UKOGodbWFzD7t9SPVnYZSjCcdebuA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - bd3b52d51c57d3dd6241c2817427da25 + - 3e1348afebfd0548bafd599e992f2a69 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5165,57 +5164,43 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18237 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19682 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18237","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18237","key":"NTEST-1871","fields":{"statuscategorychangedate":"2025-04-30T18:27:07.952+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19682","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19682","key":"NTEST-3010","fields":{"statuscategorychangedate":"2025-05-24T12:34:19.825+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1871/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:07.681+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t67:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:07.763+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3010/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:19.481+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:19.578+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/13] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/942] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/296] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/296]\n*Defect Dojo link:* http://localhost:8080/finding/296 - (296)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] - \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source - File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` - header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= - 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 - or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/295]\n*Defect - Dojo link:* http://localhost:8080/finding/295 (295)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source - File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` - header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= - 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 - or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/333]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/333]\n*Defect + Dojo link:* http://localhost:8080/finding/333 (333)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service + when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1871/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18237/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3010/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19682/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - bfb3a159-1fc7-4d95-b11d-9c606f52f4ea + - a9b91b06-c888-493d-a3a2-84bfe943481b Atl-Traceid: - - bfb3a1591fc74d95b11d9c606f52f4ea + - a9b91b06c888493da3a284bfe943481b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5225,7 +5210,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:29 GMT + - Sat, 24 May 2025 10:34:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5235,7 +5220,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=299,atl-edge;dur=265,atl-edge-internal;dur=15,atl-edge-upstream;dur=251,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="HKbOInGl_JzwzjX_sXHbFOQZaR3SS04_Qk84PeFBT2AecIV-JGpvig==",cdn-downstream-fbl;dur=303 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=196,atl-edge;dur=188,atl-edge-internal;dur=16,atl-edge-upstream;dur=172,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="SKOsuVcOoMA4eMj_iNlUE7JAyTk1bUtXIQaMAzCk1KsfwMUKuNRFxQ==",cdn-downstream-fbl;dur=200 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5245,15 +5230,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 800cba2437ee092ab9e4755c65d34a72.cloudfront.net (CloudFront) + - 1.1 9835af751c15612a813bbc131d2ce1e6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - HKbOInGl_JzwzjX_sXHbFOQZaR3SS04_Qk84PeFBT2AecIV-JGpvig== + - SKOsuVcOoMA4eMj_iNlUE7JAyTk1bUtXIQaMAzCk1KsfwMUKuNRFxQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 6f3489a51d8758a9eec6bef4f4657e4d + - cc18da98e742d588ba03a4600cbf25e9 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5282,12 +5267,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:29.373+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:30.665+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - b6335578-ae85-4f22-8a97-234d1b8c39f0 + - 3854d4a2-cd85-41dc-a44e-558bc4adfd37 Atl-Traceid: - - b6335578ae854f228a97234d1b8c39f0 + - 3854d4a2cd8541dca44e558bc4adfd37 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5297,7 +5282,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:29 GMT + - Sat, 24 May 2025 10:34:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5307,7 +5292,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=202,atl-edge;dur=170,atl-edge-internal;dur=15,atl-edge-upstream;dur=155,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="NVVMKyU7D7QOM2ttFQ860JvTh56lC3WlXgvQKPbFgmPXD4E8-923bw==",cdn-downstream-fbl;dur=206 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="mX255UgSWsyUgpFY71ezPaTcrH5J9S2fe0lIhySmkjFqRZRHavmldQ==",cdn-downstream-fbl;dur=135,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=133,atl-edge;dur=104,atl-edge-internal;dur=17,atl-edge-upstream;dur=88,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5317,15 +5302,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 71ab92edd02bc8ec941d842529d753d0.cloudfront.net (CloudFront) + - 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - NVVMKyU7D7QOM2ttFQ860JvTh56lC3WlXgvQKPbFgmPXD4E8-923bw== + - mX255UgSWsyUgpFY71ezPaTcrH5J9S2fe0lIhySmkjFqRZRHavmldQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 167ded9a2df9ca620ddb0df48ed86ed9 + - 30ff8dcc2162fbc3756656e2dba60e7e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5351,103 +5336,58 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18239 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19680 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18239","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18239","key":"NTEST-1872","fields":{"statuscategorychangedate":"2025-04-30T18:27:10.705+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19680","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19680","key":"NTEST-3008","fields":{"statuscategorychangedate":"2025-05-24T12:34:15.654+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1872/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:10.389+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t6f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:10.491+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3008/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:15.295+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010jj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:15.382+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/14] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/940] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/112]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/297] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/299]\n*Defect - Dojo link:* http://localhost:8080/finding/299 (299)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs - when the remote database or query specifies a crafted column name. \n\nThere - are two specific scenarios in which it is likely for an application to be - vulnerable:\n1. The application executes unsafe, user-supplied sql which contains - malicious column names.\n2. The application connects to an untrusted database - and executes a query returning results which contain a malicious column name.\n\n## - Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = - new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 - AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < - 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 - < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched - Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= - 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable - Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* - Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update - to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* - Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update - to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are - also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/297]\n*Defect Dojo link:* - http://localhost:8080/finding/297 (297)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs - when the remote database or query specifies a crafted column name. \n\nThere - are two specific scenarios in which it is likely for an application to be - vulnerable:\n1. The application executes unsafe, user-supplied sql which contains - malicious column names.\n2. The application connects to an untrusted database - and executes a query returning results which contain a malicious column name.\n\n## - Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = - new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 - AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < - 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 - < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched - Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= - 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable - Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* - Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update - to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* - Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update - to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are - also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + / [NPM Audit Scan|http://localhost:8080/test/119]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/331]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/331]\n*Defect Dojo link:* http://localhost:8080/finding/331 + (331)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/330]\n*Defect + Dojo link:* http://localhost:8080/finding/330 (330)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1872/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18239/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3008/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19680/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - decc65e5-3726-42a8-bddc-e8bf9122c756 + - 451f7d29-be7a-4770-aebb-cd902bec2d80 Atl-Traceid: - - decc65e5372642a8bddce8bf9122c756 + - 451f7d29be7a4770aebbcd902bec2d80 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5457,7 +5397,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:29 GMT + - Sat, 24 May 2025 10:34:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5467,7 +5407,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=278,atl-edge;dur=245,atl-edge-internal;dur=15,atl-edge-upstream;dur=230,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="0HwgGS4qV7heB2BztwGb2c4yZ_gIWOFpIWJ4GzQHcQHoQhpU9H-eOg==",cdn-downstream-fbl;dur=283 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=224,atl-edge;dur=216,atl-edge-internal;dur=18,atl-edge-upstream;dur=198,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="0CgkhKivz4CUiTtg2zmQkxtIUE5NWf8UBPcBRdwox1qzu68VFPUjvw==",cdn-downstream-fbl;dur=228 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5477,15 +5417,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a65725dd05dc27eea7ae75a2e122228e.cloudfront.net (CloudFront) + - 1.1 b0062bb33b961b53be87d688f2bdd9f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 0HwgGS4qV7heB2BztwGb2c4yZ_gIWOFpIWJ4GzQHcQHoQhpU9H-eOg== + - 0CgkhKivz4CUiTtg2zmQkxtIUE5NWf8UBPcBRdwox1qzu68VFPUjvw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 1278e2b61ebbc7b8cb3b6896e0216c2f + - 67f029b77ec4339c203aa16817a58e0d X-Cache: - Miss from cloudfront X-Content-Type-Options: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_with_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_with_push_to_jira.yaml index 420de94e6bd..697dc7accd5 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_with_push_to_jira.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_no_push_to_jira_reimport_with_push_to_jira.yaml @@ -2,14 +2,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, - "url_ui": "http://localhost:8080/test/113", "url_api": "http://localhost:8080/api/v2/tests/113/", + "url_ui": "http://localhost:8080/test/120", "url_api": "http://localhost:8080/api/v2/tests/120/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 113, "url_ui": "http://localhost:8080/test/113", "url_api": "http://localhost:8080/api/v2/tests/113/"}}' + 120, "url_ui": "http://localhost:8080/test/120", "url_api": "http://localhost:8080/api/v2/tests/120/"}}' headers: Accept: - application/json @@ -24,7 +24,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -38,22 +38,22 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"849\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:35750\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:45548\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/113\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/113/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/120\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/120/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 113, \\\"url_ui\\\": \\\"http://localhost:8080/test/113\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/113/\\\"}}\",\n \"files\": + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 120, \\\"url_ui\\\": \\\"http://localhost:8080/test/120\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/120/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -63,11 +63,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 113,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/113/\",\n - \ \"url_ui\": \"http://localhost:8080/test/113\"\n },\n \"title\": + 120,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/120/\",\n + \ \"url_ui\": \"http://localhost:8080/test/120\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/113/\",\n \"url_ui\": - \"http://localhost:8080/test/113\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/120/\",\n \"url_ui\": + \"http://localhost:8080/test/120\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -76,7 +76,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:27:30 GMT + - Sat, 24 May 2025 10:34:29 GMT Transfer-Encoding: - chunked status: @@ -85,32 +85,33 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": - null, "url_ui": "http://localhost:8080/test/113", "url_api": "http://localhost:8080/api/v2/tests/113/", + null, "url_ui": "http://localhost:8080/test/120", "url_api": "http://localhost:8080/api/v2/tests/120/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 113, "url_ui": "http://localhost:8080/test/113", "url_api": "http://localhost:8080/api/v2/tests/113/"}, - "finding_count": 5, "findings": {"new": [{"id": 300, "title": "Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/300", - "url_api": "http://localhost:8080/api/v2/findings/300/"}, {"id": 301, "title": - "2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": - "High", "url_ui": "http://localhost:8080/finding/301", "url_api": "http://localhost:8080/api/v2/findings/301/"}, - {"id": 302, "title": "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 - || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 - || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 - || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/302", - "url_api": "http://localhost:8080/api/v2/findings/302/"}, {"id": 303, "title": - "Regular Expression Denial of Service - (Fresh, < 0.5.2)", "severity": "High", - "url_ui": "http://localhost:8080/finding/303", "url_api": "http://localhost:8080/api/v2/findings/303/"}, - {"id": 304, "title": "2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 - < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 - < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/304", - "url_api": "http://localhost:8080/api/v2/findings/304/"}], "reactivated": [], - "mitigated": [], "untouched": []}}' + 120, "url_ui": "http://localhost:8080/test/120", "url_api": "http://localhost:8080/api/v2/tests/120/"}, + "finding_count": 5, "findings": {"new": [{"id": 336, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/336", + "url_api": "http://localhost:8080/api/v2/findings/336/"}, {"id": 337, "title": + "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 + || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "High", "url_ui": "http://localhost:8080/finding/337", "url_api": + "http://localhost:8080/api/v2/findings/337/"}, {"id": 335, "title": "Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", + "url_ui": "http://localhost:8080/finding/335", "url_api": "http://localhost:8080/api/v2/findings/335/"}, + {"id": 338, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/338", "url_api": + "http://localhost:8080/api/v2/findings/338/"}, {"id": 339, "title": "2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= + 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || + >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/339", "url_api": + "http://localhost:8080/api/v2/findings/339/"}], "reactivated": [], "mitigated": + [], "untouched": []}}' headers: Accept: - application/json @@ -121,11 +122,11 @@ interactions: Connection: - keep-alive Content-Length: - - '2372' + - '2378' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -137,84 +138,84 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"2372\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"2378\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:35762\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:45552\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", - \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/113\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/113/\\\", \\\"product_type\\\": + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/120\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/120/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 113, \\\"url_ui\\\": \\\"http://localhost:8080/test/113\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/113/\\\"}, \\\"finding_count\\\": - 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 300, \\\"title\\\": \\\"Regular + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 120, \\\"url_ui\\\": \\\"http://localhost:8080/test/120\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/120/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 336, \\\"title\\\": \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/300\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/300/\\\"}, {\\\"id\\\": 301, \\\"title\\\": - \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", - \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/301\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/301/\\\"}, {\\\"id\\\": - 302, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/302\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/302/\\\"}, {\\\"id\\\": 303, \\\"title\\\": - \\\"Regular Expression Denial of Service - (Fresh, < 0.5.2)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/303\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/303/\\\"}, {\\\"id\\\": 304, \\\"title\\\": - \\\"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/336\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/336/\\\"}, {\\\"id\\\": 337, \\\"title\\\": + \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/304\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/304/\\\"}], - \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n - \ \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event - scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": - \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \\\"http://localhost:8080/finding/337\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/337/\\\"}, + {\\\"id\\\": 335, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/335\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/335/\\\"}, + {\\\"id\\\": 338, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/338\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/338/\\\"}, + {\\\"id\\\": 339, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/339\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/339/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 300,\n \"severity\": \"High\",\n \"title\": + \ \"id\": 336,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/336/\",\n \"url_ui\": \"http://localhost:8080/finding/336\"\n + \ },\n {\n \"id\": 337,\n \"severity\": \"High\",\n + \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < + 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 + < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/337/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/337\"\n },\n + \ {\n \"id\": 335,\n \"severity\": \"Medium\",\n \"title\": \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/300/\",\n \"url_ui\": \"http://localhost:8080/finding/300\"\n - \ },\n {\n \"id\": 301,\n \"severity\": \"High\",\n - \ \"title\": \"2222Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/301/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/301\"\n },\n - \ {\n \"id\": 302,\n \"severity\": \"High\",\n \"title\": - \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < - 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 - < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= - 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/302/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/302\"\n },\n - \ {\n \"id\": 303,\n \"severity\": \"High\",\n \"title\": - \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/303/\",\n \"url_ui\": \"http://localhost:8080/finding/303\"\n - \ },\n {\n \"id\": 304,\n \"severity\": \"High\",\n - \ \"title\": \"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/304/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/304\"\n }\n ],\n + \"http://localhost:8080/api/v2/findings/335/\",\n \"url_ui\": \"http://localhost:8080/finding/335\"\n + \ },\n {\n \"id\": 338,\n \"severity\": \"Medium\",\n + \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/338/\",\n \"url_ui\": + \"http://localhost:8080/finding/338\"\n },\n {\n \"id\": + 339,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/339/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/339\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 113,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/113/\",\n - \ \"url_ui\": \"http://localhost:8080/test/113\"\n },\n \"title\": + 120,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/120/\",\n + \ \"url_ui\": \"http://localhost:8080/test/120\"\n },\n \"title\": \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: - NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/113/\",\n - \ \"url_ui\": \"http://localhost:8080/test/113\",\n \"user\": null\n + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/120/\",\n + \ \"url_ui\": \"http://localhost:8080/test/120\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -224,7 +225,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:27:30 GMT + - Sat, 24 May 2025 10:34:29 GMT Transfer-Encoding: - chunked status: @@ -249,12 +250,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:30.634+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:31.576+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 0037c08c-78a1-491a-bb47-2615f83ab6f7 + - f290ea7e-4af6-4c57-954c-354a9e1b6112 Atl-Traceid: - - 0037c08c78a1491abb472615f83ab6f7 + - f290ea7e4af64c57954c354a9e1b6112 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -264,7 +265,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:30 GMT + - Sat, 24 May 2025 10:34:31 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -274,7 +275,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=243,atl-edge;dur=156,atl-edge-internal;dur=16,atl-edge-upstream;dur=141,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="8_zMGqmcIQd7kueNRB7xwv9KBuCDWFsfiX-hCvfXN2EOri_ufr7BRw==",cdn-downstream-fbl;dur=247 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=111,atl-edge;dur=103,atl-edge-internal;dur=14,atl-edge-upstream;dur=89,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="0EjlJ-VuyZtWTwUgxLSTxRzBXg308ZlipmzfHp8TlPjDI9Qlji-JpQ==",cdn-downstream-fbl;dur=115 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -284,15 +285,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 dd3ca66f64c2ab5745848b5787ca747a.cloudfront.net (CloudFront) + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 8_zMGqmcIQd7kueNRB7xwv9KBuCDWFsfiX-hCvfXN2EOri_ufr7BRw== + - 0EjlJ-VuyZtWTwUgxLSTxRzBXg308ZlipmzfHp8TlPjDI9Qlji-JpQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 880e4c88fa7c7fcf1204c2577a52b4f2 + - 3a6d59c0f08afdb796c5a34c7c6d2ad3 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -330,9 +331,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - eb1017cd-7244-4074-a7b8-f0074eafd760 + - 6067195b-c736-438a-806e-73d38121a8a6 Atl-Traceid: - - eb1017cd72444074a7b8f0074eafd760 + - 6067195bc736438a806e73d38121a8a6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -342,7 +343,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:31 GMT + - Sat, 24 May 2025 10:34:31 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -352,7 +353,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=287,atl-edge;dur=255,atl-edge-internal;dur=16,atl-edge-upstream;dur=239,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="F1I9eRe0cZGSJ7JSVSLzGzWu4oK5w87FEd8zc60yp1EjOkrcYCTjDQ==",cdn-downstream-fbl;dur=292 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=308,atl-edge;dur=301,atl-edge-internal;dur=16,atl-edge-upstream;dur=285,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="pt_ywSawT5U7SQQo2UIPL18Sqk6zIvYLYOFV1t5LJ-mDcJs8h8UOvQ==",cdn-downstream-fbl;dur=312 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -362,18 +363,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - F1I9eRe0cZGSJ7JSVSLzGzWu4oK5w87FEd8zc60yp1EjOkrcYCTjDQ== + - pt_ywSawT5U7SQQo2UIPL18Sqk6zIvYLYOFV1t5LJ-mDcJs8h8UOvQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - a34b2dd7a3e912daa03ddba3d952bdff + - 62dfbcf02691f88699dfc91fa416dc66 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -385,41 +386,87 @@ interactions: message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, - "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA - group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/16] - in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/113]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/301] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/300] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/301]\n*Defect Dojo link:* http://localhost:8080/finding/301 - (301)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] - \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source - File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` header - value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n - Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or - later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/300]\n*Defect - Dojo link:* http://localhost:8080/finding/300 (300)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source - File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` header - value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n - Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or - later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of + Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/944] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/120]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/337]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/339]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/337]\n*Defect + Dojo link:* http://localhost:8080/finding/337 (337)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require(''pg'')\nconst client = new Client()\nclient.connect()\n\nconst + sql = `SELECT 1 AS \"\\\\''/*\", 2 AS \"\\\\''*/\\n + console.log(process.env)] + = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n + Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= + 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 + || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < + 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n + Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to version 2.11.2 + or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: + Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 + or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions + 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version + 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/339]\n*Defect Dojo link:* http://localhost:8080/finding/339 + (339)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require(''pg'')\nconst client = new Client()\nclient.connect()\n\nconst + sql = `SELECT 1 AS \"\\\\''/*\", 2 AS \"\\\\''*/\\n + console.log(process.env)] + = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n + Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= + 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 + || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < + 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n + Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to version 2.11.2 + or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: + Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 + or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions + 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version + 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' headers: Accept: @@ -431,7 +478,7 @@ interactions: Connection: - keep-alive Content-Length: - - '3334' + - '6981' Content-Type: - application/json User-Agent: @@ -440,12 +487,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18243","key":"NTEST-1874","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18243"}' + string: '{"id":"19683","key":"NTEST-3011","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19683"}' headers: Atl-Request-Id: - - 88fcd2b2-b85c-48fc-92ff-ea28b8eb8548 + - 27e078e3-86b1-4d42-824a-6ab85f4af483 Atl-Traceid: - - 88fcd2b2b85c48fc92ffea28b8eb8548 + - 27e078e386b14d42824a6ab85f4af483 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -453,7 +500,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:32 GMT + - Sat, 24 May 2025 10:34:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -463,7 +510,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=742,atl-edge;dur=709,atl-edge-internal;dur=17,atl-edge-upstream;dur=692,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="gNYAcCK-oWJCBLyr-zSbWC5TWFyLeZXjUcKJK6lkIAuTHG5KeT1teg==",cdn-downstream-fbl;dur=746 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=690,atl-edge;dur=681,atl-edge-internal;dur=17,atl-edge-upstream;dur=665,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="1DxwniewlCUi6Z8zeJZTTiXMtWCaUegqvIBDq2t9KSJhGaZ0J3qs6Q==",cdn-downstream-fbl;dur=694 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -473,15 +520,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b5141080f2dac9506b5156fa7721b41c.cloudfront.net (CloudFront) + - 1.1 4ab1227a56c7dfaf7a8f7750683df1be.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - gNYAcCK-oWJCBLyr-zSbWC5TWFyLeZXjUcKJK6lkIAuTHG5KeT1teg== + - 1DxwniewlCUi6Z8zeJZTTiXMtWCaUegqvIBDq2t9KSJhGaZ0J3qs6Q== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 8dc10ae943e79258f37c4f17973d8fa3 + - 7555ead5b97e4d40545dec63a7d26896 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -507,57 +554,104 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1874 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3011 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18243","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18243","key":"NTEST-1874","fields":{"statuscategorychangedate":"2025-04-30T18:27:32.121+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19683","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19683","key":"NTEST-3011","fields":{"statuscategorychangedate":"2025-05-24T12:34:32.732+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1874/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:31.799+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t6v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:31.892+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3011/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:32.433+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010k7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:32.513+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/16] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/944] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/113]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/301] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/300] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/301]\n*Defect Dojo link:* http://localhost:8080/finding/301 - (301)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] - \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source - File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` - header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= - 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 - or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/300]\n*Defect - Dojo link:* http://localhost:8080/finding/300 (300)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source - File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` - header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= - 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 - or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + / [NPM Audit Scan|http://localhost:8080/test/120]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/337]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/339]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/337]\n*Defect + Dojo link:* http://localhost:8080/finding/337 (337)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/339]\n*Defect + Dojo link:* http://localhost:8080/finding/339 (339)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1874/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18243/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3011/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19683/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 870058af-ff81-4c71-b148-21bcd81b7174 + - 005980d5-5915-4cbb-b819-19ce32b73c7f Atl-Traceid: - - 870058afff814c71b14821bcd81b7174 + - 005980d559154cbbb81919ce32b73c7f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -567,7 +661,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:32 GMT + - Sat, 24 May 2025 10:34:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -577,7 +671,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="R5mwmhps7NJa8NtlLkH_vfchE6qaRfcWvZ0kaLmsVo6FPua3V8zXcw==",cdn-downstream-fbl;dur=370,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=77,cdn-upstream-fbl;dur=368,atl-edge;dur=269,atl-edge-internal;dur=16,atl-edge-upstream;dur=253,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=233,atl-edge;dur=225,atl-edge-internal;dur=15,atl-edge-upstream;dur=210,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="fgY1w5yl8BdwwweJ-Ag_eJLTOoUceK1ZxNca04mNHOqP0Z49-vNlpg==",cdn-downstream-fbl;dur=237 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -587,15 +681,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c8780798b589dc6b55523ca0a9bc3c02.cloudfront.net (CloudFront) + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - R5mwmhps7NJa8NtlLkH_vfchE6qaRfcWvZ0kaLmsVo6FPua3V8zXcw== + - fgY1w5yl8BdwwweJ-Ag_eJLTOoUceK1ZxNca04mNHOqP0Z49-vNlpg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 7058fa37c3a8782281d74797a2d4faf4 + - 0dc1703ab7a5a174e860da8e79212c21 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -621,57 +715,104 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18243 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19683 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18243","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18243","key":"NTEST-1874","fields":{"statuscategorychangedate":"2025-04-30T18:27:32.121+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19683","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19683","key":"NTEST-3011","fields":{"statuscategorychangedate":"2025-05-24T12:34:32.732+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1874/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:31.799+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t6v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:31.892+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3011/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:32.433+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010k7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:32.513+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/16] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/944] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/113]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/301] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/300] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/301]\n*Defect Dojo link:* http://localhost:8080/finding/301 - (301)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] - \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source - File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` - header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= - 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 - or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/300]\n*Defect - Dojo link:* http://localhost:8080/finding/300 (300)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source - File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected - versions of `negotiator` are vulnerable to regular expression denial of service - attacks, which trigger upon parsing a specially crafted `Accept-Language` - header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= - 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n - CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 - or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + / [NPM Audit Scan|http://localhost:8080/test/120]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/337]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/339]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/337]\n*Defect + Dojo link:* http://localhost:8080/finding/337 (337)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/339]\n*Defect + Dojo link:* http://localhost:8080/finding/339 (339)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1874/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18243/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3011/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19683/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - c182a12a-5bc6-4c80-bd48-a26e74f5e970 + - 23bd6279-a645-4c38-87b1-438f241161df Atl-Traceid: - - c182a12a5bc64c80bd48a26e74f5e970 + - 23bd6279a6454c3887b1438f241161df Cache-Control: - no-cache, no-store, no-transform Connection: @@ -681,7 +822,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:33 GMT + - Sat, 24 May 2025 10:34:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -691,7 +832,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="YHnjelKvzCyr4LdIq760kV_vAbTMOK0VAn2iUUetHMLQEVbVDzxucQ==",cdn-downstream-fbl;dur=337,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=61,cdn-upstream-fbl;dur=334,atl-edge;dur=251,atl-edge-internal;dur=16,atl-edge-upstream;dur=234,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=248,atl-edge;dur=241,atl-edge-internal;dur=14,atl-edge-upstream;dur=227,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="e94y2Mg2l99V54e5xaZNXW9h5S5SAaanEfjO1irRWA9ZduS8B9yjCg==",cdn-downstream-fbl;dur=252 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -701,15 +842,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8dac9acbf37a4821f35529f7cc336eba.cloudfront.net (CloudFront) + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - YHnjelKvzCyr4LdIq760kV_vAbTMOK0VAn2iUUetHMLQEVbVDzxucQ== + - e94y2Mg2l99V54e5xaZNXW9h5S5SAaanEfjO1irRWA9ZduS8B9yjCg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - e548d54cd516a25ade3ac7a1669bd5e7 + - 5fc9779e15c4f4c31994b35c9ef29cc5 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -738,12 +879,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:33.474+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:33.669+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 5dafffe6-0547-4ba7-8a3c-f24c657431db + - 499ec758-4a23-42a5-a58a-fa9adbdfafb8 Atl-Traceid: - - 5dafffe605474ba78a3cf24c657431db + - 499ec7584a2342a5a58afa9adbdfafb8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -753,7 +894,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:33 GMT + - Sat, 24 May 2025 10:34:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -763,7 +904,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="I_atcKYzKE-cK_jyGNKkhvJbqj7cDMiGhTZcVD-XMdxbbmM9ZhVs4w==",cdn-downstream-fbl;dur=234,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=55,cdn-upstream-fbl;dur=232,atl-edge;dur=158,atl-edge-internal;dur=14,atl-edge-upstream;dur=143,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=117,atl-edge;dur=109,atl-edge-internal;dur=15,atl-edge-upstream;dur=95,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="CT94jMXxcW16kXhZp9Uh83wgfF3ocYyrau8p_HVBW0Ch8DTisUW4xg==",cdn-downstream-fbl;dur=122 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -773,15 +914,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 603f7fca6e96da4aaee2b5219f231c92.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - I_atcKYzKE-cK_jyGNKkhvJbqj7cDMiGhTZcVD-XMdxbbmM9ZhVs4w== + - CT94jMXxcW16kXhZp9Uh83wgfF3ocYyrau8p_HVBW0Ch8DTisUW4xg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 3cac7ae920db2a16900d386909498a5d + - 5fae599f62afb9a493fc166f9d23e333 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -819,9 +960,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - a1e1283f-e98b-4d6d-bae3-937e0976310c + - 9616222e-825c-4112-9794-ec251ba1e37e Atl-Traceid: - - a1e1283fe98b4d6dbae3937e0976310c + - 9616222e825c41129794ec251ba1e37e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -831,7 +972,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:34 GMT + - Sat, 24 May 2025 10:34:34 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -841,7 +982,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="tEhyPP6uC4F14S0o7RrkFfXNPILFJE4mzVOZH3CZ7W79CpPTbjDPTg==",cdn-downstream-fbl;dur=403,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=400,atl-edge;dur=312,atl-edge-internal;dur=18,atl-edge-upstream;dur=295,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=283,atl-edge;dur=275,atl-edge-internal;dur=17,atl-edge-upstream;dur=258,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="r_Gs2XAKJdT3shd4Agu7ogoh55YcdP6xQke4e6EsEj1_PHU4oleUlg==",cdn-downstream-fbl;dur=288 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -851,110 +992,51 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 6bddabf0adf0131ec8169647c939d30c.cloudfront.net (CloudFront) + - 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - tEhyPP6uC4F14S0o7RrkFfXNPILFJE4mzVOZH3CZ7W79CpPTbjDPTg== + - r_Gs2XAKJdT3shd4Agu7ogoh55YcdP6xQke4e6EsEj1_PHU4oleUlg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 110b5c232b1bf776affc77b9f0d73e18 + - 79444fc8008cda80d5ecc9d157b67ebb X-Cache: - Miss from cloudfront - X-Content-Type-Options: - - nosniff - X-Xss-Protection: - - 1; mode=block - status: - code: 200 - message: OK -- request: - body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, - "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of - Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/17] in [Security - How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/113]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/304] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/302] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < - 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= - 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/304]\n*Defect - Dojo link:* http://localhost:8080/finding/304 (304)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs when - the remote database or query specifies a crafted column name. \n\nThere are - two specific scenarios in which it is likely for an application to be vulnerable:\n1. - The application executes unsafe, user-supplied sql which contains malicious - column names.\n2. The application connects to an untrusted database and executes - a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require(''pg'')\nconst client = new Client()\nclient.connect()\n\nconst - sql = `SELECT 1 AS \"\\\\''/*\", 2 AS \"\\\\''*/\\n + console.log(process.env)] - = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n - Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= - 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || - >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 - || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 - || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < - 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 - < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n - Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to version 2.11.2 - or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: - Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 - or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions - 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version - 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/302]\n*Defect Dojo link:* http://localhost:8080/finding/302 - (302)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs when - the remote database or query specifies a crafted column name. \n\nThere are - two specific scenarios in which it is likely for an application to be vulnerable:\n1. - The application executes unsafe, user-supplied sql which contains malicious - column names.\n2. The application connects to an untrusted database and executes - a query returning results which contain a malicious column name.\n\n## Proof - of Concept\n```\nconst { Client } = require(''pg'')\nconst client = new Client()\nclient.connect()\n\nconst - sql = `SELECT 1 AS \"\\\\''/*\", 2 AS \"\\\\''*/\\n + console.log(process.env)] - = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n - Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= - 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || - >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 - || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 - || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < - 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 - < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n - Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to version 2.11.2 - or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: - Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 - or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions - 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version - 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* - [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group + of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/945] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/120]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/338]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/338]\n*Defect + Dojo link:* http://localhost:8080/finding/338 (338)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service when + parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' headers: Accept: - application/json,*/*;q=0.9 @@ -965,7 +1047,7 @@ interactions: Connection: - keep-alive Content-Length: - - '6804' + - '2139' Content-Type: - application/json User-Agent: @@ -974,12 +1056,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18245","key":"NTEST-1875","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18245"}' + string: '{"id":"19684","key":"NTEST-3012","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19684"}' headers: Atl-Request-Id: - - 182c5f75-47b8-4b3b-bcf8-c4c5c4ec16fc + - aadacc92-4f53-44a5-9eba-e0d670ac375e Atl-Traceid: - - 182c5f7547b84b3bbcf8c4c5c4ec16fc + - aadacc924f5344a59ebae0d670ac375e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -987,7 +1069,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:35 GMT + - Sat, 24 May 2025 10:34:34 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -997,7 +1079,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=795,atl-edge;dur=761,atl-edge-internal;dur=15,atl-edge-upstream;dur=747,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="g5n1YhJwNk_J5x3Ut11XG38kJ7xXtsBUlkZ_URnphEOLxygrMPUb2Q==",cdn-downstream-fbl;dur=800 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=792,atl-edge;dur=784,atl-edge-internal;dur=15,atl-edge-upstream;dur=769,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Duu0UxSfCbSLxjiE3_LGHxo8YB9Ymb4_hqMbVXGJF0SMrUZ1xTBwDQ==",cdn-downstream-fbl;dur=795 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1007,15 +1089,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 edb5724c2fa0963fde9c6c5089b747ce.cloudfront.net (CloudFront) + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - g5n1YhJwNk_J5x3Ut11XG38kJ7xXtsBUlkZ_URnphEOLxygrMPUb2Q== + - Duu0UxSfCbSLxjiE3_LGHxo8YB9Ymb4_hqMbVXGJF0SMrUZ1xTBwDQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 03cf72a0652aee65d7b7bc0f5c4c5f3b + - 38413cced5327f7fe8cce72d5b45ef9a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1041,103 +1123,43 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1875 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3012 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18245","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18245","key":"NTEST-1875","fields":{"statuscategorychangedate":"2025-04-30T18:27:35.017+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19684","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19684","key":"NTEST-3012","fields":{"statuscategorychangedate":"2025-05-24T12:34:34.834+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1875/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:34.699+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t73:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:34.802+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3012/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:34.473+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010kf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:34.571+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/17] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/945] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/113]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/304] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/302] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/304]\n*Defect - Dojo link:* http://localhost:8080/finding/304 (304)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs - when the remote database or query specifies a crafted column name. \n\nThere - are two specific scenarios in which it is likely for an application to be - vulnerable:\n1. The application executes unsafe, user-supplied sql which contains - malicious column names.\n2. The application connects to an untrusted database - and executes a query returning results which contain a malicious column name.\n\n## - Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = - new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 - AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < - 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 - < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched - Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= - 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable - Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* - Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update - to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* - Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update - to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are - also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/302]\n*Defect Dojo link:* - http://localhost:8080/finding/302 (302)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs - when the remote database or query specifies a crafted column name. \n\nThere - are two specific scenarios in which it is likely for an application to be - vulnerable:\n1. The application executes unsafe, user-supplied sql which contains - malicious column names.\n2. The application connects to an untrusted database - and executes a query returning results which contain a malicious column name.\n\n## - Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = - new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 - AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < - 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 - < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched - Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= - 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable - Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* - Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update - to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* - Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update - to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are - also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + / [NPM Audit Scan|http://localhost:8080/test/120]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/338]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/338]\n*Defect + Dojo link:* http://localhost:8080/finding/338 (338)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service + when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1875/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18245/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3012/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19684/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - bc3bd91e-7e1d-481c-b81d-0f4a6aa73e4c + - 7c827542-78a7-44ea-98d4-1dc555a6021e Atl-Traceid: - - bc3bd91e7e1d481cb81d0f4a6aa73e4c + - 7c82754278a744ea98d41dc555a6021e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1147,7 +1169,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:35 GMT + - Sat, 24 May 2025 10:34:35 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1157,7 +1179,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=288,atl-edge;dur=255,atl-edge-internal;dur=15,atl-edge-upstream;dur=240,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="HgDDDid2g2ZaPeisolkaeNd2cNffQe0kHds_oh_L3HdI-ZIbi7j_pg==",cdn-downstream-fbl;dur=292 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="0QVce02hHs0bfFsIVy-2PmNIJJdUx8p0DZK85YEee_YF_B2sZisdMw==",cdn-downstream-fbl;dur=240,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=237,atl-edge;dur=207,atl-edge-internal;dur=15,atl-edge-upstream;dur=193,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1167,15 +1189,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 de5b26aba33b480d2b740b96a34fe916.cloudfront.net (CloudFront) + - 1.1 c337a55bb25a3540411fbbf6c8ad1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - HgDDDid2g2ZaPeisolkaeNd2cNffQe0kHds_oh_L3HdI-ZIbi7j_pg== + - 0QVce02hHs0bfFsIVy-2PmNIJJdUx8p0DZK85YEee_YF_B2sZisdMw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - bceb78bdc96d08f4822d2fbfc11276a6 + - 395beb814c9fb028b0e653aaed72c8e8 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1201,103 +1223,43 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18245 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19684 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18245","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18245","key":"NTEST-1875","fields":{"statuscategorychangedate":"2025-04-30T18:27:35.017+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19684","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19684","key":"NTEST-3012","fields":{"statuscategorychangedate":"2025-05-24T12:34:34.834+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1875/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:34.699+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t73:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:34.802+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3012/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:34.473+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010kf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:34.571+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/17] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/945] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/113]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/304] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote - Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < - 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= - 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/302] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/304]\n*Defect - Dojo link:* http://localhost:8080/finding/304 (304)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs - when the remote database or query specifies a crafted column name. \n\nThere - are two specific scenarios in which it is likely for an application to be - vulnerable:\n1. The application executes unsafe, user-supplied sql which contains - malicious column names.\n2. The application connects to an untrusted database - and executes a query returning results which contain a malicious column name.\n\n## - Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = - new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 - AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < - 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 - < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched - Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= - 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable - Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* - Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update - to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* - Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update - to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are - also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/302]\n*Defect Dojo link:* - http://localhost:8080/finding/302 (302)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected - versions of `pg` contain a remote code execution vulnerability that occurs - when the remote database or query specifies a crafted column name. \n\nThere - are two specific scenarios in which it is likely for an application to be - vulnerable:\n1. The application executes unsafe, user-supplied sql which contains - malicious column names.\n2. The application connects to an untrusted database - and executes a query returning results which contain a malicious column name.\n\n## - Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = - new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 - AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, - (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable - Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < - 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 - < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched - Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 - < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= - 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable - Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* - Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update - to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* - Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update - to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are - also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + / [NPM Audit Scan|http://localhost:8080/test/120]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/338]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/338]\n*Defect + Dojo link:* http://localhost:8080/finding/338 (338)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service + when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1875/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18245/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3012/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19684/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - b41e56f1-8b6c-4165-a34a-ab769db876f9 + - 0b58cc8f-43c5-42fd-9e4b-060827424e77 Atl-Traceid: - - b41e56f18b6c4165a34aab769db876f9 + - 0b58cc8f43c542fd9e4b060827424e77 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1307,7 +1269,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:36 GMT + - Sat, 24 May 2025 10:34:35 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1317,7 +1279,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="w1-JJZnbFW-2RtQ0Td6dzqG0JDf3W3dcA8HK92VElQwcTY2vuuPxOQ==",cdn-downstream-fbl;dur=353,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=350,atl-edge;dur=265,atl-edge-internal;dur=16,atl-edge-upstream;dur=249,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=209,atl-edge;dur=202,atl-edge-internal;dur=17,atl-edge-upstream;dur=185,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="d6YGnovmOlOXsYN3MTMcDTRzW7gfzlkzKWE4rVIAaLmDzRKgsM6L4Q==",cdn-downstream-fbl;dur=213 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1327,15 +1289,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 48f2e5da4dd7651bfa3bfd0054610cf4.cloudfront.net (CloudFront) + - 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - w1-JJZnbFW-2RtQ0Td6dzqG0JDf3W3dcA8HK92VElQwcTY2vuuPxOQ== + - d6YGnovmOlOXsYN3MTMcDTRzW7gfzlkzKWE4rVIAaLmDzRKgsM6L4Q== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 7ce8a965d50fc8d970836eca165cfa92 + - 884bf303d89421f2b3912aad3ced77b0 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1364,12 +1326,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:36.361+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:35.729+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 9ed5d0be-3c7f-4c1f-9ffc-5dd4a24c5ef4 + - c8383688-ae09-42a5-ad6f-5f3e5a076f5d Atl-Traceid: - - 9ed5d0be3c7f4c1f9ffc5dd4a24c5ef4 + - c8383688ae0942a5ad6f5f3e5a076f5d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1379,7 +1341,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:36 GMT + - Sat, 24 May 2025 10:34:35 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1389,7 +1351,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=178,atl-edge;dur=146,atl-edge-internal;dur=14,atl-edge-upstream;dur=131,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="EE9pqCEB9qboGN7XPtAx6IWHCrtILBPOpYY4DoXGmDu_V0WVKfzOgg==",cdn-downstream-fbl;dur=182 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=107,atl-edge;dur=99,atl-edge-internal;dur=16,atl-edge-upstream;dur=83,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="7Xy1Ij-kv_k1Xfn_oXS1DeKrU4AkUkX4AkJiEFDhssPcyXWYW-6qsg==",cdn-downstream-fbl;dur=112 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1399,15 +1361,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9fe7d47ea2a815113a41181f1d63f69e.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - EE9pqCEB9qboGN7XPtAx6IWHCrtILBPOpYY4DoXGmDu_V0WVKfzOgg== + - 7Xy1Ij-kv_k1Xfn_oXS1DeKrU4AkUkX4AkJiEFDhssPcyXWYW-6qsg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 54b675481d07fed9918125775e218323 + - d831f978ad908e9cc7dd6903c376ad49 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1445,9 +1407,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - bdc682c2-28ea-4bec-9915-f7b9959d342e + - c1262098-3c58-4e1b-87c5-c9731803e301 Atl-Traceid: - - bdc682c228ea4bec9915f7b9959d342e + - c12620983c584e1b87c5c9731803e301 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1457,7 +1419,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:36 GMT + - Sat, 24 May 2025 10:34:36 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1467,7 +1429,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="E_QLL7dGDF9_uslHbuL1mS_ASJNOhLBFS_JGgUbfY3JOKDZDqXCvoQ==",cdn-downstream-fbl;dur=436,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=78,cdn-upstream-fbl;dur=433,atl-edge;dur=332,atl-edge-internal;dur=16,atl-edge-upstream;dur=316,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=266,atl-edge;dur=259,atl-edge-internal;dur=18,atl-edge-upstream;dur=242,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="CE1-_g9-7BC17uci4T4LxxBelj3DnZ6EgGRwceaPjgIPoTx4rUeo3A==",cdn-downstream-fbl;dur=270 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1477,18 +1439,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b376080c70ff0aef5ae83cd4d75e16d0.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - E_QLL7dGDF9_uslHbuL1mS_ASJNOhLBFS_JGgUbfY3JOKDZDqXCvoQ== + - CE1-_g9-7BC17uci4T4LxxBelj3DnZ6EgGRwceaPjgIPoTx4rUeo3A== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - d99f2d1490d026bae8c74ea57ae000cd + - 5f8d3906993eac6fa46bc24d6db3d5ea X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1500,25 +1462,42 @@ interactions: message: OK - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, - "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group - of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/18] in [Security - How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/113]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/303] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/303]\n*Defect - Dojo link:* http://localhost:8080/finding/303 (303)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source - File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected - versions of `fresh` are vulnerable to regular expression denial of service when - parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable - Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n - CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or - later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/943] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/120]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/336]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/335]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/336]\n*Defect Dojo link:* http://localhost:8080/finding/336 + (336)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/335]\n*Defect + Dojo link:* http://localhost:8080/finding/335 (335)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' headers: Accept: @@ -1530,7 +1509,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1945' + - '3511' Content-Type: - application/json User-Agent: @@ -1539,12 +1518,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18247","key":"NTEST-1876","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18247"}' + string: '{"id":"19685","key":"NTEST-3013","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19685"}' headers: Atl-Request-Id: - - 0aa8d30f-d83d-413f-99cc-85b50659953a + - d5d9c24f-e86a-4503-9b58-fa2840189f27 Atl-Traceid: - - 0aa8d30fd83d413f99cc85b50659953a + - d5d9c24fe86a45039b58fa2840189f27 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1552,7 +1531,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:37 GMT + - Sat, 24 May 2025 10:34:36 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1562,7 +1541,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="Hr64e59qbEpYbac__zivnASyO8IjrakkJPyFvI1QjoEko9Jp3fT_BA==",cdn-downstream-fbl;dur=850,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=94,cdn-upstream-fbl;dur=846,atl-edge;dur=720,atl-edge-internal;dur=18,atl-edge-upstream;dur=701,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=735,atl-edge;dur=727,atl-edge-internal;dur=16,atl-edge-upstream;dur=711,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Hlkm3Mn9eun96Wj0Gdx1-ajkG2bvwL67XyvXXgriXT5bhqWQko2jVw==",cdn-downstream-fbl;dur=739 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1572,15 +1551,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Hr64e59qbEpYbac__zivnASyO8IjrakkJPyFvI1QjoEko9Jp3fT_BA== + - Hlkm3Mn9eun96Wj0Gdx1-ajkG2bvwL67XyvXXgriXT5bhqWQko2jVw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - a356cc2986ba40d1ba69f6ffd7ac7396 + - e0e984f6cd21147a6dbd52a3f2856cca X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1606,41 +1585,58 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1876 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3013 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18247","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18247","key":"NTEST-1876","fields":{"statuscategorychangedate":"2025-04-30T18:27:37.802+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19685","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19685","key":"NTEST-3013","fields":{"statuscategorychangedate":"2025-05-24T12:34:36.857+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1876/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:37.513+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t7b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:37.600+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3013/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:36.519+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010kn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:36.606+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/18] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/943] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/113]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/303] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/303]\n*Defect - Dojo link:* http://localhost:8080/finding/303 (303)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source - File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected - versions of `fresh` are vulnerable to regular expression denial of service - when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable - Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n - CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 - or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + / [NPM Audit Scan|http://localhost:8080/test/120]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/336]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/335]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/336]\n*Defect Dojo link:* http://localhost:8080/finding/336 + (336)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/335]\n*Defect + Dojo link:* http://localhost:8080/finding/335 (335)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1876/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18247/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3013/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19685/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 31b7b112-a7ee-4a1d-b50d-fb09a3e4b719 + - f4e5f3ab-e08e-4316-9f92-f4672b6edd97 Atl-Traceid: - - 31b7b112a7ee4a1db50dfb09a3e4b719 + - f4e5f3abe08e43169f92f4672b6edd97 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1650,7 +1646,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:38 GMT + - Sat, 24 May 2025 10:34:37 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1660,7 +1656,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=358,atl-edge;dur=325,atl-edge-internal;dur=30,atl-edge-upstream;dur=293,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="WtJ5N-ptg8QzYkXWBqEN7b8_jrnvk7JOWieIjqKsSIZcKTEsAYISRQ==",cdn-downstream-fbl;dur=362 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=233,atl-edge;dur=225,atl-edge-internal;dur=16,atl-edge-upstream;dur=209,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="UX9OVT8I9Ooy7i_d7CUjbuIK-dnCG0MW5jo7eBho2BlZiNrdIcPmPg==",cdn-downstream-fbl;dur=236 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1670,15 +1666,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e665d09233240df4d3172e59222e0ba2.cloudfront.net (CloudFront) + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - WtJ5N-ptg8QzYkXWBqEN7b8_jrnvk7JOWieIjqKsSIZcKTEsAYISRQ== + - UX9OVT8I9Ooy7i_d7CUjbuIK-dnCG0MW5jo7eBho2BlZiNrdIcPmPg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - f1b89f051b97500b6158dd3008e91180 + - 98fed1c41405bebf9e82272666274ad9 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1704,41 +1700,58 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18247 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19685 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18247","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18247","key":"NTEST-1876","fields":{"statuscategorychangedate":"2025-04-30T18:27:37.802+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19685","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19685","key":"NTEST-3013","fields":{"statuscategorychangedate":"2025-05-24T12:34:36.857+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1876/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:37.513+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t7b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:37.600+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3013/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:36.519+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010kn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:36.606+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/18] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/943] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/113]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/303] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/303]\n*Defect - Dojo link:* http://localhost:8080/finding/303 (303)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] - \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source - File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected - versions of `fresh` are vulnerable to regular expression denial of service - when parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable - Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n - CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 - or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + / [NPM Audit Scan|http://localhost:8080/test/120]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/336]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/335]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/336]\n*Defect Dojo link:* http://localhost:8080/finding/336 + (336)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/335]\n*Defect + Dojo link:* http://localhost:8080/finding/335 (335)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1876/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18247/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3013/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19685/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 9c98cc3f-6dba-49aa-9c63-ab6bf306c3ff + - e026eda6-7cff-47b2-93c4-8ea9c2a5c637 Atl-Traceid: - - 9c98cc3f6dba49aa9c63ab6bf306c3ff + - e026eda67cff47b293c48ea9c2a5c637 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1748,7 +1761,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:38 GMT + - Sat, 24 May 2025 10:34:37 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1758,7 +1771,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="tKxZ9TAbnt_DXTEpngro8iDybGCka0m2nsNT8hsPWA5lu5g9YyERsA==",cdn-downstream-fbl;dur=402,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=399,atl-edge;dur=315,atl-edge-internal;dur=26,atl-edge-upstream;dur=290,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=244,atl-edge;dur=236,atl-edge-internal;dur=17,atl-edge-upstream;dur=220,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="v6bZg2S536dFH-PwtQ6RCY_v7yOwC0m_2peRFm1_269BjR7Ld-L5ug==",cdn-downstream-fbl;dur=248 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1768,15 +1781,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 41e9e91568ab5e34cd26bd32ceb4035e.cloudfront.net (CloudFront) + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - tKxZ9TAbnt_DXTEpngro8iDybGCka0m2nsNT8hsPWA5lu5g9YyERsA== + - v6bZg2S536dFH-PwtQ6RCY_v7yOwC0m_2peRFm1_269BjR7Ld-L5ug== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - bfb4ea49bf33b943d56527381720b51a + - 18f48d632ccdb922f86aef08c0fa9f1e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1787,34 +1800,7 @@ interactions: code: 200 message: OK - request: - body: '{"description": "Event scan_added_empty has occurred.", "title": "Created/Updated - 0 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": - null, "url_ui": "http://localhost:8080/test/113", "url_api": "http://localhost:8080/api/v2/tests/113/", - "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", - "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": - "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": - "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter - Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": - "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 113, "url_ui": "http://localhost:8080/test/113", "url_api": "http://localhost:8080/api/v2/tests/113/"}, - "finding_count": 0, "findings": {"new": [], "reactivated": [], "mitigated": - [], "untouched": [{"id": 304, "title": "2222Remote Code Execution - (Pg, < 2.11.2 - || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 - || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/304", - "url_api": "http://localhost:8080/api/v2/findings/304/"}, {"id": 300, "title": - "Regular Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": - "High", "url_ui": "http://localhost:8080/finding/300", "url_api": "http://localhost:8080/api/v2/findings/300/"}, - {"id": 301, "title": "2222Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/301", - "url_api": "http://localhost:8080/api/v2/findings/301/"}, {"id": 302, "title": - "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 - || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 - || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", - "severity": "High", "url_ui": "http://localhost:8080/finding/302", "url_api": - "http://localhost:8080/api/v2/findings/302/"}, {"id": 303, "title": "Regular - Expression Denial of Service - (Fresh, < 0.5.2)", "severity": "High", "url_ui": - "http://localhost:8080/finding/303", "url_api": "http://localhost:8080/api/v2/findings/303/"}]}}' + body: '"scan_added.tpl"' headers: Accept: - application/json @@ -1825,11 +1811,11 @@ interactions: Connection: - keep-alive Content-Length: - - '2378' + - '16' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added_empty X-DefectDojo-Instance: @@ -1841,95 +1827,25 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"2378\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"16\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added_empty\"\n ],\n \"X-Defectdojo-Instance\": [\n \ \"http://localhost:8080\"\n ]\n },\n \"method\": \"POST\",\n \"origin\": - \"172.18.0.9:35094\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n - \ \"data\": \"{\\\"description\\\": \\\"Event scan_added_empty has occurred.\\\", - \\\"title\\\": \\\"Created/Updated 0 findings for Security How-to: 1st Quarter - Engagement: NPM Audit Scan\\\", \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/113\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/113/\\\", \\\"product_type\\\": - {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": - {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": - {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": - \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 113, \\\"url_ui\\\": \\\"http://localhost:8080/test/113\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/113/\\\"}, \\\"finding_count\\\": - 0, \\\"findings\\\": {\\\"new\\\": [], \\\"reactivated\\\": [], \\\"mitigated\\\": - [], \\\"untouched\\\": [{\\\"id\\\": 304, \\\"title\\\": \\\"2222Remote Code - Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 - < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= - 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", - \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/304\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/304/\\\"}, {\\\"id\\\": - 300, \\\"title\\\": \\\"Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/300\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/300/\\\"}, {\\\"id\\\": - 301, \\\"title\\\": \\\"2222Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/301\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/301/\\\"}, {\\\"id\\\": - 302, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/302\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/302/\\\"}, {\\\"id\\\": 303, \\\"title\\\": - \\\"Regular Expression Denial of Service - (Fresh, < 0.5.2)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/303\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/303/\\\"}]}}\",\n \"files\": {},\n - \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added_empty - has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": - \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n - \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": - 0,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [],\n \"reactivated\": - [],\n \"untouched\": [\n {\n \"id\": 304,\n \"severity\": - \"High\",\n \"title\": \"2222Remote Code Execution - (Pg, < 2.11.2 - || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < - 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 - < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/304/\",\n \"url_ui\": \"http://localhost:8080/finding/304\"\n - \ },\n {\n \"id\": 300,\n \"severity\": \"High\",\n - \ \"title\": \"Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/300/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/300\"\n },\n - \ {\n \"id\": 301,\n \"severity\": \"High\",\n \"title\": - \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/301/\",\n \"url_ui\": \"http://localhost:8080/finding/301\"\n - \ },\n {\n \"id\": 302,\n \"severity\": \"High\",\n - \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < - 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 - < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= - 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/302/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/302\"\n },\n - \ {\n \"id\": 303,\n \"severity\": \"High\",\n \"title\": - \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/303/\",\n \"url_ui\": \"http://localhost:8080/finding/303\"\n - \ }\n ]\n },\n \"product\": {\n \"id\": 2,\n \"name\": - \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n - \ \"url_ui\": \"http://localhost:8080/product/2\"\n },\n \"product_type\": - {\n \"id\": 2,\n \"name\": \"ebooks\",\n \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n - \ \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": - {\n \"id\": 113,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/113/\",\n - \ \"url_ui\": \"http://localhost:8080/test/113\"\n },\n \"title\": - \"Created/Updated 0 findings for Security How-to: 1st Quarter Engagement: - NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/113/\",\n - \ \"url_ui\": \"http://localhost:8080/test/113\",\n \"user\": null\n - \ }\n}\n" + \"10.250.1.6:45568\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n + \ \"data\": \"\\\"scan_added.tpl\\\"\",\n \"files\": {},\n \"form\": {},\n + \ \"json\": \"scan_added.tpl\"\n}\n" headers: Access-Control-Allow-Credentials: - 'true' Access-Control-Allow-Origin: - '*' + Content-Length: + - '738' Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:27:39 GMT - Transfer-Encoding: - - chunked + - Sat, 24 May 2025 10:34:35 GMT status: code: 200 message: OK diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_push_to_jira.yaml index edc29cb9300..161e35dec3d 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_push_to_jira.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_push_to_jira.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:39.547+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:38.156+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 22e569f7-385b-4f6e-9a5b-03e5f1362960 + - a361d84b-c2ba-4b60-b3b7-560caf63bd71 Atl-Traceid: - - 22e569f7385b4f6e9a5b03e5f1362960 + - a361d84bc2ba4b60b3b7560caf63bd71 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:39 GMT + - Sat, 24 May 2025 10:34:38 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="mPdu8bp4MdMyha7V2FJl-ZNt-5W4zTarTUtmyiF1scM6qrfOCspumQ==",cdn-downstream-fbl;dur=238,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=235,atl-edge;dur=162,atl-edge-internal;dur=12,atl-edge-upstream;dur=150,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=110,atl-edge;dur=102,atl-edge-internal;dur=17,atl-edge-upstream;dur=86,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="oQI_wYWHNS0v9U_fNQw8Ooky2eiEntV4_oDgiiYB3TNbrrFIqZPUGQ==",cdn-downstream-fbl;dur=114 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 51e6f466f192ce588105b138cebcc0d0.cloudfront.net (CloudFront) + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - mPdu8bp4MdMyha7V2FJl-ZNt-5W4zTarTUtmyiF1scM6qrfOCspumQ== + - oQI_wYWHNS0v9U_fNQw8Ooky2eiEntV4_oDgiiYB3TNbrrFIqZPUGQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 6ec127ca5a30dfa52f009cc3578e0e09 + - 5d5573d0428db0ec4068ae51210f6595 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 0aeb5128-29ed-41c8-a67a-734c0091c63b + - e75843b5-ea22-4e22-8d3e-eefb6163d7e1 Atl-Traceid: - - 0aeb512829ed41c8a67a734c0091c63b + - e75843b5ea224e228d3eeefb6163d7e1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:40 GMT + - Sat, 24 May 2025 10:34:38 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="acF3SD5Vhs2pY6M39XCoTbQbkSYS07DaiZ82zrNEd2y7azvml2Ii0w==",cdn-downstream-fbl;dur=407,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=404,atl-edge;dur=320,atl-edge-internal;dur=15,atl-edge-upstream;dur=305,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=300,atl-edge;dur=292,atl-edge-internal;dur=21,atl-edge-upstream;dur=271,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Mo2JpfA-0NU8SlBVP61goUvve-dRNnXxzbquLz1VeVfbj4lkuZYTtA==",cdn-downstream-fbl;dur=304 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 64d5385c423c2207e3680beec4636de8.cloudfront.net (CloudFront) + - 1.1 1a89beee9d72657437f5e91f57220804.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - acF3SD5Vhs2pY6M39XCoTbQbkSYS07DaiZ82zrNEd2y7azvml2Ii0w== + - Mo2JpfA-0NU8SlBVP61goUvve-dRNnXxzbquLz1VeVfbj4lkuZYTtA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - f9661197886284abcd5a57e72b171ba4 + - c00d2be744b9d39e4d9f4d4b799a0536 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -156,19 +156,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/19] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/946] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/114]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/306] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/305] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/121]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/341]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/340]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/306]\n*Defect Dojo link:* http://localhost:8080/finding/306 - (306)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/341]\n*Defect Dojo link:* http://localhost:8080/finding/341 + (341)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -178,9 +179,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/305]\n*Defect - Dojo link:* http://localhost:8080/finding/305 (305)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/340]\n*Defect + Dojo link:* http://localhost:8080/finding/340 (340)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -200,7 +201,7 @@ interactions: Connection: - keep-alive Content-Length: - - '3334' + - '3511' Content-Type: - application/json User-Agent: @@ -209,12 +210,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18249","key":"NTEST-1877","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18249"}' + string: '{"id":"19686","key":"NTEST-3014","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19686"}' headers: Atl-Request-Id: - - f54c7f7c-4655-41f2-b4cc-0354edb2fb06 + - 07d3d1db-93bc-41af-809c-087751bf87bc Atl-Traceid: - - f54c7f7c465541f2b4cc0354edb2fb06 + - 07d3d1db93bc41af809c087751bf87bc Cache-Control: - no-cache, no-store, no-transform Connection: @@ -222,7 +223,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:41 GMT + - Sat, 24 May 2025 10:34:39 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -232,7 +233,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="-cI6Gs3UUJFSsVyeXYh_Mql-8IT-jMnqpt9tCAYG1Vwd5ELLpvvNYQ==",cdn-downstream-fbl;dur=821,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=56,cdn-upstream-fbl;dur=817,atl-edge;dur=741,atl-edge-internal;dur=17,atl-edge-upstream;dur=725,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=684,atl-edge;dur=677,atl-edge-internal;dur=19,atl-edge-upstream;dur=657,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="HEyEFBWTeQ1Pi9x0LEf8-OnQxVUGrHhLWkV9ktUkf6E9rVqyOm4bHg==",cdn-downstream-fbl;dur=688 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -242,15 +243,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2bdfafaaaec33c116889588ecd9de280.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - -cI6Gs3UUJFSsVyeXYh_Mql-8IT-jMnqpt9tCAYG1Vwd5ELLpvvNYQ== + - HEyEFBWTeQ1Pi9x0LEf8-OnQxVUGrHhLWkV9ktUkf6E9rVqyOm4bHg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 47a4dd8e1868ed95d9543a04826e4a17 + - 2c6ab81c780673e8c6c089a5daf484c8 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -276,28 +277,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1877 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3014 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18249","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18249","key":"NTEST-1877","fields":{"statuscategorychangedate":"2025-04-30T18:27:41.112+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19686","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19686","key":"NTEST-3014","fields":{"statuscategorychangedate":"2025-05-24T12:34:39.280+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1877/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:40.779+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t7j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:40.868+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3014/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:38.982+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010kv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:39.060+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/19] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/946] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/114]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/306] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/305] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/121]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/341]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/340]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/306]\n*Defect Dojo link:* http://localhost:8080/finding/306 - (306)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/341]\n*Defect Dojo link:* http://localhost:8080/finding/341 + (341)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -307,9 +309,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/305]\n*Defect - Dojo link:* http://localhost:8080/finding/305 (305)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/340]\n*Defect + Dojo link:* http://localhost:8080/finding/340 (340)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -319,14 +321,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1877/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18249/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3014/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19686/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 48eec609-0952-4ecc-889b-d6bb1787740e + - fec1b9a8-eda0-4f06-9fbd-9cba8da7acd2 Atl-Traceid: - - 48eec60909524ecc889bd6bb1787740e + - fec1b9a8eda04f069fbd9cba8da7acd2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -336,7 +338,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:41 GMT + - Sat, 24 May 2025 10:34:39 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -346,7 +348,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=312,atl-edge;dur=279,atl-edge-internal;dur=16,atl-edge-upstream;dur=264,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="obgnaWbQq2z4NLJsfNGBeCyDVf-zV-wZDhBgrE4E38JU7rSoO4w6nQ==",cdn-downstream-fbl;dur=316 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=273,atl-edge;dur=266,atl-edge-internal;dur=17,atl-edge-upstream;dur=249,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="g1xdl-b8H2VvTXq_98iM9ukSpID9SzABwCYd2jYpoklIWQveiQxTcA==",cdn-downstream-fbl;dur=278 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -356,15 +358,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8139bc666c011a53bdc5037ba6d5931e.cloudfront.net (CloudFront) + - 1.1 e086ec27af2d3105a1a9fa7efa1be454.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - obgnaWbQq2z4NLJsfNGBeCyDVf-zV-wZDhBgrE4E38JU7rSoO4w6nQ== + - g1xdl-b8H2VvTXq_98iM9ukSpID9SzABwCYd2jYpoklIWQveiQxTcA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 08b8a9b9e4d1a6407596bd021d72edf7 + - 29ddb8abcb71c76bbe4ec4ee4a24bf3b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -390,28 +392,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18249 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19686 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18249","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18249","key":"NTEST-1877","fields":{"statuscategorychangedate":"2025-04-30T18:27:41.112+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19686","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19686","key":"NTEST-3014","fields":{"statuscategorychangedate":"2025-05-24T12:34:39.280+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1877/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:40.779+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t7j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:40.868+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3014/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:38.982+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010kv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:39.060+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/19] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/946] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/114]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/306] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/305] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/121]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/341]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/340]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/306]\n*Defect Dojo link:* http://localhost:8080/finding/306 - (306)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/341]\n*Defect Dojo link:* http://localhost:8080/finding/341 + (341)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -421,9 +424,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/305]\n*Defect - Dojo link:* http://localhost:8080/finding/305 (305)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/340]\n*Defect + Dojo link:* http://localhost:8080/finding/340 (340)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -433,14 +436,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1877/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18249/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3014/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19686/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 9851bcff-002d-49d8-aaf1-7c35a97c6c44 + - 1353933b-25ae-42fb-8a58-9dddd59d6477 Atl-Traceid: - - 9851bcff002d49d8aaf17c35a97c6c44 + - 1353933b25ae42fb8a589dddd59d6477 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -450,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:42 GMT + - Sat, 24 May 2025 10:34:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -460,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=23,cdn-upstream-fbl;dur=362,atl-edge;dur=266,atl-edge-internal;dur=21,atl-edge-upstream;dur=246,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="pi-juRiGU0V9yuhgRvBY7p-feFuUUmk9ifR1csfYnp5uvpwtQwydRw==",cdn-downstream-fbl;dur=365 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=247,atl-edge;dur=239,atl-edge-internal;dur=15,atl-edge-upstream;dur=225,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="5-TGxgq_QHFjKXwl-KU-b7XFHzbWmvUZ6gxZMmnw6gZLLLJdKpbLWg==",cdn-downstream-fbl;dur=251 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -470,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ed78483d37e5338746e5a4b545e5818e.cloudfront.net (CloudFront) + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - pi-juRiGU0V9yuhgRvBY7p-feFuUUmk9ifR1csfYnp5uvpwtQwydRw== + - 5-TGxgq_QHFjKXwl-KU-b7XFHzbWmvUZ6gxZMmnw6gZLLLJdKpbLWg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 653d6f8369b3d73e348a3829dd3fd2ff + - af3550611d957b0d6b03cbb512263ec6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -507,12 +510,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:42.646+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:40.238+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 2eff8508-6ef1-4286-8a3d-d0e026deaea9 + - 2d344c6d-9628-4539-9ab5-e7b010fc13c7 Atl-Traceid: - - 2eff85086ef142868a3dd0e026deaea9 + - 2d344c6d962845399ab5e7b010fc13c7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -522,7 +525,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:42 GMT + - Sat, 24 May 2025 10:34:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -532,7 +535,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="id--yAbDe91lnYitZtH6HTqj_9DlGheB48sRCToJQ3gA1JF31irYxQ==",cdn-downstream-fbl;dur=247,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=58,cdn-upstream-fbl;dur=245,atl-edge;dur=167,atl-edge-internal;dur=17,atl-edge-upstream;dur=150,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=118,atl-edge;dur=110,atl-edge-internal;dur=16,atl-edge-upstream;dur=95,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="bQrhb6F3s_Ka0o_X6vRftDS1-dcOc7wufZAIxq8a74CD6CTN__N1Wg==",cdn-downstream-fbl;dur=122 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -542,15 +545,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c4fd63432996b55c90ff4db02c11a616.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - id--yAbDe91lnYitZtH6HTqj_9DlGheB48sRCToJQ3gA1JF31irYxQ== + - bQrhb6F3s_Ka0o_X6vRftDS1-dcOc7wufZAIxq8a74CD6CTN__N1Wg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - b5575a54bf9165a972bafdc613f45089 + - 980f6f5a39577d971c7f318508f1eb5a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -588,9 +591,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 09b098a7-8e58-4859-a7d5-ed9369e63b0a + - cdeaa4c6-0710-4753-aa63-e1be776cf099 Atl-Traceid: - - 09b098a78e584859a7d5ed9369e63b0a + - cdeaa4c607104753aa63e1be776cf099 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -600,7 +603,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:43 GMT + - Sat, 24 May 2025 10:34:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -610,7 +613,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="jdLPkODPw2YOWWu4Vwz8KO0mqjxa0AoUk8-KJsh2CrgxcdA6mZQdXw==",cdn-downstream-fbl;dur=426,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=423,atl-edge;dur=338,atl-edge-internal;dur=17,atl-edge-upstream;dur=321,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=245,atl-edge;dur=238,atl-edge-internal;dur=18,atl-edge-upstream;dur=220,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="RjesC3aQXnTd8ySIl7Y2mw0BeO9vqXoYUboYOzejrvIXwmY83Ys0iw==",cdn-downstream-fbl;dur=249 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -620,18 +623,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 603f7fca6e96da4aaee2b5219f231c92.cloudfront.net (CloudFront) + - 1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - jdLPkODPw2YOWWu4Vwz8KO0mqjxa0AoUk8-KJsh2CrgxcdA6mZQdXw== + - RjesC3aQXnTd8ySIl7Y2mw0BeO9vqXoYUboYOzejrvIXwmY83Ys0iw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 9efb1380b51343144c42ba56c399da3f + - a99b02f193bcf9edb384b5c4d635ba9c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -645,30 +648,31 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/20] in [Security + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/947] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/114]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/121]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/309] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/342]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/307] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/344]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/309]\n*Defect - Dojo link:* http://localhost:8080/finding/309 (309)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/342]\n*Defect + Dojo link:* http://localhost:8080/finding/342 (342)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -691,15 +695,15 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/307]\n*Defect Dojo link:* http://localhost:8080/finding/307 - (307)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/344]\n*Defect Dojo link:* http://localhost:8080/finding/344 + (344)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -722,7 +726,7 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' headers: Accept: @@ -734,7 +738,7 @@ interactions: Connection: - keep-alive Content-Length: - - '6804' + - '6981' Content-Type: - application/json User-Agent: @@ -743,12 +747,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18251","key":"NTEST-1878","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18251"}' + string: '{"id":"19687","key":"NTEST-3015","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19687"}' headers: Atl-Request-Id: - - e184f67e-39d3-4f60-9f9a-64881dbd5d8d + - 7dbfbb12-e290-48c7-90db-2f9df30e0d0c Atl-Traceid: - - e184f67e39d34f609f9a64881dbd5d8d + - 7dbfbb12e29048c790db2f9df30e0d0c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -756,7 +760,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:44 GMT + - Sat, 24 May 2025 10:34:41 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -766,7 +770,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=743,atl-edge;dur=709,atl-edge-internal;dur=17,atl-edge-upstream;dur=692,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="XODfq1_-A9in8WcSh5o2A0VvzoamNc22KeUj7bLFP4zQgOQLeedI9A==",cdn-downstream-fbl;dur=748 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=730,atl-edge;dur=723,atl-edge-internal;dur=15,atl-edge-upstream;dur=708,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="3ZqU0ZtNoeXTFngv_7Sdl1nlY-CDcZVxhYK4D3_IyUqsdl8xd9PQlg==",cdn-downstream-fbl;dur=736 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -776,15 +780,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a78d8f4a6ccd81221651cd6112d5330a.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - XODfq1_-A9in8WcSh5o2A0VvzoamNc22KeUj7bLFP4zQgOQLeedI9A== + - 3ZqU0ZtNoeXTFngv_7Sdl1nlY-CDcZVxhYK4D3_IyUqsdl8xd9PQlg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 6358a132d750b22fa388d1c15e29de61 + - 1eb912ae7c16faf7aa50592da429140e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -810,39 +814,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1878 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3015 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18251","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18251","key":"NTEST-1878","fields":{"statuscategorychangedate":"2025-04-30T18:27:43.985+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19687","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19687","key":"NTEST-3015","fields":{"statuscategorychangedate":"2025-05-24T12:34:41.367+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1878/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:43.679+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t7r:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:43.808+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3015/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:41.067+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010l3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:41.153+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/20] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/947] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/114]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/121]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/309] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/342]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/307] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/309]\n*Defect - Dojo link:* http://localhost:8080/finding/309 (309)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/344]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/342]\n*Defect + Dojo link:* http://localhost:8080/finding/342 (342)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -865,16 +870,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/307]\n*Defect Dojo link:* - http://localhost:8080/finding/307 (307)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/344]\n*Defect + Dojo link:* http://localhost:8080/finding/344 (344)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -897,16 +902,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1878/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18251/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3015/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19687/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 5a292f05-f8cf-45ed-8bdf-fc6e13f95e84 + - ffe072bc-665f-4dd8-85a2-5627d67a7144 Atl-Traceid: - - 5a292f05f8cf45ed8bdffc6e13f95e84 + - ffe072bc665f4dd885a25627d67a7144 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -916,7 +921,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:44 GMT + - Sat, 24 May 2025 10:34:41 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -926,7 +931,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=313,atl-edge;dur=280,atl-edge-internal;dur=15,atl-edge-upstream;dur=265,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="Af98SSyZgcPXljGD_WCXltE2HL1S89VcF3Bp6gfDADcV_HkoFeKB9g==",cdn-downstream-fbl;dur=317 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="cjdfEJrN0c4Tdav-iffFnR0oDjdazO53DO0bEEdzS8qGfUJQA_eRlg==",cdn-downstream-fbl;dur=253,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=251,atl-edge;dur=222,atl-edge-internal;dur=16,atl-edge-upstream;dur=206,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -936,15 +941,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 71ab92edd02bc8ec941d842529d753d0.cloudfront.net (CloudFront) + - 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Af98SSyZgcPXljGD_WCXltE2HL1S89VcF3Bp6gfDADcV_HkoFeKB9g== + - cjdfEJrN0c4Tdav-iffFnR0oDjdazO53DO0bEEdzS8qGfUJQA_eRlg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - b2af81dda0c0b05357632f11dc8be033 + - 38c57db498b26276129874d865410420 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -970,39 +975,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18251 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19687 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18251","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18251","key":"NTEST-1878","fields":{"statuscategorychangedate":"2025-04-30T18:27:43.985+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19687","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19687","key":"NTEST-3015","fields":{"statuscategorychangedate":"2025-05-24T12:34:41.367+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1878/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:43.679+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t7r:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:43.808+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3015/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:41.067+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010l3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:41.153+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/20] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/947] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/114]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/121]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/309] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/342]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/307] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/309]\n*Defect - Dojo link:* http://localhost:8080/finding/309 (309)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/344]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/342]\n*Defect + Dojo link:* http://localhost:8080/finding/342 (342)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -1025,16 +1031,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/307]\n*Defect Dojo link:* - http://localhost:8080/finding/307 (307)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/344]\n*Defect + Dojo link:* http://localhost:8080/finding/344 (344)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -1057,16 +1063,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1878/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18251/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3015/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19687/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 545565c1-3209-48e4-92ff-6ed501fe3de0 + - ce64017e-2c67-4693-965a-eb189233da6c Atl-Traceid: - - 545565c1320948e492ff6ed501fe3de0 + - ce64017e2c674693965aeb189233da6c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1076,7 +1082,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:45 GMT + - Sat, 24 May 2025 10:34:42 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1086,7 +1092,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="RxVF8tHAoXsQP8qQVU_cXsYayQY0Yt9oGpGb9JDcLTv_cnepZF2mwA==",cdn-downstream-fbl;dur=389,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=387,atl-edge;dur=301,atl-edge-internal;dur=18,atl-edge-upstream;dur=283,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="97pje53tptblOT-7qQxzbFgOFbCkbPJ3LK4bGecb_emRJ2PYk6-e_w==",cdn-downstream-fbl;dur=242,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=240,atl-edge;dur=212,atl-edge-internal;dur=19,atl-edge-upstream;dur=193,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1096,15 +1102,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f82a4020c8fc9b14a403737c65661074.cloudfront.net (CloudFront) + - 1.1 c337a55bb25a3540411fbbf6c8ad1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - RxVF8tHAoXsQP8qQVU_cXsYayQY0Yt9oGpGb9JDcLTv_cnepZF2mwA== + - 97pje53tptblOT-7qQxzbFgOFbCkbPJ3LK4bGecb_emRJ2PYk6-e_w== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - bc5e0d5d7467b2b8b29f46c91b1d2d38 + - 755d3c644c3c771e829f9e2045f898ee X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1133,12 +1139,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:45.538+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:42.292+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 8b47a52d-2a03-4feb-9a48-f9b46a0a2c10 + - 55e93f77-1313-4b25-b7ec-a8519d5d7a9c Atl-Traceid: - - 8b47a52d2a034feb9a48f9b46a0a2c10 + - 55e93f7713134b25b7eca8519d5d7a9c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1148,7 +1154,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:45 GMT + - Sat, 24 May 2025 10:34:42 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1158,7 +1164,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=188,atl-edge;dur=154,atl-edge-internal;dur=16,atl-edge-upstream;dur=140,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="qqoTjaWIR-SJxObpq-93g685GesKJLWayrGC5b_SCIdIqGFg9Dim3w==",cdn-downstream-fbl;dur=192 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=108,atl-edge;dur=100,atl-edge-internal;dur=15,atl-edge-upstream;dur=86,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Er183AWoy7Xm7MvQ08L6G5OLjM9u6xupGsdryQfD7KU3CHEQiFkeiA==",cdn-downstream-fbl;dur=111 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1168,15 +1174,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 71ab92edd02bc8ec941d842529d753d0.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - qqoTjaWIR-SJxObpq-93g685GesKJLWayrGC5b_SCIdIqGFg9Dim3w== + - Er183AWoy7Xm7MvQ08L6G5OLjM9u6xupGsdryQfD7KU3CHEQiFkeiA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 805763e00b0d71c4efc67fb17392c8d6 + - 09d9852320a2d9cf944bf161956952a5 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1214,9 +1220,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - f23aad1f-a8cb-48ab-9132-472db66de853 + - ab4b1589-b808-49a4-99e5-3b3c3e6044c6 Atl-Traceid: - - f23aad1fa8cb48ab9132472db66de853 + - ab4b1589b80849a499e53b3c3e6044c6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1226,7 +1232,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:46 GMT + - Sat, 24 May 2025 10:34:42 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1236,7 +1242,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=302,atl-edge;dur=269,atl-edge-internal;dur=14,atl-edge-upstream;dur=256,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="fb-sU3oHIvB8IC2HHhLHkbncSm0kgzXYxip4MHBmTaqtbiuQUzzkAw==",cdn-downstream-fbl;dur=306 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=299,atl-edge;dur=291,atl-edge-internal;dur=15,atl-edge-upstream;dur=276,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="vyne8ng3Zzho0enGyABXsXXFMrEqceFvGVkiSeo_TBG7B5G0WQw5cg==",cdn-downstream-fbl;dur=304 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1246,18 +1252,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f9c7cdbfd821ee3522abb640c0e0a228.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - fb-sU3oHIvB8IC2HHhLHkbncSm0kgzXYxip4MHBmTaqtbiuQUzzkAw== + - vyne8ng3Zzho0enGyABXsXXFMrEqceFvGVkiSeo_TBG7B5G0WQw5cg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - f651c21f2d6f16911fcd342d8d81ce3c + - 08f156add6d79e364ab3489dde173074 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1271,16 +1277,18 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/21] in [Security + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/948] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/114]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/308] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/308]\n*Defect - Dojo link:* http://localhost:8080/finding/308 (308)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/121]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/343]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/343]\n*Defect + Dojo link:* http://localhost:8080/finding/343 (343)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service when @@ -1288,7 +1296,7 @@ interactions: Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* - [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' headers: Accept: - application/json,*/*;q=0.9 @@ -1299,7 +1307,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1945' + - '2139' Content-Type: - application/json User-Agent: @@ -1308,12 +1316,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18253","key":"NTEST-1879","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18253"}' + string: '{"id":"19688","key":"NTEST-3016","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19688"}' headers: Atl-Request-Id: - - 0d94027a-ead9-4c4a-b69a-1b6aa251fcf1 + - 7acce045-b9e9-4f14-a582-91df34359f11 Atl-Traceid: - - 0d94027aead94c4ab69a1b6aa251fcf1 + - 7acce045b9e94f14a58291df34359f11 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1321,7 +1329,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:46 GMT + - Sat, 24 May 2025 10:34:43 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1331,7 +1339,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=748,atl-edge;dur=716,atl-edge-internal;dur=14,atl-edge-upstream;dur=702,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="nWsH_t3p5vK8uCJ0jDHv35Wqmoqk9QIWUTT5bkOUj1v0j1qar1UD_w==",cdn-downstream-fbl;dur=754 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="e0sjXfXeJAbK4Vub74e75nkfzwVq9adePCEGTUyhL-OIHQT9OAGl3A==",cdn-downstream-fbl;dur=734,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=731,atl-edge;dur=703,atl-edge-internal;dur=14,atl-edge-upstream;dur=688,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1341,15 +1349,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f9c7cdbfd821ee3522abb640c0e0a228.cloudfront.net (CloudFront) + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - nWsH_t3p5vK8uCJ0jDHv35Wqmoqk9QIWUTT5bkOUj1v0j1qar1UD_w== + - e0sjXfXeJAbK4Vub74e75nkfzwVq9adePCEGTUyhL-OIHQT9OAGl3A== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - cb3a421346b1546cbf9b0466fb3d9560 + - 777c8bb7fad8f61040724bb75b924a53 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1375,25 +1383,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1879 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3016 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18253","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18253","key":"NTEST-1879","fields":{"statuscategorychangedate":"2025-04-30T18:27:46.833+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19688","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19688","key":"NTEST-3016","fields":{"statuscategorychangedate":"2025-05-24T12:34:43.478+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1879/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:46.534+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t7z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:46.617+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3016/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:43.148+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010lb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:43.236+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/21] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/948] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/114]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/308] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/308]\n*Defect - Dojo link:* http://localhost:8080/finding/308 (308)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/121]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/343]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/343]\n*Defect + Dojo link:* http://localhost:8080/finding/343 (343)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -1402,14 +1412,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1879/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18253/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3016/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19688/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 779fba62-15d6-41fe-82b9-da335634ef14 + - 68439c2d-1fdb-4dfe-af52-71106fcb1ee9 Atl-Traceid: - - 779fba6215d641fe82b9da335634ef14 + - 68439c2d1fdb4dfeaf5271106fcb1ee9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1419,7 +1429,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:47 GMT + - Sat, 24 May 2025 10:34:43 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1429,7 +1439,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="brSw7iU4H4Hw5YoPVHdakBRx5M3mdFDO6kXJoYJkSz-s8OWMcCh80Q==",cdn-downstream-fbl;dur=340,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=337,atl-edge;dur=264,atl-edge-internal;dur=14,atl-edge-upstream;dur=250,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=254,atl-edge;dur=246,atl-edge-internal;dur=18,atl-edge-upstream;dur=229,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="qEAF6LYpiolHSDrC0mGfFK2tTRl5qEdNWV5lRbc56hzJkHMePJ-K-A==",cdn-downstream-fbl;dur=258 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1439,15 +1449,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2ac235acced332a2c079b041387a4918.cloudfront.net (CloudFront) + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - brSw7iU4H4Hw5YoPVHdakBRx5M3mdFDO6kXJoYJkSz-s8OWMcCh80Q== + - qEAF6LYpiolHSDrC0mGfFK2tTRl5qEdNWV5lRbc56hzJkHMePJ-K-A== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 2d5401527e5b1acc2e1d63283b634370 + - f879629e04dced42f5b2bf8e6705665e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1473,25 +1483,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18253 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19688 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18253","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18253","key":"NTEST-1879","fields":{"statuscategorychangedate":"2025-04-30T18:27:46.833+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19688","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19688","key":"NTEST-3016","fields":{"statuscategorychangedate":"2025-05-24T12:34:43.478+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1879/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:46.534+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t7z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:46.617+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3016/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:43.148+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010lb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:43.236+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/21] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/948] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/114]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/308] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/308]\n*Defect - Dojo link:* http://localhost:8080/finding/308 (308)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/121]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/343]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/343]\n*Defect + Dojo link:* http://localhost:8080/finding/343 (343)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -1500,14 +1512,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1879/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18253/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3016/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19688/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 09e99309-817d-4e8b-a54c-26f2850cb9bd + - 0886651c-1e76-4da0-8307-ff10ee6be152 Atl-Traceid: - - 09e99309817d4e8ba54c26f2850cb9bd + - 0886651c1e764da08307ff10ee6be152 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1517,7 +1529,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:47 GMT + - Sat, 24 May 2025 10:34:44 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1527,7 +1539,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=313,atl-edge;dur=280,atl-edge-internal;dur=18,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="eKcNWI6yYLmAdlVQ3Nt12jhjTfiRdO-zb1_LH3quhhH2fu47NhQCPg==",cdn-downstream-fbl;dur=317 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=241,atl-edge;dur=234,atl-edge-internal;dur=15,atl-edge-upstream;dur=220,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="fffZPuCW3lN_X0r9ghyKYIbcjuYQvC8IgHo3tI37LsMe_5d2J_kYkg==",cdn-downstream-fbl;dur=245 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1537,15 +1549,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 71ab92edd02bc8ec941d842529d753d0.cloudfront.net (CloudFront) + - 1.1 5de5e66003332bec09dff893114ac06c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - eKcNWI6yYLmAdlVQ3Nt12jhjTfiRdO-zb1_LH3quhhH2fu47NhQCPg== + - fffZPuCW3lN_X0r9ghyKYIbcjuYQvC8IgHo3tI37LsMe_5d2J_kYkg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 77334081b1060d632f7a1d5720a88bbd + - 520e235c8f961f40fa91da16d021a2ec X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1558,14 +1570,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, - "url_ui": "http://localhost:8080/test/114", "url_api": "http://localhost:8080/api/v2/tests/114/", + "url_ui": "http://localhost:8080/test/121", "url_api": "http://localhost:8080/api/v2/tests/121/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 114, "url_ui": "http://localhost:8080/test/114", "url_api": "http://localhost:8080/api/v2/tests/114/"}}' + 121, "url_ui": "http://localhost:8080/test/121", "url_api": "http://localhost:8080/api/v2/tests/121/"}}' headers: Accept: - application/json @@ -1580,7 +1592,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -1594,22 +1606,22 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"849\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:53206\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:36644\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/114\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/114/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/121\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/121/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 114, \\\"url_ui\\\": \\\"http://localhost:8080/test/114\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/114/\\\"}}\",\n \"files\": + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 121, \\\"url_ui\\\": \\\"http://localhost:8080/test/121\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/121/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -1619,11 +1631,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 114,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/114/\",\n - \ \"url_ui\": \"http://localhost:8080/test/114\"\n },\n \"title\": + 121,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/121/\",\n + \ \"url_ui\": \"http://localhost:8080/test/121\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/114/\",\n \"url_ui\": - \"http://localhost:8080/test/114\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/121/\",\n \"url_ui\": + \"http://localhost:8080/test/121\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -1632,7 +1644,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:27:48 GMT + - Sat, 24 May 2025 10:34:44 GMT Transfer-Encoding: - chunked status: @@ -1641,32 +1653,33 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": - null, "url_ui": "http://localhost:8080/test/114", "url_api": "http://localhost:8080/api/v2/tests/114/", + null, "url_ui": "http://localhost:8080/test/121", "url_api": "http://localhost:8080/api/v2/tests/121/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 114, "url_ui": "http://localhost:8080/test/114", "url_api": "http://localhost:8080/api/v2/tests/114/"}, - "finding_count": 5, "findings": {"new": [{"id": 305, "title": "Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/305", - "url_api": "http://localhost:8080/api/v2/findings/305/"}, {"id": 306, "title": - "2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": - "High", "url_ui": "http://localhost:8080/finding/306", "url_api": "http://localhost:8080/api/v2/findings/306/"}, - {"id": 307, "title": "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 - || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 - || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 - || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/307", - "url_api": "http://localhost:8080/api/v2/findings/307/"}, {"id": 308, "title": - "Regular Expression Denial of Service - (Fresh, < 0.5.2)", "severity": "High", - "url_ui": "http://localhost:8080/finding/308", "url_api": "http://localhost:8080/api/v2/findings/308/"}, - {"id": 309, "title": "2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 - < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 - < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/309", - "url_api": "http://localhost:8080/api/v2/findings/309/"}], "reactivated": [], - "mitigated": [], "untouched": []}}' + 121, "url_ui": "http://localhost:8080/test/121", "url_api": "http://localhost:8080/api/v2/tests/121/"}, + "finding_count": 5, "findings": {"new": [{"id": 341, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/341", + "url_api": "http://localhost:8080/api/v2/findings/341/"}, {"id": 342, "title": + "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 + || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "High", "url_ui": "http://localhost:8080/finding/342", "url_api": + "http://localhost:8080/api/v2/findings/342/"}, {"id": 340, "title": "Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", + "url_ui": "http://localhost:8080/finding/340", "url_api": "http://localhost:8080/api/v2/findings/340/"}, + {"id": 343, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/343", "url_api": + "http://localhost:8080/api/v2/findings/343/"}, {"id": 344, "title": "2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= + 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || + >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/344", "url_api": + "http://localhost:8080/api/v2/findings/344/"}], "reactivated": [], "mitigated": + [], "untouched": []}}' headers: Accept: - application/json @@ -1677,11 +1690,11 @@ interactions: Connection: - keep-alive Content-Length: - - '2372' + - '2378' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -1693,84 +1706,84 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"2372\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"2378\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:53208\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:36652\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", - \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/114\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/114/\\\", \\\"product_type\\\": + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/121\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/121/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 114, \\\"url_ui\\\": \\\"http://localhost:8080/test/114\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/114/\\\"}, \\\"finding_count\\\": - 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 305, \\\"title\\\": \\\"Regular + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 121, \\\"url_ui\\\": \\\"http://localhost:8080/test/121\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/121/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 341, \\\"title\\\": \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/305\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/305/\\\"}, {\\\"id\\\": 306, \\\"title\\\": - \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", - \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/306\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/306/\\\"}, {\\\"id\\\": - 307, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/307\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/307/\\\"}, {\\\"id\\\": 308, \\\"title\\\": - \\\"Regular Expression Denial of Service - (Fresh, < 0.5.2)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/308\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/308/\\\"}, {\\\"id\\\": 309, \\\"title\\\": - \\\"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/341\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/341/\\\"}, {\\\"id\\\": 342, \\\"title\\\": + \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/309\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/309/\\\"}], - \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n - \ \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event - scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": - \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \\\"http://localhost:8080/finding/342\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/342/\\\"}, + {\\\"id\\\": 340, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/340\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/340/\\\"}, + {\\\"id\\\": 343, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/343\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/343/\\\"}, + {\\\"id\\\": 344, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/344\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/344/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 305,\n \"severity\": \"High\",\n \"title\": + \ \"id\": 341,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/341/\",\n \"url_ui\": \"http://localhost:8080/finding/341\"\n + \ },\n {\n \"id\": 342,\n \"severity\": \"High\",\n + \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < + 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 + < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/342/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/342\"\n },\n + \ {\n \"id\": 340,\n \"severity\": \"Medium\",\n \"title\": \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/305/\",\n \"url_ui\": \"http://localhost:8080/finding/305\"\n - \ },\n {\n \"id\": 306,\n \"severity\": \"High\",\n - \ \"title\": \"2222Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/306/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/306\"\n },\n - \ {\n \"id\": 307,\n \"severity\": \"High\",\n \"title\": - \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < - 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 - < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= - 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/307/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/307\"\n },\n - \ {\n \"id\": 308,\n \"severity\": \"High\",\n \"title\": - \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/308/\",\n \"url_ui\": \"http://localhost:8080/finding/308\"\n - \ },\n {\n \"id\": 309,\n \"severity\": \"High\",\n - \ \"title\": \"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/309/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/309\"\n }\n ],\n + \"http://localhost:8080/api/v2/findings/340/\",\n \"url_ui\": \"http://localhost:8080/finding/340\"\n + \ },\n {\n \"id\": 343,\n \"severity\": \"Medium\",\n + \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/343/\",\n \"url_ui\": + \"http://localhost:8080/finding/343\"\n },\n {\n \"id\": + 344,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/344/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/344\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 114,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/114/\",\n - \ \"url_ui\": \"http://localhost:8080/test/114\"\n },\n \"title\": + 121,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/121/\",\n + \ \"url_ui\": \"http://localhost:8080/test/121\"\n },\n \"title\": \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: - NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/114/\",\n - \ \"url_ui\": \"http://localhost:8080/test/114\",\n \"user\": null\n + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/121/\",\n + \ \"url_ui\": \"http://localhost:8080/test/121\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1780,7 +1793,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:27:48 GMT + - Sat, 24 May 2025 10:34:44 GMT Transfer-Encoding: - chunked status: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_push_to_jira_minimum_critical.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_push_to_jira_minimum_critical.yaml new file mode 100644 index 00000000000..fd08cd442aa --- /dev/null +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_push_to_jira_minimum_critical.yaml @@ -0,0 +1,234 @@ +interactions: +- request: + body: '{"description": "Event test_added has occurred.", "title": "Test created + for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, + "url_ui": "http://localhost:8080/test/122", "url_api": "http://localhost:8080/api/v2/tests/122/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 122, "url_ui": "http://localhost:8080/test/122", "url_api": "http://localhost:8080/api/v2/tests/122/"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '849' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - test_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"849\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:36664\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for + Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/122\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/122/\\\", \\\"product_type\\\": {\\\"name\\\": + \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 122, \\\"url_ui\\\": \\\"http://localhost:8080/test/122\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/122/\\\"}}\",\n \"files\": + {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added + has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": + \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 122,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/122/\",\n + \ \"url_ui\": \"http://localhost:8080/test/122\"\n },\n \"title\": + \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/tests/122/\",\n \"url_ui\": + \"http://localhost:8080/test/122\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:34:44 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": + null, "url_ui": "http://localhost:8080/test/122", "url_api": "http://localhost:8080/api/v2/tests/122/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 122, "url_ui": "http://localhost:8080/test/122", "url_api": "http://localhost:8080/api/v2/tests/122/"}, + "finding_count": 5, "findings": {"new": [{"id": 346, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/346", + "url_api": "http://localhost:8080/api/v2/findings/346/"}, {"id": 347, "title": + "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 + || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "High", "url_ui": "http://localhost:8080/finding/347", "url_api": + "http://localhost:8080/api/v2/findings/347/"}, {"id": 345, "title": "Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", + "url_ui": "http://localhost:8080/finding/345", "url_api": "http://localhost:8080/api/v2/findings/345/"}, + {"id": 348, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/348", "url_api": + "http://localhost:8080/api/v2/findings/348/"}, {"id": 349, "title": "2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= + 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || + >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/349", "url_api": + "http://localhost:8080/api/v2/findings/349/"}], "reactivated": [], "mitigated": + [], "untouched": []}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '2378' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - scan_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"2378\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:36668\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/122\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/122/\\\", \\\"product_type\\\": + {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 122, \\\"url_ui\\\": \\\"http://localhost:8080/test/122\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/122/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 346, \\\"title\\\": \\\"2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/346\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/346/\\\"}, {\\\"id\\\": 347, \\\"title\\\": + \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 + < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= + 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/347\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/347/\\\"}, + {\\\"id\\\": 345, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/345\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/345/\\\"}, + {\\\"id\\\": 348, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/348\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/348/\\\"}, + {\\\"id\\\": 349, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/349\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/349/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": + 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n + \ \"id\": 346,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/346/\",\n \"url_ui\": \"http://localhost:8080/finding/346\"\n + \ },\n {\n \"id\": 347,\n \"severity\": \"High\",\n + \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < + 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 + < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/347/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/347\"\n },\n + \ {\n \"id\": 345,\n \"severity\": \"Medium\",\n \"title\": + \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/345/\",\n \"url_ui\": \"http://localhost:8080/finding/345\"\n + \ },\n {\n \"id\": 348,\n \"severity\": \"Medium\",\n + \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/348/\",\n \"url_ui\": + \"http://localhost:8080/finding/348\"\n },\n {\n \"id\": + 349,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/349/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/349\"\n }\n ],\n + \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 122,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/122/\",\n + \ \"url_ui\": \"http://localhost:8080/test/122\"\n },\n \"title\": + \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/122/\",\n + \ \"url_ui\": \"http://localhost:8080/test/122\",\n \"user\": null\n + \ }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:34:44 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +version: 1 diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_push_to_jira_minimum_high.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_push_to_jira_minimum_high.yaml new file mode 100644 index 00000000000..2a08c33ecfa --- /dev/null +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_push_to_jira_minimum_high.yaml @@ -0,0 +1,1354 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:45.026+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 9458701b-2ec3-4910-b253-eb7f32bd0087 + Atl-Traceid: + - 9458701b2ec34910b253eb7f32bd0087 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:34:45 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=118,atl-edge;dur=111,atl-edge-internal;dur=14,atl-edge-upstream;dur=97,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="rAlsOayNdoINxFmtvLzuiKJw4zwQ9cFrIoQlUs4Ez0yp5Pm54fBnvA==",cdn-downstream-fbl;dur=122 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - rAlsOayNdoINxFmtvLzuiKJw4zwQ9cFrIoQlUs4Ez0yp5Pm54fBnvA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 2b94855ce8d8fb964ed119a64b9b15de + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - c02d856b-685f-4a15-a150-427735531353 + Atl-Traceid: + - c02d856b685f4a15a150427735531353 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:34:45 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=294,atl-edge;dur=287,atl-edge-internal;dur=18,atl-edge-upstream;dur=269,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="hJkjft9BwstQvEKA40gpMZbYbT1d0JekLecHq2z5Bxlf1dTbRKQB_g==",cdn-downstream-fbl;dur=298 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - hJkjft9BwstQvEKA40gpMZbYbT1d0JekLecHq2z5Bxlf1dTbRKQB_g== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 3e051cec29608f23f75525bea6de3fed + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/952] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/123]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/351]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/350]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/351]\n*Defect + Dojo link:* http://localhost:8080/finding/351 (351)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/350]\n*Defect + Dojo link:* http://localhost:8080/finding/350 (350)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '3511' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19689","key":"NTEST-3017","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19689"}' + headers: + Atl-Request-Id: + - 6ee1d9b2-9699-458c-8aee-86b8c3a536e9 + Atl-Traceid: + - 6ee1d9b29699458c8aee86b8c3a536e9 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:34:46 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=776,atl-edge;dur=768,atl-edge-internal;dur=15,atl-edge-upstream;dur=753,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="G1pBDUJJY_imDmZBjhgn7huXWFeZZTFtZlHgF3Ww1oRLDMfVsA5WRQ==",cdn-downstream-fbl;dur=780 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - G1pBDUJJY_imDmZBjhgn7huXWFeZZTFtZlHgF3Ww1oRLDMfVsA5WRQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - e2d25861c6cc42db835ccba91a6adf8c + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3017 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19689","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19689","key":"NTEST-3017","fields":{"statuscategorychangedate":"2025-05-24T12:34:46.245+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3017/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:45.836+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010lj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:45.981+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/952] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/123]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/351]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/350]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/351]\n*Defect + Dojo link:* http://localhost:8080/finding/351 (351)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/350]\n*Defect + Dojo link:* http://localhost:8080/finding/350 (350)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3017/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19689/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 1be1fb13-3e3b-40c7-9085-ab0faa53573c + Atl-Traceid: + - 1be1fb133e3b40c79085ab0faa53573c + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:34:46 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=243,atl-edge;dur=235,atl-edge-internal;dur=18,atl-edge-upstream;dur=217,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="c8UtS2S5aprk_uC4dpoGjRvMb47uVtygtzO9-tODdPFKgGzaoJsgDA==",cdn-downstream-fbl;dur=247 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 4ab1227a56c7dfaf7a8f7750683df1be.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - c8UtS2S5aprk_uC4dpoGjRvMb47uVtygtzO9-tODdPFKgGzaoJsgDA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - e86d3e2a8f7a9ea6618e93b72f5e75e4 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19689 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19689","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19689","key":"NTEST-3017","fields":{"statuscategorychangedate":"2025-05-24T12:34:46.245+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3017/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:45.836+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010lj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:45.981+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/952] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/123]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/351]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/350]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/351]\n*Defect + Dojo link:* http://localhost:8080/finding/351 (351)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/350]\n*Defect + Dojo link:* http://localhost:8080/finding/350 (350)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3017/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19689/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 92651340-9e0a-4b09-9d28-922965ee2d67 + Atl-Traceid: + - 926513409e0a4b099d28922965ee2d67 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:34:46 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=225,atl-edge;dur=217,atl-edge-internal;dur=17,atl-edge-upstream;dur=199,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="pEod8leoxQdWo_U19TwQ5LNSQxPj8s25CmQtItl5aUHGRA-mLdOF3g==",cdn-downstream-fbl;dur=230 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - pEod8leoxQdWo_U19TwQ5LNSQxPj8s25CmQtItl5aUHGRA-mLdOF3g== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - edca6368312e4d59418c374a68067293 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:47.160+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - bac1f9d7-35e1-4b94-bb10-abeb3840e551 + Atl-Traceid: + - bac1f9d735e14b94bb10abeb3840e551 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:34:47 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=108,atl-edge;dur=100,atl-edge-internal;dur=16,atl-edge-upstream;dur=85,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="--lbmaGG4Z3blfHS8TY3YkaGH0n9bBXl9CgUqL92cL9FhmVtXUg8mA==",cdn-downstream-fbl;dur=111 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - --lbmaGG4Z3blfHS8TY3YkaGH0n9bBXl9CgUqL92cL9FhmVtXUg8mA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - db7ac0a5f63f07158b89188ef7aca838 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 68a6c6ec-3d61-4e41-8359-b9e091aa8389 + Atl-Traceid: + - 68a6c6ec3d614e418359b9e091aa8389 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:34:47 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=275,atl-edge;dur=268,atl-edge-internal;dur=15,atl-edge-upstream;dur=253,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="cHeQxR5zvPh-f-sKaTxpytwX74cB0yrWyk462qO9CJy56842TEREog==",cdn-downstream-fbl;dur=279 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - cHeQxR5zvPh-f-sKaTxpytwX74cB0yrWyk462qO9CJy56842TEREog== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 89f8c9d40c9b9d0252b8d39f65393608 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of + Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/953] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/123]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/352]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/354]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/352]\n*Defect Dojo link:* http://localhost:8080/finding/352 + (352)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require(''pg'')\nconst client = new Client()\nclient.connect()\n\nconst + sql = `SELECT 1 AS \"\\\\''/*\", 2 AS \"\\\\''*/\\n + console.log(process.env)] + = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n + Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= + 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 + || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < + 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n + Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to version 2.11.2 + or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: + Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 + or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions + 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version + 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/354]\n*Defect Dojo link:* http://localhost:8080/finding/354 + (354)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require(''pg'')\nconst client = new Client()\nclient.connect()\n\nconst + sql = `SELECT 1 AS \"\\\\''/*\", 2 AS \"\\\\''*/\\n + console.log(process.env)] + = null;\\n//\"`\n\nclient.query(sql, (err, res) => {\n client.end()\n})\n```\n + Vulnerable Module: pg\n Vulnerable Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= + 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 + || >= 4.5.7 < 5.0.0 || >= 5.2.1 < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < + 6.2.0 || >= 6.2.5 < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n + Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to version 2.11.2 + or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* Version 4.x.x: + Update to version 4.5.7 or later.\n* Version 5.x.x: Update to version 5.2.1 + or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions + 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version + 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '6981' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19690","key":"NTEST-3018","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19690"}' + headers: + Atl-Request-Id: + - ccff5340-c2c0-47d6-9d95-02dc063e5a49 + Atl-Traceid: + - ccff5340c2c047d69d9502dc063e5a49 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:34:48 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=744,atl-edge;dur=736,atl-edge-internal;dur=16,atl-edge-upstream;dur=721,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="9KoMpIBu41igq_WcDw-yGUO8xffHronNiKO2fxHzxTNMc8peIqrMMA==",cdn-downstream-fbl;dur=748 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 9KoMpIBu41igq_WcDw-yGUO8xffHronNiKO2fxHzxTNMc8peIqrMMA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 04b40e67c40cee1541d6ae9fa798991a + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3018 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19690","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19690","key":"NTEST-3018","fields":{"statuscategorychangedate":"2025-05-24T12:34:48.343+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3018/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:48.013+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010lr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:48.105+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/953] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/123]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/352]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/354]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/352]\n*Defect + Dojo link:* http://localhost:8080/finding/352 (352)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/354]\n*Defect + Dojo link:* http://localhost:8080/finding/354 (354)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3018/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19690/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 029ada4a-37ce-4ac3-bd79-25b0363ef4c1 + Atl-Traceid: + - 029ada4a37ce4ac3bd7925b0363ef4c1 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:34:48 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=256,atl-edge;dur=249,atl-edge-internal;dur=17,atl-edge-upstream;dur=233,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="wI7OwKuMKV9igpkXQEJ_tgEhET7guxVvn5-VCoa33_upWuI-_YjqjQ==",cdn-downstream-fbl;dur=261 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - wI7OwKuMKV9igpkXQEJ_tgEhET7guxVvn5-VCoa33_upWuI-_YjqjQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 3d4d2b0fd0d35e5120feccc5e424a165 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19690 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19690","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19690","key":"NTEST-3018","fields":{"statuscategorychangedate":"2025-05-24T12:34:48.343+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3018/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:48.013+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010lr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:48.105+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/953] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/123]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/352]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/354]|Active, + Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/352]\n*Defect + Dojo link:* http://localhost:8080/finding/352 (352)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/354]\n*Defect + Dojo link:* http://localhost:8080/finding/354 (354)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs + when the remote database or query specifies a crafted column name. \n\nThere + are two specific scenarios in which it is likely for an application to be + vulnerable:\n1. The application executes unsafe, user-supplied sql which contains + malicious column names.\n2. The application connects to an untrusted database + and executes a query returning results which contain a malicious column name.\n\n## + Proof of Concept\n```\nconst { Client } = require(''pg'')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS \"\\\\''/*\", 2 + AS \"\\\\''*/\\n + console.log(process.env)] = null;\\n//\"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < + 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 + < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched + Version: >= 2.11.2 < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 < 6.3.0 || >= + 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 < 7.1.0 || >= 7.1.2\n Vulnerable + Paths: \n - 5.1.0:pg-promise>pg\n CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* + Version 2.x.x: Update to version 2.11.2 or later.\n* Version 3.x.x: Update + to version 3.6.4 or later.\n* Version 4.x.x: Update to version 4.5.7 or later.\n* + Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update + to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are + also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3018/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19690/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 0d42458d-46ac-4180-8225-d52dd77daee5 + Atl-Traceid: + - 0d42458d46ac41808225d52dd77daee5 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:34:49 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=229,atl-edge;dur=221,atl-edge-internal;dur=15,atl-edge-upstream;dur=207,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="K0Vzd-8WXG89e7BSejign34MTeqRtdDRjWHDTQ6Hf04AbCEkoVgkuw==",cdn-downstream-fbl;dur=233 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - K0Vzd-8WXG89e7BSejign34MTeqRtdDRjWHDTQ6Hf04AbCEkoVgkuw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 9ef415781264b31c9c9d467efd2b9c5c + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"description": "Event test_added has occurred.", "title": "Test created + for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, + "url_ui": "http://localhost:8080/test/123", "url_api": "http://localhost:8080/api/v2/tests/123/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 123, "url_ui": "http://localhost:8080/test/123", "url_api": "http://localhost:8080/api/v2/tests/123/"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '849' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - test_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"849\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:36680\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for + Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/123\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/123/\\\", \\\"product_type\\\": {\\\"name\\\": + \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 123, \\\"url_ui\\\": \\\"http://localhost:8080/test/123\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/123/\\\"}}\",\n \"files\": + {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added + has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": + \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 123,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/123/\",\n + \ \"url_ui\": \"http://localhost:8080/test/123\"\n },\n \"title\": + \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/tests/123/\",\n \"url_ui\": + \"http://localhost:8080/test/123\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:34:48 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": + null, "url_ui": "http://localhost:8080/test/123", "url_api": "http://localhost:8080/api/v2/tests/123/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 123, "url_ui": "http://localhost:8080/test/123", "url_api": "http://localhost:8080/api/v2/tests/123/"}, + "finding_count": 5, "findings": {"new": [{"id": 351, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/351", + "url_api": "http://localhost:8080/api/v2/findings/351/"}, {"id": 352, "title": + "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 + || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "High", "url_ui": "http://localhost:8080/finding/352", "url_api": + "http://localhost:8080/api/v2/findings/352/"}, {"id": 350, "title": "Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", + "url_ui": "http://localhost:8080/finding/350", "url_api": "http://localhost:8080/api/v2/findings/350/"}, + {"id": 353, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/353", "url_api": + "http://localhost:8080/api/v2/findings/353/"}, {"id": 354, "title": "2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= + 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || + >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/354", "url_api": + "http://localhost:8080/api/v2/findings/354/"}], "reactivated": [], "mitigated": + [], "untouched": []}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '2378' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - scan_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"2378\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:36694\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/123\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/123/\\\", \\\"product_type\\\": + {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 123, \\\"url_ui\\\": \\\"http://localhost:8080/test/123\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/123/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 351, \\\"title\\\": \\\"2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/351\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/351/\\\"}, {\\\"id\\\": 352, \\\"title\\\": + \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 + < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= + 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 + || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/352\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/352/\\\"}, + {\\\"id\\\": 350, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/350\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/350/\\\"}, + {\\\"id\\\": 353, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/353\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/353/\\\"}, + {\\\"id\\\": 354, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/354\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/354/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": + 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n + \ \"id\": 351,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/351/\",\n \"url_ui\": \"http://localhost:8080/finding/351\"\n + \ },\n {\n \"id\": 352,\n \"severity\": \"High\",\n + \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < + 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 + < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/352/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/352\"\n },\n + \ {\n \"id\": 350,\n \"severity\": \"Medium\",\n \"title\": + \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/350/\",\n \"url_ui\": \"http://localhost:8080/finding/350\"\n + \ },\n {\n \"id\": 353,\n \"severity\": \"Medium\",\n + \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/353/\",\n \"url_ui\": + \"http://localhost:8080/finding/353\"\n },\n {\n \"id\": + 354,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/354/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/354\"\n }\n ],\n + \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 123,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/123/\",\n + \ \"url_ui\": \"http://localhost:8080/test/123\"\n },\n \"title\": + \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/123/\",\n + \ \"url_ui\": \"http://localhost:8080/test/123\",\n \"user\": null\n + \ }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:34:48 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +version: 1 diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_twice_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_twice_push_to_jira.yaml index 65c7312de6c..d54cf3e4716 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_twice_push_to_jira.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_twice_push_to_jira.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:48.500+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:49.649+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - c7d04e52-6319-4450-9f68-aa4893cd88cc + - 1f337f3e-f4fa-4b42-af37-c43b8cb6837f Atl-Traceid: - - c7d04e52631944509f68aa4893cd88cc + - 1f337f3ef4fa4b42af37c43b8cb6837f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:48 GMT + - Sat, 24 May 2025 10:34:49 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=194,atl-edge;dur=161,atl-edge-internal;dur=15,atl-edge-upstream;dur=147,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="QiTB1-k01kkBixAuH01YFdbTyd4AxnMBboU0PrVhpQoeSv3-B92-ZA==",cdn-downstream-fbl;dur=198 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=133,atl-edge;dur=125,atl-edge-internal;dur=15,atl-edge-upstream;dur=111,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="I3jJkbknlcjVZGzpZipEBq6JAibMT5oTgZ58BGQVoHO-UQHEpFOiTA==",cdn-downstream-fbl;dur=137 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 7d27498ef63e76e5a81975299a76fae4.cloudfront.net (CloudFront) + - 1.1 9835af751c15612a813bbc131d2ce1e6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - QiTB1-k01kkBixAuH01YFdbTyd4AxnMBboU0PrVhpQoeSv3-B92-ZA== + - I3jJkbknlcjVZGzpZipEBq6JAibMT5oTgZ58BGQVoHO-UQHEpFOiTA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 1b12e9a025979e8aa079ac000d2f1b31 + - 328db1e3ce7439ed421708fe8d1c6047 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 5721ed45-124b-41a4-8601-18dbed5d2209 + - ea53522c-d23d-4242-b5bc-78cac80f1305 Atl-Traceid: - - 5721ed45124b41a4860118dbed5d2209 + - ea53522cd23d4242b5bc78cac80f1305 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:48 GMT + - Sat, 24 May 2025 10:34:50 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=320,atl-edge;dur=288,atl-edge-internal;dur=15,atl-edge-upstream;dur=273,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="QyF82sss6Bz72tXMqtgfUmew43qppi3kq2EIJIvErJD_IuneUjPB2w==",cdn-downstream-fbl;dur=325 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=283,atl-edge;dur=276,atl-edge-internal;dur=15,atl-edge-upstream;dur=261,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="_tyDAkZO4q4uzOPSDyaTm3wKldfo9PCvIIlfjPdR764IbA33F8ujwA==",cdn-downstream-fbl;dur=287 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c7697b9c4955dc41900ab918dddd33e0.cloudfront.net (CloudFront) + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - QyF82sss6Bz72tXMqtgfUmew43qppi3kq2EIJIvErJD_IuneUjPB2w== + - _tyDAkZO4q4uzOPSDyaTm3wKldfo9PCvIIlfjPdR764IbA33F8ujwA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 84118f91b1ae19e59c9ce46beda15953 + - 4228ff3b0d92185de9836319ec123852 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -156,19 +156,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/22] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/955] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/115]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/311] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/310] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/124]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/356]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/355]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/311]\n*Defect Dojo link:* http://localhost:8080/finding/311 - (311)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/356]\n*Defect Dojo link:* http://localhost:8080/finding/356 + (356)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -178,9 +179,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/310]\n*Defect - Dojo link:* http://localhost:8080/finding/310 (310)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/355]\n*Defect + Dojo link:* http://localhost:8080/finding/355 (355)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -200,7 +201,7 @@ interactions: Connection: - keep-alive Content-Length: - - '3334' + - '3511' Content-Type: - application/json User-Agent: @@ -209,12 +210,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18255","key":"NTEST-1880","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18255"}' + string: '{"id":"19691","key":"NTEST-3019","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19691"}' headers: Atl-Request-Id: - - cf10f118-fda6-40d1-a485-e8d54f93022b + - e1ea84ef-ee96-4a73-a644-cea63815469d Atl-Traceid: - - cf10f118fda640d1a485e8d54f93022b + - e1ea84efee964a73a644cea63815469d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -222,7 +223,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:49 GMT + - Sat, 24 May 2025 10:34:50 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -232,7 +233,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=681,atl-edge;dur=649,atl-edge-internal;dur=25,atl-edge-upstream;dur=624,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="ePSbOk7WRZ-Wcin6Kvh06FcGDqo4Y5V0PIRVLB8SxSaXaxe1wwFfeA==",cdn-downstream-fbl;dur=685 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=713,atl-edge;dur=705,atl-edge-internal;dur=15,atl-edge-upstream;dur=690,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Og0aC9DTKPbiyhXd_cCMnGFZd9xW2gb77h4Pw9eHYWT9Ba5Tx7AgxQ==",cdn-downstream-fbl;dur=716 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -242,15 +243,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f9c7cdbfd821ee3522abb640c0e0a228.cloudfront.net (CloudFront) + - 1.1 0e12b175c31e0e750266df78bf0e1068.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ePSbOk7WRZ-Wcin6Kvh06FcGDqo4Y5V0PIRVLB8SxSaXaxe1wwFfeA== + - Og0aC9DTKPbiyhXd_cCMnGFZd9xW2gb77h4Pw9eHYWT9Ba5Tx7AgxQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 18bdfc6bd86d7a548824170057dcae71 + - 8418ccd8bff2676057356d648b34ce6c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -276,28 +277,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1880 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3019 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18255","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18255","key":"NTEST-1880","fields":{"statuscategorychangedate":"2025-04-30T18:27:49.767+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19691","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19691","key":"NTEST-3019","fields":{"statuscategorychangedate":"2025-05-24T12:34:50.789+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1880/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:49.496+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t87:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:49.570+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3019/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:50.446+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010lz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:50.534+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/22] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/955] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/115]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/311] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/310] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/124]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/356]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/355]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/311]\n*Defect Dojo link:* http://localhost:8080/finding/311 - (311)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/356]\n*Defect Dojo link:* http://localhost:8080/finding/356 + (356)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -307,9 +309,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/310]\n*Defect - Dojo link:* http://localhost:8080/finding/310 (310)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/355]\n*Defect + Dojo link:* http://localhost:8080/finding/355 (355)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -319,14 +321,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1880/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18255/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3019/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19691/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 5696b45b-466f-4a7c-9ee7-d1a0604df30a + - 9bd49f67-429e-42c3-9bc3-28e299942f15 Atl-Traceid: - - 5696b45b466f4a7c9ee7d1a0604df30a + - 9bd49f67429e42c39bc328e299942f15 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -336,7 +338,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:50 GMT + - Sat, 24 May 2025 10:34:51 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -346,7 +348,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=32,cdn-upstream-fbl;dur=392,atl-edge;dur=264,atl-edge-internal;dur=16,atl-edge-upstream;dur=248,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="UHr5BmLYRxNdRyq4q-JjccgLS_TUdk6kuzyLiDen4K9ZOURRnOIMsQ==",cdn-downstream-fbl;dur=395 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=211,atl-edge;dur=203,atl-edge-internal;dur=17,atl-edge-upstream;dur=187,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="4ce8pg9mYngGSjRhWW1EQH1ZuCp3WYeaHDZTJWVrW0mcD2t-dhCypw==",cdn-downstream-fbl;dur=215 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -356,15 +358,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c7697b9c4955dc41900ab918dddd33e0.cloudfront.net (CloudFront) + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - UHr5BmLYRxNdRyq4q-JjccgLS_TUdk6kuzyLiDen4K9ZOURRnOIMsQ== + - 4ce8pg9mYngGSjRhWW1EQH1ZuCp3WYeaHDZTJWVrW0mcD2t-dhCypw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - eedf1a9701d7f16409dcd4643920b56e + - 3634ec9a92c2a25cfa6247fb1b8953e4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -390,28 +392,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18255 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19691 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18255","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18255","key":"NTEST-1880","fields":{"statuscategorychangedate":"2025-04-30T18:27:49.767+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19691","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19691","key":"NTEST-3019","fields":{"statuscategorychangedate":"2025-05-24T12:34:50.789+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1880/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:49.496+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t87:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:49.570+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3019/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:50.446+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010lz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:50.534+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/22] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/955] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/115]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/311] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/310] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/124]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/356]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/355]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/311]\n*Defect Dojo link:* http://localhost:8080/finding/311 - (311)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/356]\n*Defect Dojo link:* http://localhost:8080/finding/356 + (356)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -421,9 +424,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/310]\n*Defect - Dojo link:* http://localhost:8080/finding/310 (310)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/355]\n*Defect + Dojo link:* http://localhost:8080/finding/355 (355)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -433,14 +436,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1880/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18255/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3019/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19691/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 128803b3-b48e-45d4-94ae-97fa33f6e0f3 + - 6b682629-8e6b-4df5-ac74-a8735c075a9c Atl-Traceid: - - 128803b3b48e45d494ae97fa33f6e0f3 + - 6b6826298e6b4df5ac74a8735c075a9c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -450,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:50 GMT + - Sat, 24 May 2025 10:34:51 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -460,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="YMl7tw7NQ1ghrR3VYkiUgrbuKTqP45Cb7OXPV5NVUueDhzP6XF-EEQ==",cdn-downstream-fbl;dur=333,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=53,cdn-upstream-fbl;dur=331,atl-edge;dur=259,atl-edge-internal;dur=15,atl-edge-upstream;dur=245,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=223,atl-edge;dur=215,atl-edge-internal;dur=15,atl-edge-upstream;dur=201,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="vMbsgOE5-q4Xc0Hn4-3RGGAaKbpPNdQzf6eKuHCxYp2D_fUBDIUBQA==",cdn-downstream-fbl;dur=227 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -470,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c6aa039b46ee567794869d726acc308a.cloudfront.net (CloudFront) + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - YMl7tw7NQ1ghrR3VYkiUgrbuKTqP45Cb7OXPV5NVUueDhzP6XF-EEQ== + - vMbsgOE5-q4Xc0Hn4-3RGGAaKbpPNdQzf6eKuHCxYp2D_fUBDIUBQA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - fda53ae3ee5a59147b3e84eb86dc13e3 + - 0b7ff71f14e5d10349fc6fc840dbaa67 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -507,12 +510,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:51.156+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:51.668+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - b66990e8-2fb3-4553-94fd-f96b183a55d6 + - 7a94aa49-68ca-4920-aedf-ba582fb19906 Atl-Traceid: - - b66990e82fb3455394fdf96b183a55d6 + - 7a94aa4968ca4920aedfba582fb19906 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -522,7 +525,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:51 GMT + - Sat, 24 May 2025 10:34:51 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -532,7 +535,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=185,atl-edge;dur=152,atl-edge-internal;dur=15,atl-edge-upstream;dur=135,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="JHL5J0lchE0JjBmmBiqYkD6wG_JT3iwnjIzEqLwOF8DD9RIry8F5rQ==",cdn-downstream-fbl;dur=189 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=115,atl-edge;dur=108,atl-edge-internal;dur=15,atl-edge-upstream;dur=93,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="JwkLyrrH3mEAqJSHB6rXUpB00VZ1kY7a5pNCbt9LuBbRTV_AhyjtWw==",cdn-downstream-fbl;dur=119 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -542,15 +545,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e9bcf307d6ed54e3e501e39bc538dcfc.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - JHL5J0lchE0JjBmmBiqYkD6wG_JT3iwnjIzEqLwOF8DD9RIry8F5rQ== + - JwkLyrrH3mEAqJSHB6rXUpB00VZ1kY7a5pNCbt9LuBbRTV_AhyjtWw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 97b6b5c6e05383bcf97909176c74e415 + - 1b40e6de929f66c262e729ce54b9f57b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -588,9 +591,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 8ccba03d-4de0-4d7f-99da-910dde6aa9b8 + - 38a9ed48-80f5-4248-828e-a96797870188 Atl-Traceid: - - 8ccba03d4de04d7f99da910dde6aa9b8 + - 38a9ed4880f54248828ea96797870188 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -600,7 +603,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:51 GMT + - Sat, 24 May 2025 10:34:52 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -610,7 +613,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=365,atl-edge;dur=333,atl-edge-internal;dur=15,atl-edge-upstream;dur=318,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="W73afSOU-a05RlH80lOkSY963ICs-8vhSfrbbo81A3L11grFOrOKOw==",cdn-downstream-fbl;dur=369 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=273,atl-edge;dur=265,atl-edge-internal;dur=16,atl-edge-upstream;dur=249,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="hwkdzdPVlTihjggv8UPAd-rtSJl-Le48bIPlZhw_9buSH_8xWXDdcg==",cdn-downstream-fbl;dur=277 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -620,18 +623,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4bbf91f2f9edc22eb68408b6405ae452.cloudfront.net (CloudFront) + - 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - W73afSOU-a05RlH80lOkSY963ICs-8vhSfrbbo81A3L11grFOrOKOw== + - hwkdzdPVlTihjggv8UPAd-rtSJl-Le48bIPlZhw_9buSH_8xWXDdcg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - abd6c3e275334c9b08eb5d6fd670fe32 + - 6e9422b3a12094a5ed2dad9c49a76ed6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -645,30 +648,31 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/23] in [Security + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/956] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/115]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/124]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/314] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/357]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/312] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/359]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/314]\n*Defect - Dojo link:* http://localhost:8080/finding/314 (314)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/357]\n*Defect + Dojo link:* http://localhost:8080/finding/357 (357)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -691,15 +695,15 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/312]\n*Defect Dojo link:* http://localhost:8080/finding/312 - (312)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/359]\n*Defect Dojo link:* http://localhost:8080/finding/359 + (359)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -722,7 +726,7 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' headers: Accept: @@ -734,7 +738,7 @@ interactions: Connection: - keep-alive Content-Length: - - '6804' + - '6981' Content-Type: - application/json User-Agent: @@ -743,12 +747,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18257","key":"NTEST-1881","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18257"}' + string: '{"id":"19692","key":"NTEST-3020","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19692"}' headers: Atl-Request-Id: - - c40cd50c-e8bf-4049-a1f0-a2dcdd2b954c + - f1b41c88-8345-4f49-96d8-2dfb6eb26ef7 Atl-Traceid: - - c40cd50ce8bf4049a1f0a2dcdd2b954c + - f1b41c8883454f4996d82dfb6eb26ef7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -756,7 +760,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:52 GMT + - Sat, 24 May 2025 10:34:52 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -766,7 +770,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="f4k3Fts5YIYx6L2xUtg4yCS91biyggJ3uQdZlrnsRuAMZ-hRAPbJjA==",cdn-downstream-fbl;dur=841,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=838,atl-edge;dur=753,atl-edge-internal;dur=16,atl-edge-upstream;dur=737,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ZhhuqEC7QgK10ozwz03s7ddv12D0kAyz1Qi3xS85X12FiOI2Bu1BHw==",cdn-downstream-fbl;dur=725,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=722,atl-edge;dur=694,atl-edge-internal;dur=16,atl-edge-upstream;dur=678,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -776,15 +780,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c6aa039b46ee567794869d726acc308a.cloudfront.net (CloudFront) + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - f4k3Fts5YIYx6L2xUtg4yCS91biyggJ3uQdZlrnsRuAMZ-hRAPbJjA== + - ZhhuqEC7QgK10ozwz03s7ddv12D0kAyz1Qi3xS85X12FiOI2Bu1BHw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 7c0e37d4a851220a5fd32585d7c1ebb4 + - a5fd9520e9a4ed4b3f69531c95b4864c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -810,39 +814,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1881 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3020 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18257","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18257","key":"NTEST-1881","fields":{"statuscategorychangedate":"2025-04-30T18:27:52.607+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19692","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19692","key":"NTEST-3020","fields":{"statuscategorychangedate":"2025-05-24T12:34:52.827+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1881/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:52.249+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t8f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:52.345+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3020/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:52.485+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010m7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:52.570+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/23] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/956] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/115]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/124]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/314] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/357]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/312] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/314]\n*Defect - Dojo link:* http://localhost:8080/finding/314 (314)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/359]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/357]\n*Defect + Dojo link:* http://localhost:8080/finding/357 (357)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -865,16 +870,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/312]\n*Defect Dojo link:* - http://localhost:8080/finding/312 (312)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/359]\n*Defect + Dojo link:* http://localhost:8080/finding/359 (359)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -897,16 +902,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1881/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18257/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3020/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19692/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - e23c394e-cf37-4901-8b90-e143f6916b1a + - e3047cd8-ed06-43fa-a88f-794417b72fd5 Atl-Traceid: - - e23c394ecf3749018b90e143f6916b1a + - e3047cd8ed0643faa88f794417b72fd5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -916,7 +921,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:53 GMT + - Sat, 24 May 2025 10:34:53 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -926,7 +931,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=319,atl-edge;dur=298,atl-edge-internal;dur=14,atl-edge-upstream;dur=284,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="lCJwRywK7GTWXCYcgIfRUsCCOLH24sKgb_oLEeOXbCha-l0J4lD_ag==",cdn-downstream-fbl;dur=322 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=227,atl-edge;dur=219,atl-edge-internal;dur=17,atl-edge-upstream;dur=203,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="HtSwNZwBlUX75PLiWCpyoE203HwnDRnIKcle6vHg8bekiFQbBKQb4A==",cdn-downstream-fbl;dur=231 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -936,15 +941,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f497fa2422d5b3ba3b34ed87ffef89a6.cloudfront.net (CloudFront) + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - lCJwRywK7GTWXCYcgIfRUsCCOLH24sKgb_oLEeOXbCha-l0J4lD_ag== + - HtSwNZwBlUX75PLiWCpyoE203HwnDRnIKcle6vHg8bekiFQbBKQb4A== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - eb96016493159640dccbc030dabe3afe + - da5c93019660a75b30dda8f466001070 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -970,39 +975,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18257 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19692 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18257","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18257","key":"NTEST-1881","fields":{"statuscategorychangedate":"2025-04-30T18:27:52.607+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19692","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19692","key":"NTEST-3020","fields":{"statuscategorychangedate":"2025-05-24T12:34:52.827+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1881/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:52.249+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t8f:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:52.345+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3020/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:52.485+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010m7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:52.570+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/23] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/956] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/115]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/124]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/314] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/357]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/312] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/314]\n*Defect - Dojo link:* http://localhost:8080/finding/314 (314)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/359]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/357]\n*Defect + Dojo link:* http://localhost:8080/finding/357 (357)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -1025,16 +1031,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/312]\n*Defect Dojo link:* - http://localhost:8080/finding/312 (312)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/359]\n*Defect + Dojo link:* http://localhost:8080/finding/359 (359)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -1057,16 +1063,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1881/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18257/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3020/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19692/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 63343298-392f-4b33-ba15-5fde44fa0c68 + - c16c5095-5513-4171-b44f-719a77ead65f Atl-Traceid: - - 63343298392f4b33ba155fde44fa0c68 + - c16c509555134171b44f719a77ead65f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1076,7 +1082,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:53 GMT + - Sat, 24 May 2025 10:34:53 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1086,7 +1092,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="UJwvW2vnM4QRf06NgdfS9MOK7t0AKAud9kIdh5wiRbJdqiszZ6babQ==",cdn-downstream-fbl;dur=342,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=61,cdn-upstream-fbl;dur=339,atl-edge;dur=256,atl-edge-internal;dur=17,atl-edge-upstream;dur=240,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=238,atl-edge;dur=230,atl-edge-internal;dur=16,atl-edge-upstream;dur=215,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="6lJ7cJ1TwT0NXeO_BQjFZGwri7_4jVMubbnwlpoCdwUz6RnhcsmPkw==",cdn-downstream-fbl;dur=241 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1096,15 +1102,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 48f2e5da4dd7651bfa3bfd0054610cf4.cloudfront.net (CloudFront) + - 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - UJwvW2vnM4QRf06NgdfS9MOK7t0AKAud9kIdh5wiRbJdqiszZ6babQ== + - 6lJ7cJ1TwT0NXeO_BQjFZGwri7_4jVMubbnwlpoCdwUz6RnhcsmPkw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 091ceb3031880331df2ceef6961c8116 + - 1eeda297aa58f17aaf14d08d461ee553 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1133,12 +1139,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:54.055+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:53.715+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - c22e7639-669f-44ff-b8a5-e0dcf94e5614 + - 5f278828-5860-407a-9de1-ea3a82d7dd97 Atl-Traceid: - - c22e7639669f44ffb8a5e0dcf94e5614 + - 5f2788285860407a9de1ea3a82d7dd97 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1148,7 +1154,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:54 GMT + - Sat, 24 May 2025 10:34:53 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1158,7 +1164,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=204,atl-edge;dur=170,atl-edge-internal;dur=22,atl-edge-upstream;dur=148,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="vAJ1ReUb2K1oW5GfhZn4nFJTS3IIFbpG9Y6jN-OTnSOA9NSqH6h6Hg==",cdn-downstream-fbl;dur=208 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=110,atl-edge;dur=102,atl-edge-internal;dur=16,atl-edge-upstream;dur=87,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="5vogifje9LzruGibgWm5Twq1VhRcc85jDS6wFtsMicOTtBCx02Sx5g==",cdn-downstream-fbl;dur=115 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1168,15 +1174,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5538280951642fc71308aa997730220e.cloudfront.net (CloudFront) + - 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - vAJ1ReUb2K1oW5GfhZn4nFJTS3IIFbpG9Y6jN-OTnSOA9NSqH6h6Hg== + - 5vogifje9LzruGibgWm5Twq1VhRcc85jDS6wFtsMicOTtBCx02Sx5g== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 181bc8baafbfcc9a3be93f4cb7affa33 + - 68e1d9e13d11178c31a2730f8a50700f X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1214,9 +1220,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - e1d7a7a8-cf87-4e39-8e8b-5bd373591b25 + - 64fab30e-803d-4da9-808d-27da4b647d23 Atl-Traceid: - - e1d7a7a8cf874e398e8b5bd373591b25 + - 64fab30e803d4da9808d27da4b647d23 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1226,7 +1232,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:54 GMT + - Sat, 24 May 2025 10:34:54 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1236,7 +1242,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=405,atl-edge;dur=318,atl-edge-internal;dur=15,atl-edge-upstream;dur=304,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="82vE17HX36JPkxDCMgcT7oRO9Bd37fubmg45M02jDYAjvoby0AfJ0Q==",cdn-downstream-fbl;dur=409 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=239,atl-edge;dur=231,atl-edge-internal;dur=16,atl-edge-upstream;dur=216,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="agbQXj_h4cKPuSkQxX31S3baVwDXMsQnfQ0iC-5XP5WLeuCYN-XCVA==",cdn-downstream-fbl;dur=243 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1246,18 +1252,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a4888bfa57444daa340ca8dc53629170.cloudfront.net (CloudFront) + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 82vE17HX36JPkxDCMgcT7oRO9Bd37fubmg45M02jDYAjvoby0AfJ0Q== + - agbQXj_h4cKPuSkQxX31S3baVwDXMsQnfQ0iC-5XP5WLeuCYN-XCVA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - b68c97136a9750e63598dd87321caa4b + - 05a1415d06f05d1e0fe73f0291218317 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1271,16 +1277,18 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/24] in [Security + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/957] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/115]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/313] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/313]\n*Defect - Dojo link:* http://localhost:8080/finding/313 (313)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/124]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/358]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/358]\n*Defect + Dojo link:* http://localhost:8080/finding/358 (358)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service when @@ -1288,7 +1296,7 @@ interactions: Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* - [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' headers: Accept: - application/json,*/*;q=0.9 @@ -1299,7 +1307,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1945' + - '2139' Content-Type: - application/json User-Agent: @@ -1308,12 +1316,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18259","key":"NTEST-1882","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18259"}' + string: '{"id":"19693","key":"NTEST-3021","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19693"}' headers: Atl-Request-Id: - - 46975e66-32c1-4b4e-a93a-b5d650074f1f + - 6b1d680f-cb51-43bd-8e71-3b6ee4262e37 Atl-Traceid: - - 46975e6632c14b4ea93ab5d650074f1f + - 6b1d680fcb5143bd8e713b6ee4262e37 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1321,7 +1329,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:55 GMT + - Sat, 24 May 2025 10:34:54 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1331,7 +1339,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="ym0_v6KmfoeQmf05HDLzxqvM9jlyzCLLpJu4iGI-G9dozs9ZZwnDyw==",cdn-downstream-fbl;dur=777,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=58,cdn-upstream-fbl;dur=773,atl-edge;dur=694,atl-edge-internal;dur=22,atl-edge-upstream;dur=671,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=635,atl-edge;dur=628,atl-edge-internal;dur=19,atl-edge-upstream;dur=609,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="4F9uhdbT4fIietictrsiVUBSkBbpOdJL4RBNLuEZS5BwxmIuN8qBQA==",cdn-downstream-fbl;dur=639 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1341,15 +1349,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f266ac47d4aee3a84c8fc38a6ef92022.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ym0_v6KmfoeQmf05HDLzxqvM9jlyzCLLpJu4iGI-G9dozs9ZZwnDyw== + - 4F9uhdbT4fIietictrsiVUBSkBbpOdJL4RBNLuEZS5BwxmIuN8qBQA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - da67dc0efebd7ef302bc7810f1dde013 + - 7d0b8395a6f625c101cfb4e6908c2133 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1375,25 +1383,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1882 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3021 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18259","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18259","key":"NTEST-1882","fields":{"statuscategorychangedate":"2025-04-30T18:27:55.488+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19693","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19693","key":"NTEST-3021","fields":{"statuscategorychangedate":"2025-05-24T12:34:54.779+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1882/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:55.202+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t8n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:55.284+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3021/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:54.490+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010mf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:54.565+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/24] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/957] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/115]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/313] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/313]\n*Defect - Dojo link:* http://localhost:8080/finding/313 (313)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/124]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/358]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/358]\n*Defect + Dojo link:* http://localhost:8080/finding/358 (358)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -1402,14 +1412,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1882/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18259/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3021/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19693/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 90d207f0-59ea-418f-9198-21cb0ac4c8b6 + - 17025ceb-418c-47f1-aa40-92aca9d49db1 Atl-Traceid: - - 90d207f059ea418f919821cb0ac4c8b6 + - 17025ceb418c47f1aa4092aca9d49db1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1419,7 +1429,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:56 GMT + - Sat, 24 May 2025 10:34:55 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1429,7 +1439,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="m-VJZhvF9gnIMNxU4o0u4hY6YI5uKFpGuh-OygIkWhotJRxjaECHxw==",cdn-downstream-fbl;dur=357,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=60,cdn-upstream-fbl;dur=355,atl-edge;dur=275,atl-edge-internal;dur=16,atl-edge-upstream;dur=259,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=222,atl-edge;dur=215,atl-edge-internal;dur=16,atl-edge-upstream;dur=199,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="HOBQlxx7vUHDMI8kqn_ycVX8aWwrldNyQ0qCBFw_ZyL3ms2iifQ-ZA==",cdn-downstream-fbl;dur=225 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1439,15 +1449,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8913ce09707cf3a865704b4fbd2875de.cloudfront.net (CloudFront) + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - m-VJZhvF9gnIMNxU4o0u4hY6YI5uKFpGuh-OygIkWhotJRxjaECHxw== + - HOBQlxx7vUHDMI8kqn_ycVX8aWwrldNyQ0qCBFw_ZyL3ms2iifQ-ZA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 1f2150b7a46a46f9e116125fb9be80ab + - 03d6961c87c74009795f5ca7c9b42e96 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1473,25 +1483,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18259 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19693 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18259","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18259","key":"NTEST-1882","fields":{"statuscategorychangedate":"2025-04-30T18:27:55.488+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19693","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19693","key":"NTEST-3021","fields":{"statuscategorychangedate":"2025-05-24T12:34:54.779+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1882/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:55.202+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t8n:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:55.284+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3021/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:54.490+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010mf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:54.565+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/24] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/957] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/115]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/313] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/313]\n*Defect - Dojo link:* http://localhost:8080/finding/313 (313)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/124]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/358]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/358]\n*Defect + Dojo link:* http://localhost:8080/finding/358 (358)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -1500,14 +1512,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1882/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18259/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3021/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19693/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - a5e743d0-8d38-45c9-906d-6851ea7e0e3e + - 8cf9c96d-2bb0-44f3-8e88-d2d51ead9588 Atl-Traceid: - - a5e743d08d3845c9906d6851ea7e0e3e + - 8cf9c96d2bb044f38e88d2d51ead9588 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1517,7 +1529,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:56 GMT + - Sat, 24 May 2025 10:34:55 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1527,7 +1539,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=420,atl-edge;dur=387,atl-edge-internal;dur=15,atl-edge-upstream;dur=373,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="JuHBBzHspevxC2SFcr8b3PhSM69MpluXwyi1LNRrIRY46riwoukk5w==",cdn-downstream-fbl;dur=423 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=214,atl-edge;dur=207,atl-edge-internal;dur=15,atl-edge-upstream;dur=191,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="4jUX7eM6t0rKVk80BFurqsIb71lNA8tlCQ3nkjL_1MAdw86vazh7iw==",cdn-downstream-fbl;dur=218 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1537,15 +1549,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5538280951642fc71308aa997730220e.cloudfront.net (CloudFront) + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - JuHBBzHspevxC2SFcr8b3PhSM69MpluXwyi1LNRrIRY46riwoukk5w== + - 4jUX7eM6t0rKVk80BFurqsIb71lNA8tlCQ3nkjL_1MAdw86vazh7iw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 14ea9f4085172fa592e3d2eb03a544ec + - 698968b827d0745036c8595ac570ab69 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1558,14 +1570,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, - "url_ui": "http://localhost:8080/test/115", "url_api": "http://localhost:8080/api/v2/tests/115/", + "url_ui": "http://localhost:8080/test/124", "url_api": "http://localhost:8080/api/v2/tests/124/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 115, "url_ui": "http://localhost:8080/test/115", "url_api": "http://localhost:8080/api/v2/tests/115/"}}' + 124, "url_ui": "http://localhost:8080/test/124", "url_api": "http://localhost:8080/api/v2/tests/124/"}}' headers: Accept: - application/json @@ -1580,7 +1592,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -1594,22 +1606,22 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"849\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:53214\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:57880\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/115\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/115/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/124\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/124/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 115, \\\"url_ui\\\": \\\"http://localhost:8080/test/115\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/115/\\\"}}\",\n \"files\": + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 124, \\\"url_ui\\\": \\\"http://localhost:8080/test/124\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/124/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -1619,11 +1631,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 115,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/115/\",\n - \ \"url_ui\": \"http://localhost:8080/test/115\"\n },\n \"title\": + 124,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/124/\",\n + \ \"url_ui\": \"http://localhost:8080/test/124\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/115/\",\n \"url_ui\": - \"http://localhost:8080/test/115\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/124/\",\n \"url_ui\": + \"http://localhost:8080/test/124\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -1632,7 +1644,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:27:56 GMT + - Sat, 24 May 2025 10:34:54 GMT Transfer-Encoding: - chunked status: @@ -1641,32 +1653,33 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": - null, "url_ui": "http://localhost:8080/test/115", "url_api": "http://localhost:8080/api/v2/tests/115/", + null, "url_ui": "http://localhost:8080/test/124", "url_api": "http://localhost:8080/api/v2/tests/124/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 115, "url_ui": "http://localhost:8080/test/115", "url_api": "http://localhost:8080/api/v2/tests/115/"}, - "finding_count": 5, "findings": {"new": [{"id": 310, "title": "Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/310", - "url_api": "http://localhost:8080/api/v2/findings/310/"}, {"id": 311, "title": - "2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": - "High", "url_ui": "http://localhost:8080/finding/311", "url_api": "http://localhost:8080/api/v2/findings/311/"}, - {"id": 312, "title": "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 - || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 - || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 - || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/312", - "url_api": "http://localhost:8080/api/v2/findings/312/"}, {"id": 313, "title": - "Regular Expression Denial of Service - (Fresh, < 0.5.2)", "severity": "High", - "url_ui": "http://localhost:8080/finding/313", "url_api": "http://localhost:8080/api/v2/findings/313/"}, - {"id": 314, "title": "2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 - < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 - < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/314", - "url_api": "http://localhost:8080/api/v2/findings/314/"}], "reactivated": [], - "mitigated": [], "untouched": []}}' + 124, "url_ui": "http://localhost:8080/test/124", "url_api": "http://localhost:8080/api/v2/tests/124/"}, + "finding_count": 5, "findings": {"new": [{"id": 356, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/356", + "url_api": "http://localhost:8080/api/v2/findings/356/"}, {"id": 357, "title": + "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 + || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "High", "url_ui": "http://localhost:8080/finding/357", "url_api": + "http://localhost:8080/api/v2/findings/357/"}, {"id": 355, "title": "Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", + "url_ui": "http://localhost:8080/finding/355", "url_api": "http://localhost:8080/api/v2/findings/355/"}, + {"id": 358, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/358", "url_api": + "http://localhost:8080/api/v2/findings/358/"}, {"id": 359, "title": "2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= + 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || + >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/359", "url_api": + "http://localhost:8080/api/v2/findings/359/"}], "reactivated": [], "mitigated": + [], "untouched": []}}' headers: Accept: - application/json @@ -1677,11 +1690,11 @@ interactions: Connection: - keep-alive Content-Length: - - '2372' + - '2378' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -1693,84 +1706,84 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"2372\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"2378\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:53218\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:57892\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", - \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/115\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/115/\\\", \\\"product_type\\\": + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/124\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/124/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 115, \\\"url_ui\\\": \\\"http://localhost:8080/test/115\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/115/\\\"}, \\\"finding_count\\\": - 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 310, \\\"title\\\": \\\"Regular + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 124, \\\"url_ui\\\": \\\"http://localhost:8080/test/124\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/124/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 356, \\\"title\\\": \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/310\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/310/\\\"}, {\\\"id\\\": 311, \\\"title\\\": - \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", - \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/311\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/311/\\\"}, {\\\"id\\\": - 312, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/312\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/312/\\\"}, {\\\"id\\\": 313, \\\"title\\\": - \\\"Regular Expression Denial of Service - (Fresh, < 0.5.2)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/313\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/313/\\\"}, {\\\"id\\\": 314, \\\"title\\\": - \\\"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/356\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/356/\\\"}, {\\\"id\\\": 357, \\\"title\\\": + \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/314\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/314/\\\"}], - \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n - \ \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event - scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": - \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \\\"http://localhost:8080/finding/357\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/357/\\\"}, + {\\\"id\\\": 355, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/355\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/355/\\\"}, + {\\\"id\\\": 358, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/358\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/358/\\\"}, + {\\\"id\\\": 359, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/359\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/359/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 310,\n \"severity\": \"High\",\n \"title\": + \ \"id\": 356,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/356/\",\n \"url_ui\": \"http://localhost:8080/finding/356\"\n + \ },\n {\n \"id\": 357,\n \"severity\": \"High\",\n + \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < + 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 + < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/357/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/357\"\n },\n + \ {\n \"id\": 355,\n \"severity\": \"Medium\",\n \"title\": \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/310/\",\n \"url_ui\": \"http://localhost:8080/finding/310\"\n - \ },\n {\n \"id\": 311,\n \"severity\": \"High\",\n - \ \"title\": \"2222Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/311/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/311\"\n },\n - \ {\n \"id\": 312,\n \"severity\": \"High\",\n \"title\": - \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < - 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 - < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= - 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/312/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/312\"\n },\n - \ {\n \"id\": 313,\n \"severity\": \"High\",\n \"title\": - \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/313/\",\n \"url_ui\": \"http://localhost:8080/finding/313\"\n - \ },\n {\n \"id\": 314,\n \"severity\": \"High\",\n - \ \"title\": \"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/314/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/314\"\n }\n ],\n + \"http://localhost:8080/api/v2/findings/355/\",\n \"url_ui\": \"http://localhost:8080/finding/355\"\n + \ },\n {\n \"id\": 358,\n \"severity\": \"Medium\",\n + \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/358/\",\n \"url_ui\": + \"http://localhost:8080/finding/358\"\n },\n {\n \"id\": + 359,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/359/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/359\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 115,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/115/\",\n - \ \"url_ui\": \"http://localhost:8080/test/115\"\n },\n \"title\": + 124,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/124/\",\n + \ \"url_ui\": \"http://localhost:8080/test/124\"\n },\n \"title\": \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: - NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/115/\",\n - \ \"url_ui\": \"http://localhost:8080/test/115\",\n \"user\": null\n + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/124/\",\n + \ \"url_ui\": \"http://localhost:8080/test/124\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1780,7 +1793,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:27:56 GMT + - Sat, 24 May 2025 10:34:54 GMT Transfer-Encoding: - chunked status: @@ -1789,14 +1802,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, - "url_ui": "http://localhost:8080/test/116", "url_api": "http://localhost:8080/api/v2/tests/116/", + "url_ui": "http://localhost:8080/test/125", "url_api": "http://localhost:8080/api/v2/tests/125/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 116, "url_ui": "http://localhost:8080/test/116", "url_api": "http://localhost:8080/api/v2/tests/116/"}}' + 125, "url_ui": "http://localhost:8080/test/125", "url_api": "http://localhost:8080/api/v2/tests/125/"}}' headers: Accept: - application/json @@ -1811,7 +1824,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -1825,22 +1838,22 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"849\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:53232\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:57908\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/116\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/116/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/125\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/125/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 116, \\\"url_ui\\\": \\\"http://localhost:8080/test/116\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/116/\\\"}}\",\n \"files\": + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 125, \\\"url_ui\\\": \\\"http://localhost:8080/test/125\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/125/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -1850,11 +1863,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 116,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/116/\",\n - \ \"url_ui\": \"http://localhost:8080/test/116\"\n },\n \"title\": + 125,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/125/\",\n + \ \"url_ui\": \"http://localhost:8080/test/125\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/116/\",\n \"url_ui\": - \"http://localhost:8080/test/116\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/125/\",\n \"url_ui\": + \"http://localhost:8080/test/125\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -1863,7 +1876,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:27:56 GMT + - Sat, 24 May 2025 10:34:54 GMT Transfer-Encoding: - chunked status: @@ -1872,32 +1885,33 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": - null, "url_ui": "http://localhost:8080/test/116", "url_api": "http://localhost:8080/api/v2/tests/116/", + null, "url_ui": "http://localhost:8080/test/125", "url_api": "http://localhost:8080/api/v2/tests/125/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 116, "url_ui": "http://localhost:8080/test/116", "url_api": "http://localhost:8080/api/v2/tests/116/"}, - "finding_count": 5, "findings": {"new": [{"id": 315, "title": "Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/315", - "url_api": "http://localhost:8080/api/v2/findings/315/"}, {"id": 316, "title": - "2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": - "High", "url_ui": "http://localhost:8080/finding/316", "url_api": "http://localhost:8080/api/v2/findings/316/"}, - {"id": 317, "title": "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 - || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 - || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 - || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/317", - "url_api": "http://localhost:8080/api/v2/findings/317/"}, {"id": 318, "title": - "Regular Expression Denial of Service - (Fresh, < 0.5.2)", "severity": "High", - "url_ui": "http://localhost:8080/finding/318", "url_api": "http://localhost:8080/api/v2/findings/318/"}, - {"id": 319, "title": "2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 - < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 - < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/319", - "url_api": "http://localhost:8080/api/v2/findings/319/"}], "reactivated": [], - "mitigated": [], "untouched": []}}' + 125, "url_ui": "http://localhost:8080/test/125", "url_api": "http://localhost:8080/api/v2/tests/125/"}, + "finding_count": 5, "findings": {"new": [{"id": 361, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/361", + "url_api": "http://localhost:8080/api/v2/findings/361/"}, {"id": 362, "title": + "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 + || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "High", "url_ui": "http://localhost:8080/finding/362", "url_api": + "http://localhost:8080/api/v2/findings/362/"}, {"id": 360, "title": "Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", + "url_ui": "http://localhost:8080/finding/360", "url_api": "http://localhost:8080/api/v2/findings/360/"}, + {"id": 363, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/363", "url_api": + "http://localhost:8080/api/v2/findings/363/"}, {"id": 364, "title": "2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= + 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || + >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/364", "url_api": + "http://localhost:8080/api/v2/findings/364/"}], "reactivated": [], "mitigated": + [], "untouched": []}}' headers: Accept: - application/json @@ -1908,11 +1922,11 @@ interactions: Connection: - keep-alive Content-Length: - - '2372' + - '2378' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -1924,84 +1938,84 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"2372\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"2378\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:53236\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:57912\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", - \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/116\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/116/\\\", \\\"product_type\\\": + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/125\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/125/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 116, \\\"url_ui\\\": \\\"http://localhost:8080/test/116\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/116/\\\"}, \\\"finding_count\\\": - 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 315, \\\"title\\\": \\\"Regular + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 125, \\\"url_ui\\\": \\\"http://localhost:8080/test/125\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/125/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 361, \\\"title\\\": \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/315\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/315/\\\"}, {\\\"id\\\": 316, \\\"title\\\": - \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", - \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/316\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/316/\\\"}, {\\\"id\\\": - 317, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/317\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/317/\\\"}, {\\\"id\\\": 318, \\\"title\\\": - \\\"Regular Expression Denial of Service - (Fresh, < 0.5.2)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/318\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/318/\\\"}, {\\\"id\\\": 319, \\\"title\\\": - \\\"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/361\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/361/\\\"}, {\\\"id\\\": 362, \\\"title\\\": + \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/319\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/319/\\\"}], - \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n - \ \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event - scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": - \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \\\"http://localhost:8080/finding/362\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/362/\\\"}, + {\\\"id\\\": 360, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/360\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/360/\\\"}, + {\\\"id\\\": 363, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/363\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/363/\\\"}, + {\\\"id\\\": 364, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/364\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/364/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 315,\n \"severity\": \"High\",\n \"title\": + \ \"id\": 361,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/361/\",\n \"url_ui\": \"http://localhost:8080/finding/361\"\n + \ },\n {\n \"id\": 362,\n \"severity\": \"High\",\n + \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < + 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 + < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/362/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/362\"\n },\n + \ {\n \"id\": 360,\n \"severity\": \"Medium\",\n \"title\": \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/315/\",\n \"url_ui\": \"http://localhost:8080/finding/315\"\n - \ },\n {\n \"id\": 316,\n \"severity\": \"High\",\n - \ \"title\": \"2222Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/316/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/316\"\n },\n - \ {\n \"id\": 317,\n \"severity\": \"High\",\n \"title\": - \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < - 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 - < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= - 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/317/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/317\"\n },\n - \ {\n \"id\": 318,\n \"severity\": \"High\",\n \"title\": - \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/318/\",\n \"url_ui\": \"http://localhost:8080/finding/318\"\n - \ },\n {\n \"id\": 319,\n \"severity\": \"High\",\n - \ \"title\": \"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/319/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/319\"\n }\n ],\n + \"http://localhost:8080/api/v2/findings/360/\",\n \"url_ui\": \"http://localhost:8080/finding/360\"\n + \ },\n {\n \"id\": 363,\n \"severity\": \"Medium\",\n + \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/363/\",\n \"url_ui\": + \"http://localhost:8080/finding/363\"\n },\n {\n \"id\": + 364,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/364/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/364\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 116,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/116/\",\n - \ \"url_ui\": \"http://localhost:8080/test/116\"\n },\n \"title\": + 125,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/125/\",\n + \ \"url_ui\": \"http://localhost:8080/test/125\"\n },\n \"title\": \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: - NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/116/\",\n - \ \"url_ui\": \"http://localhost:8080/test/116\",\n \"user\": null\n + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/125/\",\n + \ \"url_ui\": \"http://localhost:8080/test/125\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -2011,7 +2025,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:27:56 GMT + - Sat, 24 May 2025 10:34:54 GMT Transfer-Encoding: - chunked status: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_with_push_to_jira_is_false_but_push_all.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_with_push_to_jira_is_false_but_push_all.yaml index b507c66d576..f0e56212f6a 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_with_push_to_jira_is_false_but_push_all.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_groups_with_push_to_jira_is_false_but_push_all.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:27:57.546+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:56.346+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 57f26753-8e1d-42d9-823e-e1dff8c2ca91 + - e7c45f3a-a560-4994-90ff-ace7165785ca Atl-Traceid: - - 57f267538e1d42d9823ee1dff8c2ca91 + - e7c45f3aa560499490fface7165785ca Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:57 GMT + - Sat, 24 May 2025 10:34:56 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="T_-QHDjiRU1LVYT4Dhy1SmC_pqtxCljxfPmE3yHsKm04bc_rVPp8EA==",cdn-downstream-fbl;dur=324,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=70,cdn-upstream-fbl;dur=322,atl-edge;dur=228,atl-edge-internal;dur=13,atl-edge-upstream;dur=215,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=115,atl-edge;dur=107,atl-edge-internal;dur=15,atl-edge-upstream;dur=93,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="v5RGszF4F18KKHAlWk2n0fyE8ymh2B5k6LoFwffJbfQfRNbLhTTO_Q==",cdn-downstream-fbl;dur=119 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 51e6f466f192ce588105b138cebcc0d0.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - T_-QHDjiRU1LVYT4Dhy1SmC_pqtxCljxfPmE3yHsKm04bc_rVPp8EA== + - v5RGszF4F18KKHAlWk2n0fyE8ymh2B5k6LoFwffJbfQfRNbLhTTO_Q== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - a7ba8bd322bb7f6f569214edd869cc7b + - e40212df5d7a06edf207a1840a7b8357 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - ffc22c39-4aed-46e5-ad5f-d2e76653a6f5 + - cdf05a18-94a9-46ac-8612-402354e14250 Atl-Traceid: - - ffc22c394aed46e5ad5fd2e76653a6f5 + - cdf05a1894a946ac8612402354e14250 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:58 GMT + - Sat, 24 May 2025 10:34:56 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="ZujxIZoXiHJon39CoOzffPWX19BVYWBOoemJ2C3B0XF4dd1M-wv3DA==",cdn-downstream-fbl;dur=367,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=55,cdn-upstream-fbl;dur=364,atl-edge;dur=289,atl-edge-internal;dur=16,atl-edge-upstream;dur=273,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="lvcQ9bPKLJsjP4Bw18PFAdbSJlen9pPM9-MiP82o9NUltaPb6zi3Dg==",cdn-downstream-fbl;dur=296,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=294,atl-edge;dur=265,atl-edge-internal;dur=16,atl-edge-upstream;dur=249,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f266ac47d4aee3a84c8fc38a6ef92022.cloudfront.net (CloudFront) + - 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ZujxIZoXiHJon39CoOzffPWX19BVYWBOoemJ2C3B0XF4dd1M-wv3DA== + - lvcQ9bPKLJsjP4Bw18PFAdbSJlen9pPM9-MiP82o9NUltaPb6zi3Dg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - c6b908138d9f4b776c255c1e870d809b + - 981b243d8fc896cef3f6a115cb11690b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -156,19 +156,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/28] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/961] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/117]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/321] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/320] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/126]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/366]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/365]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/321]\n*Defect Dojo link:* http://localhost:8080/finding/321 - (321)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/366]\n*Defect Dojo link:* http://localhost:8080/finding/366 + (366)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -178,9 +179,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/320]\n*Defect - Dojo link:* http://localhost:8080/finding/320 (320)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/365]\n*Defect + Dojo link:* http://localhost:8080/finding/365 (365)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -200,7 +201,7 @@ interactions: Connection: - keep-alive Content-Length: - - '3334' + - '3511' Content-Type: - application/json User-Agent: @@ -209,12 +210,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18261","key":"NTEST-1883","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18261"}' + string: '{"id":"19694","key":"NTEST-3022","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19694"}' headers: Atl-Request-Id: - - c33005be-1c6e-490d-a5c3-b78b27d9d316 + - ac7acc07-8c20-4972-85de-c496b083d92c Atl-Traceid: - - c33005be1c6e490da5c3b78b27d9d316 + - ac7acc078c20497285dec496b083d92c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -222,7 +223,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:59 GMT + - Sat, 24 May 2025 10:34:57 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -232,7 +233,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="YCv47yDPkedtKNFAeZDkzj4AXEhTbcYhutqMB0CkMJ2JRF8ZGwo6bg==",cdn-downstream-fbl;dur=721,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=60,cdn-upstream-fbl;dur=719,atl-edge;dur=638,atl-edge-internal;dur=18,atl-edge-upstream;dur=620,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=732,atl-edge;dur=724,atl-edge-internal;dur=16,atl-edge-upstream;dur=709,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ZWaSn9_WArsgw_H7BcMm4rhULKp3ugvMTHGOXW-cdmYdSAUBLaJybA==",cdn-downstream-fbl;dur=736 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -242,15 +243,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b1383a69c949c8987c982636bd26b4f2.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - YCv47yDPkedtKNFAeZDkzj4AXEhTbcYhutqMB0CkMJ2JRF8ZGwo6bg== + - ZWaSn9_WArsgw_H7BcMm4rhULKp3ugvMTHGOXW-cdmYdSAUBLaJybA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - ebc22e3c92f8ae4d26b9fc643e492537 + - e4c33a711f5947adea45bc25b31548f2 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -276,28 +277,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1883 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3022 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18261","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18261","key":"NTEST-1883","fields":{"statuscategorychangedate":"2025-04-30T18:27:58.937+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19694","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19694","key":"NTEST-3022","fields":{"statuscategorychangedate":"2025-05-24T12:34:57.517+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1883/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:58.673+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t8v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:58.748+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3022/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:57.188+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010mn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:57.280+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/28] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/961] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/117]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/321] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/320] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/126]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/366]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/365]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/321]\n*Defect Dojo link:* http://localhost:8080/finding/321 - (321)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/366]\n*Defect Dojo link:* http://localhost:8080/finding/366 + (366)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -307,9 +309,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/320]\n*Defect - Dojo link:* http://localhost:8080/finding/320 (320)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/365]\n*Defect + Dojo link:* http://localhost:8080/finding/365 (365)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -319,14 +321,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1883/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18261/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3022/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19694/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - bff9ab65-4a52-4c85-a8dc-31123dbcbc5e + - 2ebe0580-b335-4955-9fb9-691f490d0200 Atl-Traceid: - - bff9ab654a524c85a8dc31123dbcbc5e + - 2ebe0580b33549559fb9691f490d0200 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -336,7 +338,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:27:59 GMT + - Sat, 24 May 2025 10:34:57 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -346,7 +348,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="Syi7a3gUEBtqXR1plJzpqamzX6IZg4JYrvF1MUWMr9QL2p3lshFu7A==",cdn-downstream-fbl;dur=363,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=361,atl-edge;dur=273,atl-edge-internal;dur=17,atl-edge-upstream;dur=257,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=247,atl-edge;dur=239,atl-edge-internal;dur=16,atl-edge-upstream;dur=222,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Y3ZsTAf5N84jHJEJl91oD4E5cnfk2vMuXhGjhGVg39RlbUnpr_xsvQ==",cdn-downstream-fbl;dur=252 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -356,15 +358,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f6567fa2210130239a3a2c737c9517ac.cloudfront.net (CloudFront) + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Syi7a3gUEBtqXR1plJzpqamzX6IZg4JYrvF1MUWMr9QL2p3lshFu7A== + - Y3ZsTAf5N84jHJEJl91oD4E5cnfk2vMuXhGjhGVg39RlbUnpr_xsvQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 068874afa6a276f6d6dba59ef3b001e2 + - ded394eccbba8c7ff2827a01bf723d32 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -390,28 +392,29 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18261 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19694 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18261","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18261","key":"NTEST-1883","fields":{"statuscategorychangedate":"2025-04-30T18:27:58.937+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19694","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19694","key":"NTEST-3022","fields":{"statuscategorychangedate":"2025-05-24T12:34:57.517+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1883/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:27:58.673+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t8v:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:27:58.748+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3022/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:57.188+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010mn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:57.280+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/28] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/961] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/117]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] - | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 - | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/321] - | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] - | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 - | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/320] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + / [NPM Audit Scan|http://localhost:8080/test/126]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/366]|Active, + Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/365]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/321]\n*Defect Dojo link:* http://localhost:8080/finding/321 - (321)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/366]\n*Defect Dojo link:* http://localhost:8080/finding/366 + (366)\n*Severity:* High\n *Due Date:* June 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -421,9 +424,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/320]\n*Defect - Dojo link:* http://localhost:8080/finding/320 (320)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/365]\n*Defect + Dojo link:* http://localhost:8080/finding/365 (365)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -433,14 +436,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1883/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18261/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: negotiator:0.5.3","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3022/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19694/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - e0ad787a-2f77-47fe-9d9a-dbb3130db2cb + - 972a582f-8df6-4c85-9467-df7b04096738 Atl-Traceid: - - e0ad787a2f7747fe9d9adbb3130db2cb + - 972a582f8df64c859467df7b04096738 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -450,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:00 GMT + - Sat, 24 May 2025 10:34:58 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -460,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=334,atl-edge;dur=301,atl-edge-internal;dur=19,atl-edge-upstream;dur=282,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="HMfsflQZXpyeDwZtXIqhwlcn4gwhlTeLHP0LIT1MaFd7rL_4h_ydJA==",cdn-downstream-fbl;dur=339 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=247,atl-edge;dur=240,atl-edge-internal;dur=17,atl-edge-upstream;dur=223,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="nlhPtPKmyRe0I2Hu4MEPLmYzaMM8NZihiZLZCi_TLlClEkCJV5tRrg==",cdn-downstream-fbl;dur=251 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -470,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront) + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - HMfsflQZXpyeDwZtXIqhwlcn4gwhlTeLHP0LIT1MaFd7rL_4h_ydJA== + - nlhPtPKmyRe0I2Hu4MEPLmYzaMM8NZihiZLZCi_TLlClEkCJV5tRrg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - ab183ae6d8a7902c481bf4401d671d94 + - 34ac9e2f1ae4ff959a20f3f0bc4a426b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -507,12 +510,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:00.513+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:34:58.433+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 1b85d0f3-c819-496d-a3b9-b91990f17df7 + - edf67da5-ab5b-443a-8fff-c7889ae1038d Atl-Traceid: - - 1b85d0f3c819496da3b9b91990f17df7 + - edf67da5ab5b443a8fffc7889ae1038d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -522,7 +525,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:00 GMT + - Sat, 24 May 2025 10:34:58 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -532,7 +535,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=210,atl-edge;dur=178,atl-edge-internal;dur=15,atl-edge-upstream;dur=163,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="pt68z7AbRgil3uoUW5ryD8ZcYfiK9GIMeWbh9PAf43x4QrVt99PJ5g==",cdn-downstream-fbl;dur=215 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=117,atl-edge;dur=108,atl-edge-internal;dur=14,atl-edge-upstream;dur=95,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="SL4vuH02Ylw3K5B6wvLf4qFMfuxGjEGIke7T2Fue-NCKrnOnI8SLdg==",cdn-downstream-fbl;dur=121 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -542,15 +545,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 995d6494814d695ff2add6899f970080.cloudfront.net (CloudFront) + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - pt68z7AbRgil3uoUW5ryD8ZcYfiK9GIMeWbh9PAf43x4QrVt99PJ5g== + - SL4vuH02Ylw3K5B6wvLf4qFMfuxGjEGIke7T2Fue-NCKrnOnI8SLdg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - ef8d6296f7cbc6d1a275d4e87074425b + - ff2decf7e12ac358dab1e3b0480404dd X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -588,9 +591,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 1033f50c-2f80-4745-a059-e9d3e66ce1f7 + - 68aae811-0467-4615-9618-5453875e9c8f Atl-Traceid: - - 1033f50c2f804745a059e9d3e66ce1f7 + - 68aae8110467461596185453875e9c8f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -600,7 +603,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:01 GMT + - Sat, 24 May 2025 10:34:58 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -610,7 +613,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="bEoRGc7X8-4WcNnjo73BXFj_cID4_DeNUk--dsy988mHEkWzGaizvA==",cdn-downstream-fbl;dur=409,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=55,cdn-upstream-fbl;dur=406,atl-edge;dur=332,atl-edge-internal;dur=15,atl-edge-upstream;dur=316,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=293,atl-edge;dur=285,atl-edge-internal;dur=17,atl-edge-upstream;dur=269,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="CwbVz8AZk4SPPQmAGALS4fP0mDo7A86wvYJxdQtibn1_3xTp84elVg==",cdn-downstream-fbl;dur=297 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -620,18 +623,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c1388c9ad241eb02cd4ddbe69b1a2d34.cloudfront.net (CloudFront) + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - bEoRGc7X8-4WcNnjo73BXFj_cID4_DeNUk--dsy988mHEkWzGaizvA== + - CwbVz8AZk4SPPQmAGALS4fP0mDo7A86wvYJxdQtibn1_3xTp84elVg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - facef41a72b34f4bca32b681a021829d + - c529fb97161616507a4ecee2abaa1a96 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -645,30 +648,31 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/29] in [Security + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/962] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/117]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/126]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/324] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/367]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/322] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/369]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/324]\n*Defect - Dojo link:* http://localhost:8080/finding/324 (324)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/367]\n*Defect + Dojo link:* http://localhost:8080/finding/367 (367)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -691,15 +695,15 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < - 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= - 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 - < 7.1.2)|http://localhost:8080/finding/322]\n*Defect Dojo link:* http://localhost:8080/finding/322 - (322)\n*Severity:* High\n *Due Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - + (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 + < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < + 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= + 7.1.0 < 7.1.2)|http://localhost:8080/finding/369]\n*Defect Dojo link:* http://localhost:8080/finding/369 + (369)\n*Severity:* Medium\n *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be vulnerable:\n1. @@ -722,7 +726,7 @@ interactions: or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo - impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' headers: Accept: @@ -734,7 +738,7 @@ interactions: Connection: - keep-alive Content-Length: - - '6804' + - '6981' Content-Type: - application/json User-Agent: @@ -743,12 +747,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18263","key":"NTEST-1884","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18263"}' + string: '{"id":"19695","key":"NTEST-3023","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19695"}' headers: Atl-Request-Id: - - 0e26c875-2ca2-48f2-84a3-774b837dde4c + - 418763af-48fe-4aba-90ea-18deb6a42904 Atl-Traceid: - - 0e26c8752ca248f284a3774b837dde4c + - 418763af48fe4aba90ea18deb6a42904 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -756,7 +760,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:02 GMT + - Sat, 24 May 2025 10:34:59 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -766,7 +770,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="QQ81hdEL1X3aAOh9ugwaXSOHwu0zn35eVkvQahr9XQ8FXzvvMzI01Q==",cdn-downstream-fbl;dur=1415,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=1411,atl-edge;dur=1325,atl-edge-internal;dur=15,atl-edge-upstream;dur=1310,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=789,atl-edge;dur=781,atl-edge-internal;dur=27,atl-edge-upstream;dur=754,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="H8jMH1X_FNHuo1sNdcOEXS3lYRIM9WyIopdZHlW1v7LoJidZpnNHJw==",cdn-downstream-fbl;dur=792 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -776,15 +780,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0d9c2d5ae2c28ab89ceaef885af258e6.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - QQ81hdEL1X3aAOh9ugwaXSOHwu0zn35eVkvQahr9XQ8FXzvvMzI01Q== + - H8jMH1X_FNHuo1sNdcOEXS3lYRIM9WyIopdZHlW1v7LoJidZpnNHJw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 1b746d2f5532533ec5702fc8ba0a6563 + - 8a6d643b7d23ada4a936f4eea0d912d7 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -810,39 +814,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1884 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3023 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18263","key":"NTEST-1884","fields":{"statuscategorychangedate":"2025-04-30T18:28:02.566+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19695","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19695","key":"NTEST-3023","fields":{"statuscategorychangedate":"2025-05-24T12:34:59.662+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1884/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:01.611+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t93:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:02.390+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3023/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:59.308+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010mv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:59.411+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/29] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/962] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/117]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/126]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/324] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/367]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/322] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/324]\n*Defect - Dojo link:* http://localhost:8080/finding/324 (324)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/369]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/367]\n*Defect + Dojo link:* http://localhost:8080/finding/367 (367)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -865,16 +870,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/322]\n*Defect Dojo link:* - http://localhost:8080/finding/322 (322)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/369]\n*Defect + Dojo link:* http://localhost:8080/finding/369 (369)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -897,16 +902,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1884/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3023/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19695/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - d7b0b2a1-06a3-489f-91a7-954e55f6340b + - 35b2f6bd-e1d8-45f5-9d9a-27917d0bafd6 Atl-Traceid: - - d7b0b2a106a3489f91a7954e55f6340b + - 35b2f6bde1d845f59d9a27917d0bafd6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -916,7 +921,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:03 GMT + - Sat, 24 May 2025 10:35:00 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -926,7 +931,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=284,atl-edge;dur=251,atl-edge-internal;dur=16,atl-edge-upstream;dur=236,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="H6Gq_Pnwa7KNf7e4BaLwUbXgv6mJsF40lxX5S03W8ltMdCR04VyNJA==",cdn-downstream-fbl;dur=287 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=244,atl-edge;dur=237,atl-edge-internal;dur=15,atl-edge-upstream;dur=222,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="cwtoUoZzzuaOIRgqs4sTQU0l5gpa2An4F53CQXWDqu6ImwNfYVKwcg==",cdn-downstream-fbl;dur=249 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -936,15 +941,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9dbecd95f02024b36225d6b521598db6.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - H6Gq_Pnwa7KNf7e4BaLwUbXgv6mJsF40lxX5S03W8ltMdCR04VyNJA== + - cwtoUoZzzuaOIRgqs4sTQU0l5gpa2An4F53CQXWDqu6ImwNfYVKwcg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 85d2ae8cd1ac59e7fe8de0c2150809b0 + - 22a972b954ec3b6fa51af4947358a1c8 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -970,39 +975,40 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18263 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19695 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18263","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18263","key":"NTEST-1884","fields":{"statuscategorychangedate":"2025-04-30T18:28:02.566+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19695","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19695","key":"NTEST-3023","fields":{"statuscategorychangedate":"2025-05-24T12:34:59.662+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1884/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:01.611+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t93:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:02.390+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3023/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:34:59.308+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010mv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:34:59.411+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/29] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/962] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/117]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + / [NPM Audit Scan|http://localhost:8080/test/126]\n\nh2. Summary\n*Severity:* + High *Due Date:* June 23, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/324] | Active, - Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] - | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/367]|Active, + Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/322] | Active, - Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 - < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < - 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= - 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/324]\n*Defect - Dojo link:* http://localhost:8080/finding/324 (324)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/369]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/367]\n*Defect + Dojo link:* http://localhost:8080/finding/367 (367)\n*Severity:* High\n *Due + Date:* June 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -1025,16 +1031,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, - < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 - < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < - 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/322]\n*Defect Dojo link:* - http://localhost:8080/finding/322 (322)\n*Severity:* High\n *Due Date:* May - 30, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] - \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source - File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution + - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= + 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 + < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/369]\n*Defect + Dojo link:* http://localhost:8080/finding/369 (369)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. \n\nThere are two specific scenarios in which it is likely for an application to be @@ -1057,16 +1063,16 @@ interactions: Version 5.x.x: Update to version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note - that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1884/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18263/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: pg:5.1.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3023/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19695/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - edc9b52a-f253-40cf-a742-0092b4f5bc00 + - 19b469bb-7dd0-43fa-ab17-55ab612d714e Atl-Traceid: - - edc9b52af25340cfa7420092b4f5bc00 + - 19b469bb7dd043faab1755ab612d714e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1076,7 +1082,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:03 GMT + - Sat, 24 May 2025 10:35:00 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1086,7 +1092,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=289,atl-edge;dur=256,atl-edge-internal;dur=14,atl-edge-upstream;dur=242,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="jvRnhWcON13IvUFVWTMvhTCX2v0sCDQsaYjR7e9gyFCghkGRyQbGxA==",cdn-downstream-fbl;dur=294 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=255,atl-edge;dur=247,atl-edge-internal;dur=17,atl-edge-upstream;dur=230,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="2e59JcTCfg2RgPNoVEeE8O5Z3l4wdyqcyPCnQO_PIqjBDoiFyQvfFA==",cdn-downstream-fbl;dur=259 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1096,15 +1102,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1918cab433d8a05c792c3cff85897f3c.cloudfront.net (CloudFront) + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - jvRnhWcON13IvUFVWTMvhTCX2v0sCDQsaYjR7e9gyFCghkGRyQbGxA== + - 2e59JcTCfg2RgPNoVEeE8O5Z3l4wdyqcyPCnQO_PIqjBDoiFyQvfFA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 9e938f43e7f87b94b07f64eae44040a7 + - c0b7ca0a0913c47b751f3627542481f7 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1133,12 +1139,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:03.685+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:00.680+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 494e0b76-8774-41bd-89e5-289415ed2a56 + - eade85c6-76bb-4c9e-be1f-f0318ae1379c Atl-Traceid: - - 494e0b76877441bd89e5289415ed2a56 + - eade85c676bb4c9ebe1ff0318ae1379c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1148,7 +1154,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:03 GMT + - Sat, 24 May 2025 10:35:00 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1158,7 +1164,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=196,atl-edge;dur=163,atl-edge-internal;dur=14,atl-edge-upstream;dur=150,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="fakDGwARJqZEy54i7B1hanICwTc9BgmJKMScei_JRKacoTDFfq8nig==",cdn-downstream-fbl;dur=200 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="VuwB_cmS3EM05zCAMPNF1-ZaPsb5hKX1c1k1pmfh14ieNxUHFy-MSw==",cdn-downstream-fbl;dur=136,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=134,atl-edge;dur=107,atl-edge-internal;dur=14,atl-edge-upstream;dur=93,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1168,15 +1174,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c7697b9c4955dc41900ab918dddd33e0.cloudfront.net (CloudFront) + - 1.1 5de5e66003332bec09dff893114ac06c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - fakDGwARJqZEy54i7B1hanICwTc9BgmJKMScei_JRKacoTDFfq8nig== + - VuwB_cmS3EM05zCAMPNF1-ZaPsb5hKX1c1k1pmfh14ieNxUHFy-MSw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 55949cf8f90ec1c1e08c7beead6557b8 + - c5b1c4d8e1c7c885e1b86967f88de8be X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1214,9 +1220,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - ebc8bfcc-cec0-4bad-8130-91b91d43beea + - 0db1cd71-0f6b-4a44-a5ae-614ff5646062 Atl-Traceid: - - ebc8bfcccec04bad813091b91d43beea + - 0db1cd710f6b4a44a5ae614ff5646062 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1226,7 +1232,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:04 GMT + - Sat, 24 May 2025 10:35:01 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1236,7 +1242,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=311,atl-edge;dur=279,atl-edge-internal;dur=17,atl-edge-upstream;dur=262,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="IfbrCog3aawWYGj4o9JE0eBkaddY6QzgacHkMxMPykL1dH67Pi7Y5Q==",cdn-downstream-fbl;dur=316 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="eiydk9NgYxXjPodK3HSY_QYh_qC-LGHkAJydwNMMu7ZXZ3QbF-ZDeQ==",cdn-downstream-fbl;dur=319,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=316,atl-edge;dur=285,atl-edge-internal;dur=17,atl-edge-upstream;dur=269,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1246,18 +1252,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2918cacbb3dda2d143059f9b5f341e32.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - IfbrCog3aawWYGj4o9JE0eBkaddY6QzgacHkMxMPykL1dH67Pi7Y5Q== + - eiydk9NgYxXjPodK3HSY_QYh_qC-LGHkAJydwNMMu7ZXZ3QbF-ZDeQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 53622d815eadde30a981eed76147c1cd + - 9b03041d1c4e51340779167f4198d735 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1271,16 +1277,18 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/30] in [Security + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/963] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/117]\n\n\n|| Severity || CVE || - CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular - Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/323] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/323]\n*Defect - Dojo link:* http://localhost:8080/finding/323 (323)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/126]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/368]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/368]\n*Defect + Dojo link:* http://localhost:8080/finding/368 (368)\n*Severity:* Medium\n *Due + Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service when @@ -1288,7 +1296,7 @@ interactions: Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* - [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' headers: Accept: - application/json,*/*;q=0.9 @@ -1299,7 +1307,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1945' + - '2139' Content-Type: - application/json User-Agent: @@ -1308,12 +1316,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18265","key":"NTEST-1885","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18265"}' + string: '{"id":"19696","key":"NTEST-3024","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19696"}' headers: Atl-Request-Id: - - 2483fd2f-d1d8-491d-a681-f57ecf5434b9 + - f3f30a91-0591-49ed-b952-eed6e24afa54 Atl-Traceid: - - 2483fd2fd1d8491da681f57ecf5434b9 + - f3f30a91059149edb952eed6e24afa54 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1321,7 +1329,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:05 GMT + - Sat, 24 May 2025 10:35:01 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1331,7 +1339,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="RhbOPvd9jJIjPUj7htreWouE07nJpCVc-IQZv2Zf3X2TE1NGmYf9TA==",cdn-downstream-fbl;dur=806,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=66,cdn-upstream-fbl;dur=803,atl-edge;dur=714,atl-edge-internal;dur=15,atl-edge-upstream;dur=699,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=704,atl-edge;dur=696,atl-edge-internal;dur=16,atl-edge-upstream;dur=680,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="dznkzRbDVFGfmqlPQEJou1Gsrj5tzzbMsNKRIlszoPh8mbjTjfsxGQ==",cdn-downstream-fbl;dur=707 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1341,15 +1349,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a4888bfa57444daa340ca8dc53629170.cloudfront.net (CloudFront) + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - RhbOPvd9jJIjPUj7htreWouE07nJpCVc-IQZv2Zf3X2TE1NGmYf9TA== + - dznkzRbDVFGfmqlPQEJou1Gsrj5tzzbMsNKRIlszoPh8mbjTjfsxGQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 798ab030b4cac8b810a47260d73b414b + - 13e5196b648c82f17d8cb7a811fbdc23 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1375,25 +1383,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1885 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3024 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18265","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18265","key":"NTEST-1885","fields":{"statuscategorychangedate":"2025-04-30T18:28:05.050+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19696","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19696","key":"NTEST-3024","fields":{"statuscategorychangedate":"2025-05-24T12:35:01.846+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1885/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:04.742+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t9b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:04.830+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3024/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:01.540+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010n3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:01.622+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/30] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/963] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/117]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/323] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/323]\n*Defect - Dojo link:* http://localhost:8080/finding/323 (323)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/126]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/368]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/368]\n*Defect + Dojo link:* http://localhost:8080/finding/368 (368)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -1402,14 +1412,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1885/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18265/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3024/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19696/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 38379104-744e-4768-80de-8cbd4e93ea43 + - 305fd5e3-b8f5-4da7-b999-8da9044630b5 Atl-Traceid: - - 38379104744e476880de8cbd4e93ea43 + - 305fd5e3b8f54da7b9998da9044630b5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1419,7 +1429,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:05 GMT + - Sat, 24 May 2025 10:35:02 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1429,7 +1439,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=310,atl-edge;dur=277,atl-edge-internal;dur=19,atl-edge-upstream;dur=258,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="ZG8nZSiPDgHRKpcCKr9Q3X4g7RRuiJygTkOQBsYM5hFlKN34euAJqA==",cdn-downstream-fbl;dur=314 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="DWzecnNg1Ovd1fDeIm6qC_YR7uGj9jpjBDrBx5HfJ2chZ8PdXFeViw==",cdn-downstream-fbl;dur=278,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=19,cdn-upstream-fbl;dur=275,atl-edge;dur=246,atl-edge-internal;dur=17,atl-edge-upstream;dur=230,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1439,15 +1449,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a65725dd05dc27eea7ae75a2e122228e.cloudfront.net (CloudFront) + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ZG8nZSiPDgHRKpcCKr9Q3X4g7RRuiJygTkOQBsYM5hFlKN34euAJqA== + - DWzecnNg1Ovd1fDeIm6qC_YR7uGj9jpjBDrBx5HfJ2chZ8PdXFeViw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 42e9cd0dca7d6312d1e64c73b6d3df46 + - a138608bac5ff6f2fe80e1312917afea X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1473,25 +1483,27 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18265 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19696 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18265","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18265","key":"NTEST-1885","fields":{"statuscategorychangedate":"2025-04-30T18:28:05.050+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19696","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19696","key":"NTEST-3024","fields":{"statuscategorychangedate":"2025-05-24T12:35:01.846+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1885/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:04.742+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t9b:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:04.830+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3024/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:01.540+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010n3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:01.622+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/30] + Group\n*Group*: [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/963] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/117]\n\n\n|| Severity || CVE - || CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] - | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | - [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/323] - | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* May 30, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/323]\n*Defect - Dojo link:* http://localhost:8080/finding/323 (323)\n*Severity:* High\n *Due - Date:* May 30, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + / [NPM Audit Scan|http://localhost:8080/test/126]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Aug. 22, 2025 \n\nFindings matching the Active, and Severity + criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status + ||\n|Medium|[CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]|[400|https://cwe.mitre.org/data/definitions/400.html]|fresh|0.3.0|[Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/368]|Active, + Verified|\n\nFindings *not* matching the Active, and Severity criteria:\n|| + Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/368]\n*Defect + Dojo link:* http://localhost:8080/finding/368 (368)\n*Severity:* Medium\n + *Due Date:* Aug. 22, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected versions of `fresh` are vulnerable to regular expression denial of service @@ -1500,14 +1512,14 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Findings - in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1885/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18265/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + in: fresh:0.3.0","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3024/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19696/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 554c16df-c1b0-415e-9737-7f26c156cc8d + - f28dcc34-f4c7-4889-9ff9-9af7ad4ef267 Atl-Traceid: - - 554c16dfc1b0415e97377f26c156cc8d + - f28dcc34f4c748899ff99af7ad4ef267 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1517,7 +1529,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:05 GMT + - Sat, 24 May 2025 10:35:02 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1527,7 +1539,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=307,atl-edge;dur=275,atl-edge-internal;dur=16,atl-edge-upstream;dur=259,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="XnI7iuLlZguK5YsGwpTxv75XMbZC8lBtDas6vtFPjxp2fHYQpVEiiQ==",cdn-downstream-fbl;dur=312 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=246,atl-edge;dur=238,atl-edge-internal;dur=19,atl-edge-upstream;dur=220,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="_9Suy1Zj5RvsyQ058c3exVA_-9PWHN0z-qcwg_-vYMtCASELcW-qlg==",cdn-downstream-fbl;dur=250 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1537,15 +1549,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5ea7f8bcbac3004590a821cdd0466e1c.cloudfront.net (CloudFront) + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - XnI7iuLlZguK5YsGwpTxv75XMbZC8lBtDas6vtFPjxp2fHYQpVEiiQ== + - _9Suy1Zj5RvsyQ058c3exVA_-9PWHN0z-qcwg_-vYMtCASELcW-qlg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 8eb67de3c24549233261895a97010117 + - 5c8ed38ea9cf1d69a9d3476c88b32359 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1558,14 +1570,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, - "url_ui": "http://localhost:8080/test/117", "url_api": "http://localhost:8080/api/v2/tests/117/", + "url_ui": "http://localhost:8080/test/126", "url_api": "http://localhost:8080/api/v2/tests/126/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 117, "url_ui": "http://localhost:8080/test/117", "url_api": "http://localhost:8080/api/v2/tests/117/"}}' + 126, "url_ui": "http://localhost:8080/test/126", "url_api": "http://localhost:8080/api/v2/tests/126/"}}' headers: Accept: - application/json @@ -1580,7 +1592,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -1594,22 +1606,22 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"849\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:38538\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:54306\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/117\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/117/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/126\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/126/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 117, \\\"url_ui\\\": \\\"http://localhost:8080/test/117\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/117/\\\"}}\",\n \"files\": + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 126, \\\"url_ui\\\": \\\"http://localhost:8080/test/126\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/126/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -1619,11 +1631,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 117,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/117/\",\n - \ \"url_ui\": \"http://localhost:8080/test/117\"\n },\n \"title\": + 126,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/126/\",\n + \ \"url_ui\": \"http://localhost:8080/test/126\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/117/\",\n \"url_ui\": - \"http://localhost:8080/test/117\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/126/\",\n \"url_ui\": + \"http://localhost:8080/test/126\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -1632,7 +1644,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:06 GMT + - Sat, 24 May 2025 10:35:00 GMT Transfer-Encoding: - chunked status: @@ -1641,32 +1653,33 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": - null, "url_ui": "http://localhost:8080/test/117", "url_api": "http://localhost:8080/api/v2/tests/117/", + null, "url_ui": "http://localhost:8080/test/126", "url_api": "http://localhost:8080/api/v2/tests/126/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 117, "url_ui": "http://localhost:8080/test/117", "url_api": "http://localhost:8080/api/v2/tests/117/"}, - "finding_count": 5, "findings": {"new": [{"id": 320, "title": "Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/320", - "url_api": "http://localhost:8080/api/v2/findings/320/"}, {"id": 321, "title": - "2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": - "High", "url_ui": "http://localhost:8080/finding/321", "url_api": "http://localhost:8080/api/v2/findings/321/"}, - {"id": 322, "title": "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 - || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 - || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 - || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/322", - "url_api": "http://localhost:8080/api/v2/findings/322/"}, {"id": 323, "title": - "Regular Expression Denial of Service - (Fresh, < 0.5.2)", "severity": "High", - "url_ui": "http://localhost:8080/finding/323", "url_api": "http://localhost:8080/api/v2/findings/323/"}, - {"id": 324, "title": "2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 - < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 - < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": "High", "url_ui": "http://localhost:8080/finding/324", - "url_api": "http://localhost:8080/api/v2/findings/324/"}], "reactivated": [], - "mitigated": [], "untouched": []}}' + 126, "url_ui": "http://localhost:8080/test/126", "url_api": "http://localhost:8080/api/v2/tests/126/"}, + "finding_count": 5, "findings": {"new": [{"id": 366, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/366", + "url_api": "http://localhost:8080/api/v2/findings/366/"}, {"id": 367, "title": + "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 + || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "High", "url_ui": "http://localhost:8080/finding/367", "url_api": + "http://localhost:8080/api/v2/findings/367/"}, {"id": 365, "title": "Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", + "url_ui": "http://localhost:8080/finding/365", "url_api": "http://localhost:8080/api/v2/findings/365/"}, + {"id": 368, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/368", "url_api": + "http://localhost:8080/api/v2/findings/368/"}, {"id": 369, "title": "2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= + 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || + >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/369", "url_api": + "http://localhost:8080/api/v2/findings/369/"}], "reactivated": [], "mitigated": + [], "untouched": []}}' headers: Accept: - application/json @@ -1677,11 +1690,11 @@ interactions: Connection: - keep-alive Content-Length: - - '2372' + - '2378' Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -1693,84 +1706,84 @@ interactions: string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n - \ ],\n \"Content-Length\": [\n \"2372\"\n ],\n \"Content-Type\": + \ ],\n \"Content-Length\": [\n \"2378\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:38546\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:54314\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", - \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/117\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/117/\\\", \\\"product_type\\\": + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/126\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/126/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 117, \\\"url_ui\\\": \\\"http://localhost:8080/test/117\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/117/\\\"}, \\\"finding_count\\\": - 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 320, \\\"title\\\": \\\"Regular + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 126, \\\"url_ui\\\": \\\"http://localhost:8080/test/126\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/126/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 366, \\\"title\\\": \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/320\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/320/\\\"}, {\\\"id\\\": 321, \\\"title\\\": - \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", - \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/321\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/321/\\\"}, {\\\"id\\\": - 322, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/322\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/322/\\\"}, {\\\"id\\\": 323, \\\"title\\\": - \\\"Regular Expression Denial of Service - (Fresh, < 0.5.2)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/323\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/323/\\\"}, {\\\"id\\\": 324, \\\"title\\\": - \\\"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/366\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/366/\\\"}, {\\\"id\\\": 367, \\\"title\\\": + \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/324\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/324/\\\"}], - \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n - \ \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event - scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": - \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \\\"http://localhost:8080/finding/367\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/367/\\\"}, + {\\\"id\\\": 365, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/365\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/365/\\\"}, + {\\\"id\\\": 368, \\\"title\\\": \\\"Regular Expression Denial of Service + - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/368\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/368/\\\"}, + {\\\"id\\\": 369, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < + 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/finding/369\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/369/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 320,\n \"severity\": \"High\",\n \"title\": + \ \"id\": 366,\n \"severity\": \"High\",\n \"title\": + \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/366/\",\n \"url_ui\": \"http://localhost:8080/finding/366\"\n + \ },\n {\n \"id\": 367,\n \"severity\": \"High\",\n + \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < + 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 + < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/367/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/367\"\n },\n + \ {\n \"id\": 365,\n \"severity\": \"Medium\",\n \"title\": \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/320/\",\n \"url_ui\": \"http://localhost:8080/finding/320\"\n - \ },\n {\n \"id\": 321,\n \"severity\": \"High\",\n - \ \"title\": \"2222Regular Expression Denial of Service - (Negotiator, - <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/321/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/321\"\n },\n - \ {\n \"id\": 322,\n \"severity\": \"High\",\n \"title\": - \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < - 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 - < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= - 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/322/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/322\"\n },\n - \ {\n \"id\": 323,\n \"severity\": \"High\",\n \"title\": - \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/323/\",\n \"url_ui\": \"http://localhost:8080/finding/323\"\n - \ },\n {\n \"id\": 324,\n \"severity\": \"High\",\n - \ \"title\": \"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 - < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= - 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 - || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/324/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/324\"\n }\n ],\n + \"http://localhost:8080/api/v2/findings/365/\",\n \"url_ui\": \"http://localhost:8080/finding/365\"\n + \ },\n {\n \"id\": 368,\n \"severity\": \"Medium\",\n + \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/368/\",\n \"url_ui\": + \"http://localhost:8080/finding/368\"\n },\n {\n \"id\": + 369,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 + || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/369/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/369\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 117,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/117/\",\n - \ \"url_ui\": \"http://localhost:8080/test/117\"\n },\n \"title\": + 126,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/126/\",\n + \ \"url_ui\": \"http://localhost:8080/test/126\"\n },\n \"title\": \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: - NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/117/\",\n - \ \"url_ui\": \"http://localhost:8080/test/117\",\n \"user\": null\n + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/126/\",\n + \ \"url_ui\": \"http://localhost:8080/test/126\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1780,7 +1793,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:06 GMT + - Sat, 24 May 2025 10:35:00 GMT Transfer-Encoding: - chunked status: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira.yaml index 46d13d92724..9c351b6fcca 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:06.433+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:02.980+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 8fcad182-3c98-4e96-af5b-a1160a3b1824 + - 8877bf2e-58c4-480b-8888-88b8294a053b Atl-Traceid: - - 8fcad1823c984e96af5ba1160a3b1824 + - 8877bf2e58c4480b888888b8294a053b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:06 GMT + - Sat, 24 May 2025 10:35:02 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=185,atl-edge;dur=153,atl-edge-internal;dur=15,atl-edge-upstream;dur=138,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="y6wfF715yosHyXx5_X8ShGAIZPY1L0HPpLRlnpaSp60cYt4ZQoT-WA==",cdn-downstream-fbl;dur=188 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=120,atl-edge;dur=112,atl-edge-internal;dur=13,atl-edge-upstream;dur=99,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="C5gwvUU0VD_FR4pJn6cIMRdjFfQt6HeSCzeDkqX_KzGE8mLGkkZIPw==",cdn-downstream-fbl;dur=125 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5538280951642fc71308aa997730220e.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - y6wfF715yosHyXx5_X8ShGAIZPY1L0HPpLRlnpaSp60cYt4ZQoT-WA== + - C5gwvUU0VD_FR4pJn6cIMRdjFfQt6HeSCzeDkqX_KzGE8mLGkkZIPw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 1d32e42f916907465fdc04628db8b13e + - 50a484cb51282f44e13bfd9983376e84 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 3232475e-e4b1-4f8a-bc39-b04de968ea5b + - a9a47202-a2e6-4bbe-a17e-8386b8316ef4 Atl-Traceid: - - 3232475ee4b14f8abc39b04de968ea5b + - a9a47202a2e64bbea17e8386b8316ef4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:06 GMT + - Sat, 24 May 2025 10:35:03 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="MwHPffzY7HFb3Z2gnD6O_QYywmyxNfU_VhDJFGZhF_k41_8AgQuP5g==",cdn-downstream-fbl;dur=378,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=55,cdn-upstream-fbl;dur=375,atl-edge;dur=301,atl-edge-internal;dur=21,atl-edge-upstream;dur=280,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=244,atl-edge;dur=236,atl-edge-internal;dur=16,atl-edge-upstream;dur=220,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="zRs3dd8LVoJWIdas7Hr58FuEQGBq9Ack5M3MpOyyNuHBoEdcpcAC1w==",cdn-downstream-fbl;dur=248 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3cab2977109e9e185607e6a3005951e0.cloudfront.net (CloudFront) + - 1.1 b0062bb33b961b53be87d688f2bdd9f8.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - MwHPffzY7HFb3Z2gnD6O_QYywmyxNfU_VhDJFGZhF_k41_8AgQuP5g== + - zRs3dd8LVoJWIdas7Hr58FuEQGBq9Ack5M3MpOyyNuHBoEdcpcAC1w== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - ebe9ad0e148759b380adecef5152478a + - ee68062d54d0c2ecc162978efcf36a88 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -155,11 +155,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/325]\n\n*Defect - Dojo link:* http://localhost:8080/finding/325 (325)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/370]\n\n*Defect + Dojo link:* http://localhost:8080/finding/370 (370)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/118]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/127]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -177,7 +177,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -186,12 +186,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18267","key":"NTEST-1886","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18267"}' + string: '{"id":"19697","key":"NTEST-3025","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19697"}' headers: Atl-Request-Id: - - 8a147f21-0a8e-45c4-ba1b-9cc5241d34b2 + - f3e0a026-43c7-4940-8463-fd14c92a9653 Atl-Traceid: - - 8a147f210a8e45c4ba1b9cc5241d34b2 + - f3e0a02643c749408463fd14c92a9653 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -199,7 +199,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:08 GMT + - Sat, 24 May 2025 10:35:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -209,7 +209,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="EA-cM8dhjPMJAZyO16sdn3oUkqet06bzMuEXR_o4ht4HIdHumtx95A==",cdn-downstream-fbl;dur=866,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=66,cdn-upstream-fbl;dur=862,atl-edge;dur=773,atl-edge-internal;dur=15,atl-edge-upstream;dur=759,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=618,atl-edge;dur=610,atl-edge-internal;dur=17,atl-edge-upstream;dur=594,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="OR9i9X39kUlhbq06x5gPOE2PfDDtNWUQIqNO0II3G7lwbv3xlJCaHw==",cdn-downstream-fbl;dur=622 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -219,15 +219,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 475bc4efb9c2dcfa6769dde201c9bbbc.cloudfront.net (CloudFront) + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - EA-cM8dhjPMJAZyO16sdn3oUkqet06bzMuEXR_o4ht4HIdHumtx95A== + - OR9i9X39kUlhbq06x5gPOE2PfDDtNWUQIqNO0II3G7lwbv3xlJCaHw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 48eb5067a25b4ec156cbf429d9aab9f6 + - 1eeb130ef72088335e5f14921e0c34fd X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -253,19 +253,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1886 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3025 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18267","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18267","key":"NTEST-1886","fields":{"statuscategorychangedate":"2025-04-30T18:28:07.923+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19697","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19697","key":"NTEST-3025","fields":{"statuscategorychangedate":"2025-05-24T12:35:03.947+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1886/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:07.550+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t9j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:07.680+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3025/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:03.657+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010nb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:03.730+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/325]\n\n*Defect - Dojo link:* http://localhost:8080/finding/325 (325)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/370]\n\n*Defect + Dojo link:* http://localhost:8080/finding/370 (370)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/118]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/127]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -273,14 +273,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1886/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18267/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3025/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19697/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 5485c21f-1394-482a-b04b-b143c4c398f0 + - 21bf7189-aaa1-45ac-a7ee-7a26bcb621e0 Atl-Traceid: - - 5485c21f1394482ab04bb143c4c398f0 + - 21bf7189aaa145aca7ee7a26bcb621e0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -290,7 +290,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:08 GMT + - Sat, 24 May 2025 10:35:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -300,7 +300,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=314,atl-edge;dur=280,atl-edge-internal;dur=21,atl-edge-upstream;dur=260,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="s2v48iNFZAUnGJ3-ZJpoRIz6YZtoypmGbP7RIo3PszN5CktGwxkJCQ==",cdn-downstream-fbl;dur=317 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=246,atl-edge;dur=239,atl-edge-internal;dur=17,atl-edge-upstream;dur=222,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Xf64JRG39gl9ZldA1DHaA32z126Tf2nKOr8yxRLUZDUk3cXKuU7Hkw==",cdn-downstream-fbl;dur=250 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -310,15 +310,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9dbecd95f02024b36225d6b521598db6.cloudfront.net (CloudFront) + - 1.1 9835af751c15612a813bbc131d2ce1e6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - s2v48iNFZAUnGJ3-ZJpoRIz6YZtoypmGbP7RIo3PszN5CktGwxkJCQ== + - Xf64JRG39gl9ZldA1DHaA32z126Tf2nKOr8yxRLUZDUk3cXKuU7Hkw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 39f20f23616f04c1e01f54838d6a6282 + - e8b1e080c6d2ab085f953661a9d65afb X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -344,19 +344,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18267 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19697 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18267","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18267","key":"NTEST-1886","fields":{"statuscategorychangedate":"2025-04-30T18:28:07.923+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19697","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19697","key":"NTEST-3025","fields":{"statuscategorychangedate":"2025-05-24T12:35:03.947+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1886/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:07.550+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t9j:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:07.680+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3025/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:03.657+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010nb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:03.730+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/325]\n\n*Defect - Dojo link:* http://localhost:8080/finding/325 (325)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/370]\n\n*Defect + Dojo link:* http://localhost:8080/finding/370 (370)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/118]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/127]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -364,14 +364,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1886/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18267/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3025/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19697/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 325fe0cd-6a03-47f2-a174-ea73e0c4f87b + - 4d31144b-70aa-4ad0-be9c-0c324f29fc48 Atl-Traceid: - - 325fe0cd6a0347f2a174ea73e0c4f87b + - 4d31144b70aa4ad0be9c0c324f29fc48 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -381,7 +381,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:08 GMT + - Sat, 24 May 2025 10:35:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -391,7 +391,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=303,atl-edge;dur=270,atl-edge-internal;dur=14,atl-edge-upstream;dur=255,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="FS3azC_dgbybZHCOhBp4-SOfWp-z8Dyh9DY-9ktx7_hA2hMzk3QoNw==",cdn-downstream-fbl;dur=307 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=240,atl-edge;dur=233,atl-edge-internal;dur=18,atl-edge-upstream;dur=214,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="d8tfcY-KinA52aYM_Axs29EtufzoI8EjNcV3Lt8UKvJD8VHtvUvwQg==",cdn-downstream-fbl;dur=244 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -401,15 +401,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a183b6545fea485604515ba7931cb9b8.cloudfront.net (CloudFront) + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - FS3azC_dgbybZHCOhBp4-SOfWp-z8Dyh9DY-9ktx7_hA2hMzk3QoNw== + - d8tfcY-KinA52aYM_Axs29EtufzoI8EjNcV3Lt8UKvJD8VHtvUvwQg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 2b2a5d68010c2d97dff280eeddd67890 + - 299bd6af0621b79d38b7022490bd3391 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -438,12 +438,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:09.201+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:04.879+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 4b4e9c01-7ca1-40fd-8302-09df31b71b54 + - 6324c8b5-8496-41a1-880b-01feae9f85ae Atl-Traceid: - - 4b4e9c017ca140fd830209df31b71b54 + - 6324c8b5849641a1880b01feae9f85ae Cache-Control: - no-cache, no-store, no-transform Connection: @@ -453,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:09 GMT + - Sat, 24 May 2025 10:35:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -463,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=196,atl-edge;dur=163,atl-edge-internal;dur=17,atl-edge-upstream;dur=146,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="1OWqprnBD_3STlf26XEUPcIFNwKGVRTgOYb-2qFrMxxJEGs1TPCGgg==",cdn-downstream-fbl;dur=200 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=115,atl-edge;dur=107,atl-edge-internal;dur=15,atl-edge-upstream;dur=92,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="zp9Exra6heE5jz_WxHp28YHfLbrESh_Lb7brBSpuzMMZ2zuPT5lgSg==",cdn-downstream-fbl;dur=118 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -473,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f9c7cdbfd821ee3522abb640c0e0a228.cloudfront.net (CloudFront) + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 1OWqprnBD_3STlf26XEUPcIFNwKGVRTgOYb-2qFrMxxJEGs1TPCGgg== + - zp9Exra6heE5jz_WxHp28YHfLbrESh_Lb7brBSpuzMMZ2zuPT5lgSg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 69ba7dabb321374274d3ef8e707d5892 + - cd6a136afd2d533b3331156407a9c93d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -519,9 +519,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 5ffbcad0-7663-4faf-951f-802f4c862f91 + - 08ad69ea-7e2d-4dab-a812-57a4d88571f0 Atl-Traceid: - - 5ffbcad076634faf951f802f4c862f91 + - 08ad69ea7e2d4daba81257a4d88571f0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -531,7 +531,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:09 GMT + - Sat, 24 May 2025 10:35:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -541,7 +541,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=292,atl-edge;dur=258,atl-edge-internal;dur=14,atl-edge-upstream;dur=244,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="frxVE3k7HicKqrGQuchqAdENz94JQgyHwNNZHlsoocfSoWWyG9vtxg==",cdn-downstream-fbl;dur=296 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Ck1rjD4DoeebBKYM233p4rcn3nVMnTF0XTE00_ehPIy8PCv7yfOKfQ==",cdn-downstream-fbl;dur=310,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=308,atl-edge;dur=299,atl-edge-internal;dur=22,atl-edge-upstream;dur=278,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -551,18 +551,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 771067dca4682f83a6c9963c412d66cc.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - frxVE3k7HicKqrGQuchqAdENz94JQgyHwNNZHlsoocfSoWWyG9vtxg== + - Ck1rjD4DoeebBKYM233p4rcn3nVMnTF0XTE00_ehPIy8PCv7yfOKfQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 4db5db55143d58877d741872662ba89e + - 7bfc5df425499afc22300985268fb78a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -575,11 +575,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/326]\n\n*Defect - Dojo link:* http://localhost:8080/finding/326 (326)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/371]\n\n*Defect + Dojo link:* http://localhost:8080/finding/371 (371)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/118]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/127]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -597,7 +597,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -606,12 +606,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18269","key":"NTEST-1887","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18269"}' + string: '{"id":"19698","key":"NTEST-3026","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19698"}' headers: Atl-Request-Id: - - 8f968c05-e98d-4f0a-aa66-57bf8d16e3c1 + - 0cd55979-7527-48d6-bdd2-8aaa7a7ad392 Atl-Traceid: - - 8f968c05e98d4f0aaa6657bf8d16e3c1 + - 0cd55979752748d6bdd28aaa7a7ad392 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -619,7 +619,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:10 GMT + - Sat, 24 May 2025 10:35:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -629,7 +629,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="253vvapwogZcdhC9n7t1UzjJ_NPbt2CpW1PKSFpyv9mmKG7yEdJ49Q==",cdn-downstream-fbl;dur=722,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=57,cdn-upstream-fbl;dur=719,atl-edge;dur=642,atl-edge-internal;dur=17,atl-edge-upstream;dur=625,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=701,atl-edge;dur=694,atl-edge-internal;dur=17,atl-edge-upstream;dur=677,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="DZcuuQ08sHM7rfp6wb7Y4727ByEpAosgLja7WUkqJTJdJQyYz89T7g==",cdn-downstream-fbl;dur=705 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -639,15 +639,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2bdfafaaaec33c116889588ecd9de280.cloudfront.net (CloudFront) + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 253vvapwogZcdhC9n7t1UzjJ_NPbt2CpW1PKSFpyv9mmKG7yEdJ49Q== + - DZcuuQ08sHM7rfp6wb7Y4727ByEpAosgLja7WUkqJTJdJQyYz89T7g== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - f8511d8ec5e20bc45500757a0308de16 + - 4c6ce69dfbfa4658df61612827fd3fd5 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -673,19 +673,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1887 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3026 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18269","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18269","key":"NTEST-1887","fields":{"statuscategorychangedate":"2025-04-30T18:28:10.386+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19698","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19698","key":"NTEST-3026","fields":{"statuscategorychangedate":"2025-05-24T12:35:06.003+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1887/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:10.077+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t9r:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:10.201+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3026/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:05.681+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010nj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:05.764+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/326]\n\n*Defect - Dojo link:* http://localhost:8080/finding/326 (326)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/371]\n\n*Defect + Dojo link:* http://localhost:8080/finding/371 (371)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/118]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/127]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -693,14 +693,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1887/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18269/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3026/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19698/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 86ca19bd-ded8-45b7-9cfe-d8cbc42d0387 + - 07904614-a524-4f83-8c9a-dc508845a30c Atl-Traceid: - - 86ca19bdded845b79cfed8cbc42d0387 + - 07904614a5244f838c9adc508845a30c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -710,7 +710,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:10 GMT + - Sat, 24 May 2025 10:35:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -720,7 +720,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=298,atl-edge;dur=265,atl-edge-internal;dur=14,atl-edge-upstream;dur=252,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="QfDA7P2CRZlmJgHFypt3suMoFryvpz5CBFQPqHzgTrxXI8-3vDpoYg==",cdn-downstream-fbl;dur=302 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=266,atl-edge;dur=258,atl-edge-internal;dur=18,atl-edge-upstream;dur=241,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="rVSV0iX3M2lpI1U1iI67wMZj-Mc41KJp96lWoRCrglE0tlgrVVkcLQ==",cdn-downstream-fbl;dur=270 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -730,15 +730,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 848ee9f48eafd6caa6bf5371a2f79f28.cloudfront.net (CloudFront) + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - QfDA7P2CRZlmJgHFypt3suMoFryvpz5CBFQPqHzgTrxXI8-3vDpoYg== + - rVSV0iX3M2lpI1U1iI67wMZj-Mc41KJp96lWoRCrglE0tlgrVVkcLQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 7666ef0ee9699e068e6e3c421f0b558b + - 4dc4f6428ade1663c4e69c8721c003db X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -764,19 +764,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18269 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19698 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18269","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18269","key":"NTEST-1887","fields":{"statuscategorychangedate":"2025-04-30T18:28:10.386+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19698","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19698","key":"NTEST-3026","fields":{"statuscategorychangedate":"2025-05-24T12:35:06.003+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1887/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:10.077+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t9r:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:10.201+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3026/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:05.681+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010nj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:05.764+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/326]\n\n*Defect - Dojo link:* http://localhost:8080/finding/326 (326)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/371]\n\n*Defect + Dojo link:* http://localhost:8080/finding/371 (371)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/118]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/127]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -784,14 +784,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1887/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18269/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3026/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19698/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 0ac24f51-ace0-4151-81e0-9e8daf672af2 + - f9497045-ceec-49ca-aa06-f238a74f963c Atl-Traceid: - - 0ac24f51ace0415181e09e8daf672af2 + - f9497045ceec49caaa06f238a74f963c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -801,7 +801,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:11 GMT + - Sat, 24 May 2025 10:35:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -811,7 +811,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=32,cdn-upstream-fbl;dur=380,atl-edge;dur=251,atl-edge-internal;dur=16,atl-edge-upstream;dur=235,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="WAv4Yf2i4HWzx_RO_picuA6rN-RcN0Custe4NvwoW8os_obv7lKgZw==",cdn-downstream-fbl;dur=384 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=255,atl-edge;dur=247,atl-edge-internal;dur=16,atl-edge-upstream;dur=231,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="HSq7-UObMvC8wCGZ4Qt_RtTU82qpDR-wnxT-ahjs2T_o9522IPKV8g==",cdn-downstream-fbl;dur=259 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -821,15 +821,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a65725dd05dc27eea7ae75a2e122228e.cloudfront.net (CloudFront) + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - WAv4Yf2i4HWzx_RO_picuA6rN-RcN0Custe4NvwoW8os_obv7lKgZw== + - HSq7-UObMvC8wCGZ4Qt_RtTU82qpDR-wnxT-ahjs2T_o9522IPKV8g== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c7daf17bf1e3a63d4ce6daf7ed722798 + - c6d331a5d0b316b4b383af47fbabb77b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -842,14 +842,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/118", "url_api": "http://localhost:8080/api/v2/tests/118/", + "http://localhost:8080/test/127", "url_api": "http://localhost:8080/api/v2/tests/127/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 118, "url_ui": "http://localhost:8080/test/118", "url_api": "http://localhost:8080/api/v2/tests/118/"}}' + 127, "url_ui": "http://localhost:8080/test/127", "url_api": "http://localhost:8080/api/v2/tests/127/"}}' headers: Accept: - application/json @@ -864,7 +864,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -878,13 +878,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:56102\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:54330\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/118\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/118/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/127\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/127/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -892,8 +892,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 118, \\\"url_ui\\\": \\\"http://localhost:8080/test/118\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/118/\\\"}}\",\n \"files\": + null, \\\"id\\\": 127, \\\"url_ui\\\": \\\"http://localhost:8080/test/127\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/127/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -903,11 +903,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 118,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/118/\",\n - \ \"url_ui\": \"http://localhost:8080/test/118\"\n },\n \"title\": + 127,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/127/\",\n + \ \"url_ui\": \"http://localhost:8080/test/127\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/118/\",\n \"url_ui\": - \"http://localhost:8080/test/118\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/127/\",\n \"url_ui\": + \"http://localhost:8080/test/127\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -916,7 +916,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:11 GMT + - Sat, 24 May 2025 10:35:04 GMT Transfer-Encoding: - chunked status: @@ -925,19 +925,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/118", "url_api": "http://localhost:8080/api/v2/tests/118/", + "url_ui": "http://localhost:8080/test/127", "url_api": "http://localhost:8080/api/v2/tests/127/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 118, "url_ui": "http://localhost:8080/test/118", "url_api": "http://localhost:8080/api/v2/tests/118/"}, - "finding_count": 2, "findings": {"new": [{"id": 325, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/325", - "url_api": "http://localhost:8080/api/v2/findings/325/"}, {"id": 326, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/326", - "url_api": "http://localhost:8080/api/v2/findings/326/"}], "reactivated": [], + 127, "url_ui": "http://localhost:8080/test/127", "url_api": "http://localhost:8080/api/v2/tests/127/"}, + "finding_count": 2, "findings": {"new": [{"id": 370, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/370", + "url_api": "http://localhost:8080/api/v2/findings/370/"}, {"id": 371, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/371", + "url_api": "http://localhost:8080/api/v2/findings/371/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -953,7 +953,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -967,51 +967,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:56108\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:54342\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/118\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/118/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/127\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/127/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 118, \\\"url_ui\\\": \\\"http://localhost:8080/test/118\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/118/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 325, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 127, \\\"url_ui\\\": \\\"http://localhost:8080/test/127\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/127/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 370, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/325\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/325/\\\"}, - {\\\"id\\\": 326, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/326\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/326/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/370\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/370/\\\"}, + {\\\"id\\\": 371, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/371\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/371/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 325,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/325/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/325\"\n },\n - \ {\n \"id\": 326,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/326/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/326\"\n }\n ],\n + \ \"id\": 370,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/370/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/370\"\n },\n + \ {\n \"id\": 371,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/371/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/371\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 118,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/118/\",\n - \ \"url_ui\": \"http://localhost:8080/test/118\"\n },\n \"title\": + 127,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/127/\",\n + \ \"url_ui\": \"http://localhost:8080/test/127\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/118/\",\n - \ \"url_ui\": \"http://localhost:8080/test/118\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/127/\",\n + \ \"url_ui\": \"http://localhost:8080/test/127\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1021,7 +1021,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:11 GMT + - Sat, 24 May 2025 10:35:04 GMT Transfer-Encoding: - chunked status: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_add_comment.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_add_comment.yaml index fefe52a8ec6..bc9fc858e45 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_add_comment.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_add_comment.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:11.939+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:07.086+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - fd74a4ec-3c95-46b9-a67d-bf0192b3de47 + - c6869d35-baab-4ffe-85a0-6ce6157bd457 Atl-Traceid: - - fd74a4ec3c9546b9a67dbf0192b3de47 + - c6869d35baab4ffe85a06ce6157bd457 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:11 GMT + - Sat, 24 May 2025 10:35:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="m-1XkFaxiSPtRM1xt_kIQlz-8QaiHdnjNTkieU68Pdl6qAxHKh6dQQ==",cdn-downstream-fbl;dur=273,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=271,atl-edge;dur=182,atl-edge-internal;dur=14,atl-edge-upstream;dur=168,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=118,atl-edge;dur=110,atl-edge-internal;dur=15,atl-edge-upstream;dur=96,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="baAdxVnbeRyyo8UXj2TQm4qDzbxeVHpa9clbTGWRE9mgyICOL5KekA==",cdn-downstream-fbl;dur=122 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c1388c9ad241eb02cd4ddbe69b1a2d34.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - m-1XkFaxiSPtRM1xt_kIQlz-8QaiHdnjNTkieU68Pdl6qAxHKh6dQQ== + - baAdxVnbeRyyo8UXj2TQm4qDzbxeVHpa9clbTGWRE9mgyICOL5KekA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 47eecad61b482709952dd4dbefb2a359 + - 1a0389eb646641132cacad88d68f1f90 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 3b963d9c-d561-4fd1-8d06-102238bcd833 + - ba539b13-74e0-4a10-8a86-ae02d0c8b034 Atl-Traceid: - - 3b963d9cd5614fd18d06102238bcd833 + - ba539b1374e04a108a86ae02d0c8b034 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:12 GMT + - Sat, 24 May 2025 10:35:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=302,atl-edge;dur=270,atl-edge-internal;dur=15,atl-edge-upstream;dur=255,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="VYiVm_DjdvkHPUexysv2oIy_9_BRsKcwv37x6BvUfxVxXW-3zsyxaA==",cdn-downstream-fbl;dur=306 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=324,atl-edge;dur=317,atl-edge-internal;dur=18,atl-edge-upstream;dur=299,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="WihqAI4YtDwAPwCXAg_fr81VF1xUcpoou6jHh70KgnAZjIthJh65ng==",cdn-downstream-fbl;dur=328 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5538280951642fc71308aa997730220e.cloudfront.net (CloudFront) + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - VYiVm_DjdvkHPUexysv2oIy_9_BRsKcwv37x6BvUfxVxXW-3zsyxaA== + - WihqAI4YtDwAPwCXAg_fr81VF1xUcpoou6jHh70KgnAZjIthJh65ng== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 08e496dd3cef9c9e2eab1a78349c6693 + - 4f5f1c3175160862e764b363ffea0e53 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -155,11 +155,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/327]\n\n*Defect - Dojo link:* http://localhost:8080/finding/327 (327)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/372]\n\n*Defect + Dojo link:* http://localhost:8080/finding/372 (372)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/119]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -177,7 +177,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -186,12 +186,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18271","key":"NTEST-1888","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18271"}' + string: '{"id":"19699","key":"NTEST-3027","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19699"}' headers: Atl-Request-Id: - - c1230d2c-4eaf-4c3b-ad27-b4e3d1657b2f + - 8fe88eec-2d04-402b-875f-964b5ce16458 Atl-Traceid: - - c1230d2c4eaf4c3bad27b4e3d1657b2f + - 8fe88eec2d04402b875f964b5ce16458 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -199,7 +199,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:13 GMT + - Sat, 24 May 2025 10:35:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -209,7 +209,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=718,atl-edge;dur=686,atl-edge-internal;dur=15,atl-edge-upstream;dur=672,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="TW8p0zQDvXn8NvaQioENpm53_lg6mo2VSukoQ3TrxNhWtcfns_yspQ==",cdn-downstream-fbl;dur=722 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=707,atl-edge;dur=699,atl-edge-internal;dur=16,atl-edge-upstream;dur=683,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="N93cLhWqx0SBJSDjshxtgBYNF1HwCsUaEz3Zvjc7R0dluxUODYu9pw==",cdn-downstream-fbl;dur=711 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -219,15 +219,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e665d09233240df4d3172e59222e0ba2.cloudfront.net (CloudFront) + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - TW8p0zQDvXn8NvaQioENpm53_lg6mo2VSukoQ3TrxNhWtcfns_yspQ== + - N93cLhWqx0SBJSDjshxtgBYNF1HwCsUaEz3Zvjc7R0dluxUODYu9pw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 305cc9b7fa8cf60de46acea6fa290200 + - ede34e7424e181a091ec98256d93ea3b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -253,19 +253,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1888 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3027 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18271","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18271","key":"NTEST-1888","fields":{"statuscategorychangedate":"2025-04-30T18:28:13.122+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19699","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19699","key":"NTEST-3027","fields":{"statuscategorychangedate":"2025-05-24T12:35:08.168+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1888/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:12.837+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t9z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:12.921+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3027/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:07.878+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010nr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:07.949+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/327]\n\n*Defect - Dojo link:* http://localhost:8080/finding/327 (327)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/372]\n\n*Defect + Dojo link:* http://localhost:8080/finding/372 (372)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/119]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -273,14 +273,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1888/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18271/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3027/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19699/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - ef125604-641d-43ba-879d-0f04dfdad1a2 + - 0ae7b28c-edef-46f6-b463-ecfe9ced630a Atl-Traceid: - - ef125604641d43ba879d0f04dfdad1a2 + - 0ae7b28cedef46f6b463ecfe9ced630a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -290,7 +290,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:13 GMT + - Sat, 24 May 2025 10:35:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -300,7 +300,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=365,atl-edge;dur=332,atl-edge-internal;dur=17,atl-edge-upstream;dur=315,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="oUGrPrRLXnc0JqURLE65wVrpHHkT54ygyArbGWpqINVqnk_difFzcg==",cdn-downstream-fbl;dur=368 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=272,atl-edge;dur=264,atl-edge-internal;dur=18,atl-edge-upstream;dur=247,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="fBd8zwLdIAhejn6HI7KorQqXmPstW37-gCbHQBRe7Eows99s_vvhWg==",cdn-downstream-fbl;dur=276 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -310,15 +310,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 223f95455b0bb3057583bfe63e0d5c7a.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - oUGrPrRLXnc0JqURLE65wVrpHHkT54ygyArbGWpqINVqnk_difFzcg== + - fBd8zwLdIAhejn6HI7KorQqXmPstW37-gCbHQBRe7Eows99s_vvhWg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - e8201df14f904c57dff2a7b22040de38 + - de33a10070e7d69f3960d320093a7305 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -344,19 +344,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18271 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19699 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18271","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18271","key":"NTEST-1888","fields":{"statuscategorychangedate":"2025-04-30T18:28:13.122+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19699","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19699","key":"NTEST-3027","fields":{"statuscategorychangedate":"2025-05-24T12:35:08.168+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1888/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:12.837+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t9z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:12.921+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3027/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:07.878+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010nr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:07.949+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/327]\n\n*Defect - Dojo link:* http://localhost:8080/finding/327 (327)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/372]\n\n*Defect + Dojo link:* http://localhost:8080/finding/372 (372)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/119]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -364,14 +364,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1888/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18271/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3027/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19699/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - ccebc96e-1cd3-4a80-ad49-9c0d7d230e07 + - 31d234be-abd5-469a-b3db-69d1f5385134 Atl-Traceid: - - ccebc96e1cd34a80ad499c0d7d230e07 + - 31d234beabd5469ab3db69d1f5385134 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -381,7 +381,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:14 GMT + - Sat, 24 May 2025 10:35:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -391,7 +391,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="JUuwqQxsNRGp0c-JBO5PsbiLWbSIA-JjIZY60TkObcmDBg3JU_8IyA==",cdn-downstream-fbl;dur=351,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=57,cdn-upstream-fbl;dur=348,atl-edge;dur=271,atl-edge-internal;dur=17,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=227,atl-edge;dur=219,atl-edge-internal;dur=16,atl-edge-upstream;dur=204,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="MA27Rdk126Mg3FQQHijMJJIn1I8NGrYQhA1mTDzdcMXI8lw_YGGzAQ==",cdn-downstream-fbl;dur=231 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -401,15 +401,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c973663b623c0e82cd366d5ae7837bf4.cloudfront.net (CloudFront) + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - JUuwqQxsNRGp0c-JBO5PsbiLWbSIA-JjIZY60TkObcmDBg3JU_8IyA== + - MA27Rdk126Mg3FQQHijMJJIn1I8NGrYQhA1mTDzdcMXI8lw_YGGzAQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 78f4865122a43a76b3a5c98132a9cb8e + - c8cc2ee19d4273762b95e989fddc4aec X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -438,12 +438,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:14.698+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:09.178+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 63736a29-95ef-40aa-9499-2e9acf8ceb13 + - bb6ae4a6-5e70-492b-a271-0dc265418d8c Atl-Traceid: - - 63736a2995ef40aa94992e9acf8ceb13 + - bb6ae4a65e70492ba2710dc265418d8c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -453,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:14 GMT + - Sat, 24 May 2025 10:35:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -463,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="JBr-3WR2VdgmibHyrnWkbN4Axx9xxnk3uSU6SpfmB44jenDMitdVhg==",cdn-downstream-fbl;dur=235,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=53,cdn-upstream-fbl;dur=233,atl-edge;dur=160,atl-edge-internal;dur=17,atl-edge-upstream;dur=142,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=109,atl-edge;dur=102,atl-edge-internal;dur=14,atl-edge-upstream;dur=88,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="iu0BUSgo-kPCp9ojowWFxFXVH-W-wMnh8xwhW2u39cpccuBGuiH2eQ==",cdn-downstream-fbl;dur=113 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -473,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 087e16218fcf1ccb7472a2c9f6a4cbe2.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - JBr-3WR2VdgmibHyrnWkbN4Axx9xxnk3uSU6SpfmB44jenDMitdVhg== + - iu0BUSgo-kPCp9ojowWFxFXVH-W-wMnh8xwhW2u39cpccuBGuiH2eQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 63334d691c8d732dbda3cb8560c8ffaa + - 4031c43bf3a748718532b731e33a16fe X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -519,9 +519,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 69ff9857-62e6-4d44-a76f-7d66c82b0209 + - 2507743f-f22a-4fb4-b6ce-06e1a0398f27 Atl-Traceid: - - 69ff985762e64d44a76f7d66c82b0209 + - 2507743ff22a4fb4b6ce06e1a0398f27 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -531,7 +531,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:15 GMT + - Sat, 24 May 2025 10:35:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -541,7 +541,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=289,atl-edge;dur=257,atl-edge-internal;dur=17,atl-edge-upstream;dur=239,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="n-73BtUbmcnyqSx5lRFDy_KMZiKhPHnjt8rkmJ9tK3uNr4dymRTaXA==",cdn-downstream-fbl;dur=293 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=324,atl-edge;dur=317,atl-edge-internal;dur=19,atl-edge-upstream;dur=298,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="L2twR12cUyqa6h1rZKyyAoVyteEXAR8Hzwb6DhsZwgIe9OHQBnXvZw==",cdn-downstream-fbl;dur=329 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -551,18 +551,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1b7fa09f50c08a88d619f90eef5ee94a.cloudfront.net (CloudFront) + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - n-73BtUbmcnyqSx5lRFDy_KMZiKhPHnjt8rkmJ9tK3uNr4dymRTaXA== + - L2twR12cUyqa6h1rZKyyAoVyteEXAR8Hzwb6DhsZwgIe9OHQBnXvZw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c7b0866efd0d9936f6c50f3d8dcf8d31 + - 36f6d6b8b4c367c9123727b6c9f43db6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -575,11 +575,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/328]\n\n*Defect - Dojo link:* http://localhost:8080/finding/328 (328)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/373]\n\n*Defect + Dojo link:* http://localhost:8080/finding/373 (373)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/119]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -597,7 +597,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -606,12 +606,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18273","key":"NTEST-1889","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18273"}' + string: '{"id":"19700","key":"NTEST-3028","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19700"}' headers: Atl-Request-Id: - - 6d62c262-e983-48cb-8229-c7be9ddc611e + - a97f50b3-fc2d-42c2-9287-a7a7714a3460 Atl-Traceid: - - 6d62c262e98348cb8229c7be9ddc611e + - a97f50b3fc2d42c29287a7a7714a3460 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -619,7 +619,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:16 GMT + - Sat, 24 May 2025 10:35:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -629,7 +629,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=874,atl-edge;dur=842,atl-edge-internal;dur=13,atl-edge-upstream;dur=829,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="ajZw4t65f-Ab7741VeYZn4wLIZtgjbqA8oGl0vmfa17PrXlod1tvHg==",cdn-downstream-fbl;dur=879 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=743,atl-edge;dur=736,atl-edge-internal;dur=17,atl-edge-upstream;dur=719,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="1lV_WhF7hDPV-2HYehUVKCcuC7R5AffqlOijMl-JAajMRumeJusTVA==",cdn-downstream-fbl;dur=746 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -639,15 +639,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b5141080f2dac9506b5156fa7721b41c.cloudfront.net (CloudFront) + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ajZw4t65f-Ab7741VeYZn4wLIZtgjbqA8oGl0vmfa17PrXlod1tvHg== + - 1lV_WhF7hDPV-2HYehUVKCcuC7R5AffqlOijMl-JAajMRumeJusTVA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 431d29e6c5d437e48d06241bb76fcfea + - a29c5dcbad2857707268baecb7d51eac X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -673,19 +673,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1889 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3028 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18273","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18273","key":"NTEST-1889","fields":{"statuscategorychangedate":"2025-04-30T18:28:16.013+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19700","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19700","key":"NTEST-3028","fields":{"statuscategorychangedate":"2025-05-24T12:35:10.346+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1889/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:15.724+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00ta7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:15.803+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3028/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:10.004+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010nz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:10.101+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/328]\n\n*Defect - Dojo link:* http://localhost:8080/finding/328 (328)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/373]\n\n*Defect + Dojo link:* http://localhost:8080/finding/373 (373)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/119]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -693,14 +693,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1889/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18273/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3028/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19700/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - b912e4ac-2346-4b49-b7e1-a05dc515a268 + - 1e5a4f97-dfd8-43f4-8050-966215caa678 Atl-Traceid: - - b912e4ac23464b49b7e1a05dc515a268 + - 1e5a4f97dfd843f48050966215caa678 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -710,7 +710,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:16 GMT + - Sat, 24 May 2025 10:35:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -720,7 +720,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=298,atl-edge;dur=265,atl-edge-internal;dur=15,atl-edge-upstream;dur=251,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="3GJv6Of7KPtL-6GHL0G-zGbp4HvQDMLbcGJWnIpaYy2zhD57CbHvJw==",cdn-downstream-fbl;dur=303 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=314,atl-edge;dur=307,atl-edge-internal;dur=16,atl-edge-upstream;dur=291,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="1QJR6R7rFUIPAteUYuUPgruBoWd8PdYGIArcPUpWkfRltcqFVyKg9g==",cdn-downstream-fbl;dur=318 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -730,15 +730,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 995d6494814d695ff2add6899f970080.cloudfront.net (CloudFront) + - 1.1 4ab1227a56c7dfaf7a8f7750683df1be.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 3GJv6Of7KPtL-6GHL0G-zGbp4HvQDMLbcGJWnIpaYy2zhD57CbHvJw== + - 1QJR6R7rFUIPAteUYuUPgruBoWd8PdYGIArcPUpWkfRltcqFVyKg9g== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 197f51a22daf07ebfc9d0bb052c9e58c + - 85740a43e2153e755ee3254bfde5f2d4 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -764,19 +764,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18273 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19700 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18273","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18273","key":"NTEST-1889","fields":{"statuscategorychangedate":"2025-04-30T18:28:16.013+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19700","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19700","key":"NTEST-3028","fields":{"statuscategorychangedate":"2025-05-24T12:35:10.346+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1889/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:15.724+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00ta7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:15.803+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3028/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:10.004+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010nz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:10.101+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/328]\n\n*Defect - Dojo link:* http://localhost:8080/finding/328 (328)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/373]\n\n*Defect + Dojo link:* http://localhost:8080/finding/373 (373)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/119]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -784,14 +784,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1889/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18273/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3028/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19700/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - a53f8b61-d565-493f-8f99-b9b729500bab + - 19772621-a3a1-4495-879b-51bfc0ade67c Atl-Traceid: - - a53f8b61d565493f8f99b9b729500bab + - 19772621a3a14495879b51bfc0ade67c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -801,7 +801,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:16 GMT + - Sat, 24 May 2025 10:35:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -811,7 +811,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=317,atl-edge;dur=284,atl-edge-internal;dur=17,atl-edge-upstream;dur=267,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="9eZ3zGYgzWL-Tj-HcBJXSkzquJI1W59aW4IkoG4Hdiz01QRybOngEA==",cdn-downstream-fbl;dur=321 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=245,atl-edge;dur=238,atl-edge-internal;dur=15,atl-edge-upstream;dur=223,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Bmj3xfNli795iEgbeLw751cYUcndlGyUjEkSFPj84ezV894fEvbWPg==",cdn-downstream-fbl;dur=249 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -821,15 +821,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9fe7d47ea2a815113a41181f1d63f69e.cloudfront.net (CloudFront) + - 1.1 0e12b175c31e0e750266df78bf0e1068.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 9eZ3zGYgzWL-Tj-HcBJXSkzquJI1W59aW4IkoG4Hdiz01QRybOngEA== + - Bmj3xfNli795iEgbeLw751cYUcndlGyUjEkSFPj84ezV894fEvbWPg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - e19500e95868138db747a765d4faca6e + - 25a8cc7df1adf73fa4438b9d154f2f42 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -842,14 +842,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/119", "url_api": "http://localhost:8080/api/v2/tests/119/", + "http://localhost:8080/test/128", "url_api": "http://localhost:8080/api/v2/tests/128/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 119, "url_ui": "http://localhost:8080/test/119", "url_api": "http://localhost:8080/api/v2/tests/119/"}}' + 128, "url_ui": "http://localhost:8080/test/128", "url_api": "http://localhost:8080/api/v2/tests/128/"}}' headers: Accept: - application/json @@ -864,7 +864,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -878,13 +878,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:56120\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:54350\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/119\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/119/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/128\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/128/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -892,8 +892,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 119, \\\"url_ui\\\": \\\"http://localhost:8080/test/119\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/119/\\\"}}\",\n \"files\": + null, \\\"id\\\": 128, \\\"url_ui\\\": \\\"http://localhost:8080/test/128\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/128/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -903,11 +903,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 119,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/119/\",\n - \ \"url_ui\": \"http://localhost:8080/test/119\"\n },\n \"title\": + 128,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/128/\",\n + \ \"url_ui\": \"http://localhost:8080/test/128\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/119/\",\n \"url_ui\": - \"http://localhost:8080/test/119\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/128/\",\n \"url_ui\": + \"http://localhost:8080/test/128\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -916,7 +916,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:16 GMT + - Sat, 24 May 2025 10:35:08 GMT Transfer-Encoding: - chunked status: @@ -925,19 +925,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/119", "url_api": "http://localhost:8080/api/v2/tests/119/", + "url_ui": "http://localhost:8080/test/128", "url_api": "http://localhost:8080/api/v2/tests/128/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 119, "url_ui": "http://localhost:8080/test/119", "url_api": "http://localhost:8080/api/v2/tests/119/"}, - "finding_count": 2, "findings": {"new": [{"id": 327, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/327", - "url_api": "http://localhost:8080/api/v2/findings/327/"}, {"id": 328, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/328", - "url_api": "http://localhost:8080/api/v2/findings/328/"}], "reactivated": [], + 128, "url_ui": "http://localhost:8080/test/128", "url_api": "http://localhost:8080/api/v2/tests/128/"}, + "finding_count": 2, "findings": {"new": [{"id": 372, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/372", + "url_api": "http://localhost:8080/api/v2/findings/372/"}, {"id": 373, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/373", + "url_api": "http://localhost:8080/api/v2/findings/373/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -953,7 +953,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -967,51 +967,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:56132\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:54358\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/119\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/119/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/128\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/128/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 119, \\\"url_ui\\\": \\\"http://localhost:8080/test/119\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/119/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 327, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 128, \\\"url_ui\\\": \\\"http://localhost:8080/test/128\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/128/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 372, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/327\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/327/\\\"}, - {\\\"id\\\": 328, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/328\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/328/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/372\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/372/\\\"}, + {\\\"id\\\": 373, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/373\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/373/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 327,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/327/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/327\"\n },\n - \ {\n \"id\": 328,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/328/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/328\"\n }\n ],\n + \ \"id\": 372,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/372/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/372\"\n },\n + \ {\n \"id\": 373,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/373/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/373\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 119,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/119/\",\n - \ \"url_ui\": \"http://localhost:8080/test/119\"\n },\n \"title\": + 128,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/128/\",\n + \ \"url_ui\": \"http://localhost:8080/test/128\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/119/\",\n - \ \"url_ui\": \"http://localhost:8080/test/119\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/128/\",\n + \ \"url_ui\": \"http://localhost:8080/test/128\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1021,7 +1021,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:16 GMT + - Sat, 24 May 2025 10:35:08 GMT Transfer-Encoding: - chunked status: @@ -1046,12 +1046,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:17.354+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:11.515+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 84dd02cc-8ea0-49ce-b29c-8652ee0d46ab + - 552e32b6-7faa-4a08-9780-de89e8d1f036 Atl-Traceid: - - 84dd02cc8ea049ceb29c8652ee0d46ab + - 552e32b67faa4a089780de89e8d1f036 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1061,7 +1061,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:17 GMT + - Sat, 24 May 2025 10:35:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1071,7 +1071,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="2nH7hc1e5iS5KmTRC_5H332575_lK_bzU0BoR0ezC2pE8i73kWPE-w==",cdn-downstream-fbl;dur=239,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=236,atl-edge;dur=162,atl-edge-internal;dur=16,atl-edge-upstream;dur=146,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=113,atl-edge;dur=105,atl-edge-internal;dur=14,atl-edge-upstream;dur=92,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="jybXTuW06affSmO0SzUew9oE8-pLgvE0FKrc1rZk7asTQyUKPiNZ6A==",cdn-downstream-fbl;dur=117 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1081,15 +1081,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 d4aa84013921cdd269ab20fbd29fbe1e.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 2nH7hc1e5iS5KmTRC_5H332575_lK_bzU0BoR0ezC2pE8i73kWPE-w== + - jybXTuW06affSmO0SzUew9oE8-pLgvE0FKrc1rZk7asTQyUKPiNZ6A== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 8c3625fdb1fc9082e3d8a0e32681c77d + - 411baf435dc0195dccfcceec6325936c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1117,18 +1117,18 @@ interactions: User-Agent: - python-requests/2.32.3 method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18271/comment + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19699/comment response: body: - string: '{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18271/comment/11332","id":"11332","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"(admin): - testing note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2025-04-30T18:28:17.767+0200","updated":"2025-04-30T18:28:17.767+0200","jsdPublic":true}' + string: '{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19699/comment/11534","id":"11534","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"(admin): + testing note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2025-05-24T12:35:11.767+0200","updated":"2025-05-24T12:35:11.767+0200","jsdPublic":true}' headers: Atl-Request-Id: - - 12d2eea2-2c46-42b0-91dc-381170400384 + - 7320006e-9bec-4073-be1e-5a28cdb84b73 Atl-Traceid: - - 12d2eea22c4642b091dc381170400384 + - 7320006e9bec4073be1e5a28cdb84b73 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1136,9 +1136,9 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:17 GMT + - Sat, 24 May 2025 10:35:11 GMT Location: - - https://defectdojo.atlassian.net/rest/api/2/issue/18271/comment/11332 + - https://defectdojo.atlassian.net/rest/api/2/issue/19699/comment/11534 Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1148,7 +1148,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="2-SmMujzUojrIWxlGFJThgXuylflmkPZbWNn5E_u6qTVifhLFptxnA==",cdn-downstream-fbl;dur=481,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=67,cdn-upstream-fbl;dur=479,atl-edge;dur=389,atl-edge-internal;dur=16,atl-edge-upstream;dur=372,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=320,atl-edge;dur=313,atl-edge-internal;dur=17,atl-edge-upstream;dur=295,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="mU1L8eF8o7ZRSDPBxwDvRsGyPUapT8sy9NAJJJMQ1rS1dyvwBujUrw==",cdn-downstream-fbl;dur=323 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1158,15 +1158,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 bbfdc39b99d2b072cca90c3f38450aea.cloudfront.net (CloudFront) + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 2-SmMujzUojrIWxlGFJThgXuylflmkPZbWNn5E_u6qTVifhLFptxnA== + - mU1L8eF8o7ZRSDPBxwDvRsGyPUapT8sy9NAJJJMQ1rS1dyvwBujUrw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - eeb5bcde73e09d94b8bfbb82d4647d76 + - 465f9dd59f49d77d3d74129b04687bc9 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1195,12 +1195,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:18.345+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:12.195+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 4c914492-86d8-4139-b73b-7293b9a89c19 + - 2633bac4-a11b-4a5a-b37b-378fdcc00da4 Atl-Traceid: - - 4c91449286d84139b73b7293b9a89c19 + - 2633bac4a11b4a5ab37b378fdcc00da4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1210,7 +1210,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:18 GMT + - Sat, 24 May 2025 10:35:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1220,7 +1220,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="MiXDTJBXMIbIQD7sfyyYq_zcxu7zxFVbVIjbdNTMmaw-TaD2INv1pw==",cdn-downstream-fbl;dur=238,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=58,cdn-upstream-fbl;dur=236,atl-edge;dur=157,atl-edge-internal;dur=14,atl-edge-upstream;dur=144,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=109,atl-edge;dur=102,atl-edge-internal;dur=16,atl-edge-upstream;dur=86,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="S3wNEKS0bn7wCrAkYUlBS6WuNaQrfn8ix8Ot15dhdCHnFjLhNmpqGA==",cdn-downstream-fbl;dur=113 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1230,15 +1230,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 13926aef629bc9518d9ad769185e8c4e.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - MiXDTJBXMIbIQD7sfyyYq_zcxu7zxFVbVIjbdNTMmaw-TaD2INv1pw== + - S3wNEKS0bn7wCrAkYUlBS6WuNaQrfn8ix8Ot15dhdCHnFjLhNmpqGA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - d19636909f237357da0e902d77c879c1 + - bbef3afca83b2c85cb5bf1bc2e028798 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1264,19 +1264,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18271 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19699 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18271","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18271","key":"NTEST-1888","fields":{"statuscategorychangedate":"2025-04-30T18:28:13.122+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19699","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19699","key":"NTEST-3027","fields":{"statuscategorychangedate":"2025-05-24T12:35:08.168+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1888/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:12.837+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t9z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:17.767+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3027/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:07.878+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010nr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:11.767+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/327]\n\n*Defect - Dojo link:* http://localhost:8080/finding/327 (327)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/372]\n\n*Defect + Dojo link:* http://localhost:8080/finding/372 (372)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/119]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1284,17 +1284,17 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1888/votes","votes":0,"hasVoted":false},"comment":{"comments":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18271/comment/11332","id":"11332","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"(admin): - testing note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2025-04-30T18:28:17.767+0200","updated":"2025-04-30T18:28:17.767+0200","jsdPublic":true}],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18271/comment","maxResults":1,"total":1,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3027/votes","votes":0,"hasVoted":false},"comment":{"comments":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19699/comment/11534","id":"11534","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"(admin): + testing note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2025-05-24T12:35:11.767+0200","updated":"2025-05-24T12:35:11.767+0200","jsdPublic":true}],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19699/comment","maxResults":1,"total":1,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - e37e1e26-5a7b-4706-abbf-fac501500d1f + - e81373ca-5e2b-4c23-9bb5-e00bb8084f92 Atl-Traceid: - - e37e1e265a7b4706abbffac501500d1f + - e81373ca5e2b4c239bb5e00bb8084f92 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1304,7 +1304,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:18 GMT + - Sat, 24 May 2025 10:35:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1314,7 +1314,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="qBmbvmcohlndl_7oHgl7Cs0Y23nK8-WEW-YrWkxXLFEmgY_iggjLaQ==",cdn-downstream-fbl;dur=363,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=54,cdn-upstream-fbl;dur=360,atl-edge;dur=286,atl-edge-internal;dur=20,atl-edge-upstream;dur=266,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=199,atl-edge;dur=192,atl-edge-internal;dur=16,atl-edge-upstream;dur=176,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="W1nW2mLOxFdcs4nOZ_azJIBru6eEkCPqvg_Dkh9QKyInDR-rcQyjGw==",cdn-downstream-fbl;dur=202 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1324,15 +1324,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8dac9acbf37a4821f35529f7cc336eba.cloudfront.net (CloudFront) + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - qBmbvmcohlndl_7oHgl7Cs0Y23nK8-WEW-YrWkxXLFEmgY_iggjLaQ== + - W1nW2mLOxFdcs4nOZ_azJIBru6eEkCPqvg_Dkh9QKyInDR-rcQyjGw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 2c5b88767a8afa27fee1f0afeb59570c + - ff59fbec5ad89330779a04953818fbc1 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1370,9 +1370,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 4214c38f-46c8-407c-a5f3-38eeb9b47f6c + - c488d0d9-5c2c-40f9-9fd3-83ac04416aaa Atl-Traceid: - - 4214c38f46c8407ca5f338eeb9b47f6c + - c488d0d95c2c40f99fd383ac04416aaa Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1382,7 +1382,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:19 GMT + - Sat, 24 May 2025 10:35:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1392,7 +1392,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=403,atl-edge;dur=319,atl-edge-internal;dur=17,atl-edge-upstream;dur=303,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="-Vv80AHh5t5OPe1RLi1QpUIp1tQ9CpzLTXtOHiBMdcXFS2-K1L_C7A==",cdn-downstream-fbl;dur=406 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=294,atl-edge;dur=286,atl-edge-internal;dur=18,atl-edge-upstream;dur=268,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Gl-tsLM9FPsnEhA4oYL3cZ1SmfpRLopSM0FLh8rpMulYs0R2ouvH7A==",cdn-downstream-fbl;dur=298 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1402,18 +1402,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 596b1ac54ac9ee415236dc72536ba33a.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - -Vv80AHh5t5OPe1RLi1QpUIp1tQ9CpzLTXtOHiBMdcXFS2-K1L_C7A== + - Gl-tsLM9FPsnEhA4oYL3cZ1SmfpRLopSM0FLh8rpMulYs0R2ouvH7A== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 8f1260f955957bb05158d4b2f90720f2 + - 046c14f05f60e9fe870c6b89ef21f160 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1426,11 +1426,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/327]\n\n*Defect - Dojo link:* http://localhost:8080/finding/327 (327)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/372]\n\n*Defect + Dojo link:* http://localhost:8080/finding/372 (372)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/119]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1448,21 +1448,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1308' + - '1309' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18271 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19699 response: body: string: '' headers: Atl-Request-Id: - - 825a3de4-71eb-493d-a4fd-697244c9a247 + - e4b0600a-b84b-4265-a84f-3a286efe8b1f Atl-Traceid: - - 825a3de471eb493da4fd697244c9a247 + - e4b0600ab84b4265a84f3a286efe8b1f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1470,7 +1470,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:19 GMT + - Sat, 24 May 2025 10:35:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1480,7 +1480,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=298,atl-edge;dur=265,atl-edge-internal;dur=18,atl-edge-upstream;dur=246,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="lL1sKZZl3HztoQMkUhjlZGf4fqcovSPHi7rIEjxCA1lPqQo5vbgEPA==",cdn-downstream-fbl;dur=302 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=253,atl-edge;dur=244,atl-edge-internal;dur=15,atl-edge-upstream;dur=230,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="-r2nCqt6xGHUvZRFIkdgRctTLiwyyRZOJGPleM69bHA7KK55pkkV1Q==",cdn-downstream-fbl;dur=256 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1488,15 +1488,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f9c7cdbfd821ee3522abb640c0e0a228.cloudfront.net (CloudFront) + - 1.1 490623df85c571a18ba7da1511cc969e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - lL1sKZZl3HztoQMkUhjlZGf4fqcovSPHi7rIEjxCA1lPqQo5vbgEPA== + - -r2nCqt6xGHUvZRFIkdgRctTLiwyyRZOJGPleM69bHA7KK55pkkV1Q== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 5cd559f7cd6b9cef133f412a7f084f9a + - b2343ad277429964cdb5dcdd15035919 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1522,19 +1522,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18271 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19699 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18271","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18271","key":"NTEST-1888","fields":{"statuscategorychangedate":"2025-04-30T18:28:13.122+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19699","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19699","key":"NTEST-3027","fields":{"statuscategorychangedate":"2025-05-24T12:35:08.168+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1888/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:12.837+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t9z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:17.767+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3027/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:07.878+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010nr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:11.767+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/327]\n\n*Defect - Dojo link:* http://localhost:8080/finding/327 (327)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/372]\n\n*Defect + Dojo link:* http://localhost:8080/finding/372 (372)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/119]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1542,17 +1542,17 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1888/votes","votes":0,"hasVoted":false},"comment":{"comments":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18271/comment/11332","id":"11332","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"(admin): - testing note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2025-04-30T18:28:17.767+0200","updated":"2025-04-30T18:28:17.767+0200","jsdPublic":true}],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18271/comment","maxResults":1,"total":1,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3027/votes","votes":0,"hasVoted":false},"comment":{"comments":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19699/comment/11534","id":"11534","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"(admin): + testing note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2025-05-24T12:35:11.767+0200","updated":"2025-05-24T12:35:11.767+0200","jsdPublic":true}],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19699/comment","maxResults":1,"total":1,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 5b324e2e-16cd-42b6-9f22-a4126d554dc8 + - 74168a0d-6648-4b45-bcd7-0179a1b35928 Atl-Traceid: - - 5b324e2e16cd42b69f22a4126d554dc8 + - 74168a0d66484b45bcd70179a1b35928 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1562,7 +1562,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:20 GMT + - Sat, 24 May 2025 10:35:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1572,7 +1572,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="0Zw1o94rQjU_R2qbIwwwFQsG3kf5J3YXu6KuJMaTgJtpluc61aE5hQ==",cdn-downstream-fbl;dur=304,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=302,atl-edge;dur=279,atl-edge-internal;dur=21,atl-edge-upstream;dur=257,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=263,atl-edge;dur=255,atl-edge-internal;dur=16,atl-edge-upstream;dur=239,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="1Ksjosu8n980jrRXi8FwjxO42ibtXLZnX6D8ZgI8e8ByI2co5_mgNw==",cdn-downstream-fbl;dur=268 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1582,15 +1582,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 35f3ad5aa26e63a13ffedf420998e698.cloudfront.net (CloudFront) + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 0Zw1o94rQjU_R2qbIwwwFQsG3kf5J3YXu6KuJMaTgJtpluc61aE5hQ== + - 1Ksjosu8n980jrRXi8FwjxO42ibtXLZnX6D8ZgI8e8ByI2co5_mgNw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - f6789fb927178d71ac708f4ec2ea3d42 + - 9c45f35859a2fcd4e13d56dc7d2b3478 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1619,12 +1619,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:20.845+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:13.710+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 18289c02-25b1-4078-b7dc-d096e2e1bd06 + - 2b938449-cf10-488d-8312-3d8430bc01eb Atl-Traceid: - - 18289c0225b14078b7dcd096e2e1bd06 + - 2b938449cf10488d83123d8430bc01eb Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1634,7 +1634,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:20 GMT + - Sat, 24 May 2025 10:35:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1644,7 +1644,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="-eNAPDb-INRZFAZZKTkWwvI62PLhQRddUj-PagBa3NQxis0-MNP--Q==",cdn-downstream-fbl;dur=248,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=68,cdn-upstream-fbl;dur=246,atl-edge;dur=156,atl-edge-internal;dur=14,atl-edge-upstream;dur=143,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=114,atl-edge;dur=106,atl-edge-internal;dur=17,atl-edge-upstream;dur=90,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="dYOEK0LRhy5EKXaUPaXmiJzQOKaaxIs_7rtMfek9akIZEVdCzxADww==",cdn-downstream-fbl;dur=117 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1654,15 +1654,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 475bc4efb9c2dcfa6769dde201c9bbbc.cloudfront.net (CloudFront) + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - -eNAPDb-INRZFAZZKTkWwvI62PLhQRddUj-PagBa3NQxis0-MNP--Q== + - dYOEK0LRhy5EKXaUPaXmiJzQOKaaxIs_7rtMfek9akIZEVdCzxADww== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 09f79fc8b6b7de723e06499e254a5288 + - 0682810e050dae5278a1e5ce641c9e57 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1688,19 +1688,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18271 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19699 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18271","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18271","key":"NTEST-1888","fields":{"statuscategorychangedate":"2025-04-30T18:28:13.122+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19699","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19699","key":"NTEST-3027","fields":{"statuscategorychangedate":"2025-05-24T12:35:08.168+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1888/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:12.837+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00t9z:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:17.767+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3027/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:07.878+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010nr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:11.767+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/327]\n\n*Defect - Dojo link:* http://localhost:8080/finding/327 (327)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/372]\n\n*Defect + Dojo link:* http://localhost:8080/finding/372 (372)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/119]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1708,17 +1708,17 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1888/votes","votes":0,"hasVoted":false},"comment":{"comments":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18271/comment/11332","id":"11332","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"(admin): - testing note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2025-04-30T18:28:17.767+0200","updated":"2025-04-30T18:28:17.767+0200","jsdPublic":true}],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18271/comment","maxResults":1,"total":1,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3027/votes","votes":0,"hasVoted":false},"comment":{"comments":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19699/comment/11534","id":"11534","author":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"body":"(admin): + testing note. creating it and pushing it to JIRA","updateAuthor":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"created":"2025-05-24T12:35:11.767+0200","updated":"2025-05-24T12:35:11.767+0200","jsdPublic":true}],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19699/comment","maxResults":1,"total":1,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - b1c228f9-c321-4c54-baa8-6b8651cf5438 + - ca7b9968-9b2e-4b01-9e6f-5b3075146dda Atl-Traceid: - - b1c228f9c3214c54baa86b8651cf5438 + - ca7b99689b2e4b019e6f5b3075146dda Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1728,7 +1728,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:21 GMT + - Sat, 24 May 2025 10:35:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1738,7 +1738,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=284,atl-edge;dur=250,atl-edge-internal;dur=17,atl-edge-upstream;dur=233,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="3rPWbsdlHJHEylpNgLODAnS2e7sAKl9gZzT5zi8SLCP_ewp6E1vP9Q==",cdn-downstream-fbl;dur=288 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=248,atl-edge;dur=239,atl-edge-internal;dur=24,atl-edge-upstream;dur=211,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="1aHLQc4bWb3QRdqf-09BtfFmt6VsAcfI1joNlXPjXaoKN7aWrcC0QQ==",cdn-downstream-fbl;dur=252 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1748,15 +1748,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 d45e064f8c3e1035d136019303749e0e.cloudfront.net (CloudFront) + - 1.1 1a89beee9d72657437f5e91f57220804.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 3rPWbsdlHJHEylpNgLODAnS2e7sAKl9gZzT5zi8SLCP_ewp6E1vP9Q== + - 1aHLQc4bWb3QRdqf-09BtfFmt6VsAcfI1joNlXPjXaoKN7aWrcC0QQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - a9ba9c515c5a7d685c6830d00cdbff65 + - 1d1ca9ab40084ea7122329e22b07bdfe X-Cache: - Miss from cloudfront X-Content-Type-Options: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_add_tags.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_add_tags.yaml index 74f818f4906..08330f9acdd 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_add_tags.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_add_tags.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:21.601+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:14.316+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - b7faa5e4-3f8b-421c-bda2-8de4fdae08a5 + - 28f47df8-0396-47ff-b927-a1dbd46a4bfa Atl-Traceid: - - b7faa5e43f8b421cbda28de4fdae08a5 + - 28f47df8039647ffb927a1dbd46a4bfa Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:21 GMT + - Sat, 24 May 2025 10:35:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=194,atl-edge;dur=162,atl-edge-internal;dur=16,atl-edge-upstream;dur=147,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="F9R5yqpasEaRAR5Hsq0DYARNkA4JgX4L8AsKUZQ3l-WNJLN3rIu0ug==",cdn-downstream-fbl;dur=198 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="KVdrNQ1rZV0WTsCAluQpIvR2BDeg5zIqveHC57hf4MDz-8VQpbp_fQ==",cdn-downstream-fbl;dur=135,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=133,atl-edge;dur=103,atl-edge-internal;dur=14,atl-edge-upstream;dur=89,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 73e04d645babcbb9ee8f20cc865b009c.cloudfront.net (CloudFront) + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - F9R5yqpasEaRAR5Hsq0DYARNkA4JgX4L8AsKUZQ3l-WNJLN3rIu0ug== + - KVdrNQ1rZV0WTsCAluQpIvR2BDeg5zIqveHC57hf4MDz-8VQpbp_fQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - aa6d88d49bc4e960ada6718fd7833e9c + - a976d451b43a16125cac622e3a2abe52 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 77dee06d-1b39-4b29-8830-44bda05b064b + - d5830994-e03d-42ce-aee7-0a86a9a7b1b6 Atl-Traceid: - - 77dee06d1b394b29883044bda05b064b + - d5830994e03d42ceaee70a86a9a7b1b6 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:22 GMT + - Sat, 24 May 2025 10:35:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="vMEXRsN1oAPaa7_TQX8V8tHkF3iwyYHUGFEq-J5SLQlbiNv42HNeAQ==",cdn-downstream-fbl;dur=441,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=438,atl-edge;dur=354,atl-edge-internal;dur=15,atl-edge-upstream;dur=339,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=379,atl-edge;dur=371,atl-edge-internal;dur=16,atl-edge-upstream;dur=356,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="mF0SixdrWv4S3EtVBp9P9ltoUCWQ5dELR3rPU-5qZ0m2TXkLSLoqnA==",cdn-downstream-fbl;dur=383 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9832e15ad117dafc81b031983cbde91e.cloudfront.net (CloudFront) + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - vMEXRsN1oAPaa7_TQX8V8tHkF3iwyYHUGFEq-J5SLQlbiNv42HNeAQ== + - mF0SixdrWv4S3EtVBp9P9ltoUCWQ5dELR3rPU-5qZ0m2TXkLSLoqnA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 6c924acb51dc0eb610368f01920c0b9d + - c486a9aba33d5d1f45c613504b206a45 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -155,11 +155,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/329]\n\n*Defect - Dojo link:* http://localhost:8080/finding/329 (329)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/374]\n\n*Defect + Dojo link:* http://localhost:8080/finding/374 (374)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/120]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/129]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -177,7 +177,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -186,12 +186,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18275","key":"NTEST-1890","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18275"}' + string: '{"id":"19701","key":"NTEST-3029","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19701"}' headers: Atl-Request-Id: - - dd322e09-8003-4012-a167-c2565ca8dead + - df403d3b-06f1-4169-a13f-45c6595ef305 Atl-Traceid: - - dd322e0980034012a167c2565ca8dead + - df403d3b06f14169a13f45c6595ef305 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -199,7 +199,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:23 GMT + - Sat, 24 May 2025 10:35:15 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -209,7 +209,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=744,atl-edge;dur=711,atl-edge-internal;dur=25,atl-edge-upstream;dur=685,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="g7jUPHDhjPuC9519uetYxngAF0HSYwC3dK-uxyXeGh4dr_goI2sTZw==",cdn-downstream-fbl;dur=748 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=734,atl-edge;dur=727,atl-edge-internal;dur=14,atl-edge-upstream;dur=713,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="y3C6VOdnu_kf8eI6rjyLBsAxrr6hzYpqnP_Nhsan5wFCDOve4-RU9A==",cdn-downstream-fbl;dur=737 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -219,15 +219,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a78d8f4a6ccd81221651cd6112d5330a.cloudfront.net (CloudFront) + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - g7jUPHDhjPuC9519uetYxngAF0HSYwC3dK-uxyXeGh4dr_goI2sTZw== + - y3C6VOdnu_kf8eI6rjyLBsAxrr6hzYpqnP_Nhsan5wFCDOve4-RU9A== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - d228a55816c4a15526805e8484406264 + - b31b828666ce149746e8c8b20a3426d0 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -253,19 +253,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1890 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3029 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18275","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18275","key":"NTEST-1890","fields":{"statuscategorychangedate":"2025-04-30T18:28:22.952+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19701","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19701","key":"NTEST-3029","fields":{"statuscategorychangedate":"2025-05-24T12:35:15.518+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1890/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:22.649+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00taf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:22.733+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3029/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:15.204+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010o7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:15.280+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/329]\n\n*Defect - Dojo link:* http://localhost:8080/finding/329 (329)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/374]\n\n*Defect + Dojo link:* http://localhost:8080/finding/374 (374)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/120]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/129]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -273,14 +273,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1890/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18275/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3029/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19701/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - f1fffdfb-aff1-4fdd-9d66-09ca9c2a75f1 + - a9d0de3b-2527-42f5-b914-ccaf5f6c18c3 Atl-Traceid: - - f1fffdfbaff14fdd9d6609ca9c2a75f1 + - a9d0de3b252742f5b914ccaf5f6c18c3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -290,7 +290,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:23 GMT + - Sat, 24 May 2025 10:35:15 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -300,7 +300,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=312,atl-edge;dur=278,atl-edge-internal;dur=17,atl-edge-upstream;dur=261,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="sJCo7AU4vOA1xILctjwKkackmD5v8cbgY9Orz30PoApv4K-vfadqYw==",cdn-downstream-fbl;dur=316 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=234,atl-edge;dur=227,atl-edge-internal;dur=15,atl-edge-upstream;dur=212,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="7a3AdFbsHvEPa-_bWZqlsgnUk56cVY_kaUyP0AmHn6OruLuAYBQ5nA==",cdn-downstream-fbl;dur=239 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -310,15 +310,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 cbe94ab27088fc4bb73abf8e3179b3d2.cloudfront.net (CloudFront) + - 1.1 b0062bb33b961b53be87d688f2bdd9f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - sJCo7AU4vOA1xILctjwKkackmD5v8cbgY9Orz30PoApv4K-vfadqYw== + - 7a3AdFbsHvEPa-_bWZqlsgnUk56cVY_kaUyP0AmHn6OruLuAYBQ5nA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - b9f13aabd44fdc5881b8e2c6db10e7fb + - 26f27d51aba783b361d96e5733aa1bbc X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -344,19 +344,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18275 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19701 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18275","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18275","key":"NTEST-1890","fields":{"statuscategorychangedate":"2025-04-30T18:28:22.952+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19701","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19701","key":"NTEST-3029","fields":{"statuscategorychangedate":"2025-05-24T12:35:15.518+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1890/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:22.649+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00taf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:22.733+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3029/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:15.204+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010o7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:15.280+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/329]\n\n*Defect - Dojo link:* http://localhost:8080/finding/329 (329)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/374]\n\n*Defect + Dojo link:* http://localhost:8080/finding/374 (374)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/120]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/129]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -364,14 +364,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1890/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18275/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3029/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19701/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 1adb4d87-e4c6-4227-9986-eb4c75fa1c75 + - 7f2a8df8-713b-4e44-9d86-88e76674271f Atl-Traceid: - - 1adb4d87e4c642279986eb4c75fa1c75 + - 7f2a8df8713b4e449d8688e76674271f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -381,7 +381,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:24 GMT + - Sat, 24 May 2025 10:35:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -391,7 +391,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="2le6dblhRGl6KP1VbBWsrNaCUXUFjjjM0WMyjWL4X7S-gepO7RNUJw==",cdn-downstream-fbl;dur=373,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=370,atl-edge;dur=283,atl-edge-internal;dur=22,atl-edge-upstream;dur=262,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=225,atl-edge;dur=218,atl-edge-internal;dur=15,atl-edge-upstream;dur=203,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="kBpOYtwdkfghZaBWFMHrVbz7p2QR9QD3Pbz3aJ5yjPuQsgWEx1ASTA==",cdn-downstream-fbl;dur=229 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -401,15 +401,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ed78483d37e5338746e5a4b545e5818e.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 2le6dblhRGl6KP1VbBWsrNaCUXUFjjjM0WMyjWL4X7S-gepO7RNUJw== + - kBpOYtwdkfghZaBWFMHrVbz7p2QR9QD3Pbz3aJ5yjPuQsgWEx1ASTA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 47d4cd637b08146785c7b44d7ee17398 + - d69d815dc81f99f948fcdc892c1df305 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -438,12 +438,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:24.413+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:16.438+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 21048798-b5dc-4ecb-8852-00d99005d262 + - e5936764-7a2c-47d2-aebf-c988b14bb110 Atl-Traceid: - - 21048798b5dc4ecb885200d99005d262 + - e59367647a2c47d2aebfc988b14bb110 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -453,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:24 GMT + - Sat, 24 May 2025 10:35:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -463,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="alU2jqQsUXY1d6Eg4Q8T6zWZFgKeYYWUGD7Oohf_g8orVYCDcGsgrw==",cdn-downstream-fbl;dur=245,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=67,cdn-upstream-fbl;dur=243,atl-edge;dur=153,atl-edge-internal;dur=14,atl-edge-upstream;dur=139,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=124,atl-edge;dur=111,atl-edge-internal;dur=19,atl-edge-upstream;dur=96,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="pmQwxF1nttYfqc94EyTe7lGOFPssnyXQScMSl71KDG8HqKY2VkuMgw==",cdn-downstream-fbl;dur=128 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -473,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9041bc1ab42f996e0fd971e734eff2e2.cloudfront.net (CloudFront) + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - alU2jqQsUXY1d6Eg4Q8T6zWZFgKeYYWUGD7Oohf_g8orVYCDcGsgrw== + - pmQwxF1nttYfqc94EyTe7lGOFPssnyXQScMSl71KDG8HqKY2VkuMgw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 6230498c69e14b5258ccaaa958e01e7f + - aa2e8fa400f6758849c5375565374859 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -519,9 +519,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 660e2fc6-e283-4312-91f5-31d3f7e9ab4b + - 67f6c1bf-0f7a-4699-ad1f-ca113c8e63ba Atl-Traceid: - - 660e2fc6e283431291f531d3f7e9ab4b + - 67f6c1bf0f7a4699ad1fca113c8e63ba Cache-Control: - no-cache, no-store, no-transform Connection: @@ -531,7 +531,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:25 GMT + - Sat, 24 May 2025 10:35:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -541,7 +541,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="MYAzU6tXpHz-7QbeCg4p-15xk6uoMkATmbQ9iZoCv4Cs2av9ryZjrg==",cdn-downstream-fbl;dur=464,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=461,atl-edge;dur=373,atl-edge-internal;dur=21,atl-edge-upstream;dur=353,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=240,atl-edge;dur=233,atl-edge-internal;dur=20,atl-edge-upstream;dur=213,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="lr9a7Kob-cVFmZvPeAMYcghwr_P7L65OMaKl35PqfV0r2WveRlvkNw==",cdn-downstream-fbl;dur=244 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -551,18 +551,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 475bc4efb9c2dcfa6769dde201c9bbbc.cloudfront.net (CloudFront) + - 1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - MYAzU6tXpHz-7QbeCg4p-15xk6uoMkATmbQ9iZoCv4Cs2av9ryZjrg== + - lr9a7Kob-cVFmZvPeAMYcghwr_P7L65OMaKl35PqfV0r2WveRlvkNw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 4cbc31861e55ac525e750e5d7a02543a + - 634bcb5a1e282aaec5aa7be306cc6bc6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -575,11 +575,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/330]\n\n*Defect - Dojo link:* http://localhost:8080/finding/330 (330)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/375]\n\n*Defect + Dojo link:* http://localhost:8080/finding/375 (375)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/120]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/129]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -597,7 +597,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -606,12 +606,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18277","key":"NTEST-1891","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18277"}' + string: '{"id":"19702","key":"NTEST-3030","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19702"}' headers: Atl-Request-Id: - - 904bb497-06ac-4ce3-9967-6c10c56730be + - e19236c4-a1f0-4a28-83d2-a0567b75df87 Atl-Traceid: - - 904bb49706ac4ce399676c10c56730be + - e19236c4a1f04a2883d2a0567b75df87 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -619,7 +619,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:25 GMT + - Sat, 24 May 2025 10:35:17 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -629,7 +629,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="qOyEilMZbERomrQ_JaUFogalwbdtrkrMF90rSvMHaD5yEY4TNngLqQ==",cdn-downstream-fbl;dur=774,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=67,cdn-upstream-fbl;dur=772,atl-edge;dur=683,atl-edge-internal;dur=15,atl-edge-upstream;dur=668,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=757,atl-edge;dur=749,atl-edge-internal;dur=33,atl-edge-upstream;dur=714,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="QAmX6PilIwsfGnDNpZZ3DlHC1ibCigmHbzYo_4B1897tHEX90zrbYg==",cdn-downstream-fbl;dur=760 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -639,15 +639,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 57f0537bdb26692a5be92bbbe93e4ea2.cloudfront.net (CloudFront) + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - qOyEilMZbERomrQ_JaUFogalwbdtrkrMF90rSvMHaD5yEY4TNngLqQ== + - QAmX6PilIwsfGnDNpZZ3DlHC1ibCigmHbzYo_4B1897tHEX90zrbYg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 423b807ae163ee2429c682dbe566dc3a + - d9098079ab493567e77a2a34494d91e1 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -673,19 +673,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1891 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3030 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18277","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18277","key":"NTEST-1891","fields":{"statuscategorychangedate":"2025-04-30T18:28:25.833+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19702","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19702","key":"NTEST-3030","fields":{"statuscategorychangedate":"2025-05-24T12:35:17.538+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1891/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:25.539+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tan:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:25.628+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3030/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:17.198+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010of:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:17.287+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/330]\n\n*Defect - Dojo link:* http://localhost:8080/finding/330 (330)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/375]\n\n*Defect + Dojo link:* http://localhost:8080/finding/375 (375)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/120]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/129]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -693,14 +693,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1891/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18277/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3030/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19702/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 04a5cd0b-e591-455b-ad68-e54c99933555 + - 33a582b4-aaf7-48e4-b4e6-9e026a4f7947 Atl-Traceid: - - 04a5cd0be591455bad68e54c99933555 + - 33a582b4aaf748e4b4e69e026a4f7947 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -710,7 +710,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:26 GMT + - Sat, 24 May 2025 10:35:17 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -720,7 +720,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="FDEcAndy7ZxqAxq4mg4np_oXyvf7HVKNPoIZ-ZxVJ7BvttLXopZ2cQ==",cdn-downstream-fbl;dur=313,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=56,cdn-upstream-fbl;dur=311,atl-edge;dur=236,atl-edge-internal;dur=16,atl-edge-upstream;dur=220,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=251,atl-edge;dur=243,atl-edge-internal;dur=14,atl-edge-upstream;dur=229,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="zavdT8gacPOgeAgml_cUlXlP4mqXM2mCdLcB3FMUlC4GCjMT4WJCGw==",cdn-downstream-fbl;dur=255 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -730,15 +730,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 13926aef629bc9518d9ad769185e8c4e.cloudfront.net (CloudFront) + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - FDEcAndy7ZxqAxq4mg4np_oXyvf7HVKNPoIZ-ZxVJ7BvttLXopZ2cQ== + - zavdT8gacPOgeAgml_cUlXlP4mqXM2mCdLcB3FMUlC4GCjMT4WJCGw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 563d4ff635a67b346440df5c8ba8b8e1 + - d921bb222c30962b4ade462822453cfc X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -764,19 +764,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18277 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19702 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18277","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18277","key":"NTEST-1891","fields":{"statuscategorychangedate":"2025-04-30T18:28:25.833+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19702","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19702","key":"NTEST-3030","fields":{"statuscategorychangedate":"2025-05-24T12:35:17.538+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1891/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:25.539+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tan:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:25.628+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3030/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:17.198+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010of:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:17.287+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/330]\n\n*Defect - Dojo link:* http://localhost:8080/finding/330 (330)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/375]\n\n*Defect + Dojo link:* http://localhost:8080/finding/375 (375)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/120]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/129]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -784,14 +784,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1891/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18277/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3030/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19702/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - e8b37f22-d981-46cf-b1ef-852bad232c91 + - 2ad3a18a-dda5-41bf-88e5-50bacf9ce520 Atl-Traceid: - - e8b37f22d98146cfb1ef852bad232c91 + - 2ad3a18adda541bf88e550bacf9ce520 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -801,7 +801,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:26 GMT + - Sat, 24 May 2025 10:35:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -811,7 +811,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=308,atl-edge;dur=276,atl-edge-internal;dur=16,atl-edge-upstream;dur=260,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="nnEBBgRC3dSmq-Q84c5esvIjZKuMzgvBfkCAYzez_s1YAwMgUog61Q==",cdn-downstream-fbl;dur=312 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=242,atl-edge;dur=235,atl-edge-internal;dur=16,atl-edge-upstream;dur=219,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="6VHbQZs8iUHSaWOW_vfguoWzHpkvXMNgySIgXMw-jYoMdjLMrDcO8A==",cdn-downstream-fbl;dur=246 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -821,15 +821,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a9c93b7820e04954dd3278b106daa8da.cloudfront.net (CloudFront) + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - nnEBBgRC3dSmq-Q84c5esvIjZKuMzgvBfkCAYzez_s1YAwMgUog61Q== + - 6VHbQZs8iUHSaWOW_vfguoWzHpkvXMNgySIgXMw-jYoMdjLMrDcO8A== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 2ef5244cb10c7f810f2ebdfa98cad686 + - eff31b13fab6290198ed575ffc08075b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -842,14 +842,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/120", "url_api": "http://localhost:8080/api/v2/tests/120/", + "http://localhost:8080/test/129", "url_api": "http://localhost:8080/api/v2/tests/129/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 120, "url_ui": "http://localhost:8080/test/120", "url_api": "http://localhost:8080/api/v2/tests/120/"}}' + 129, "url_ui": "http://localhost:8080/test/129", "url_api": "http://localhost:8080/api/v2/tests/129/"}}' headers: Accept: - application/json @@ -864,7 +864,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -878,13 +878,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:45916\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:41356\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/120\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/120/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/129\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/129/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -892,8 +892,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 120, \\\"url_ui\\\": \\\"http://localhost:8080/test/120\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/120/\\\"}}\",\n \"files\": + null, \\\"id\\\": 129, \\\"url_ui\\\": \\\"http://localhost:8080/test/129\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/129/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -903,11 +903,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 120,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/120/\",\n - \ \"url_ui\": \"http://localhost:8080/test/120\"\n },\n \"title\": + 129,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/129/\",\n + \ \"url_ui\": \"http://localhost:8080/test/129\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/120/\",\n \"url_ui\": - \"http://localhost:8080/test/120\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/129/\",\n \"url_ui\": + \"http://localhost:8080/test/129\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -916,7 +916,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:26 GMT + - Sat, 24 May 2025 10:35:18 GMT Transfer-Encoding: - chunked status: @@ -925,19 +925,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/120", "url_api": "http://localhost:8080/api/v2/tests/120/", + "url_ui": "http://localhost:8080/test/129", "url_api": "http://localhost:8080/api/v2/tests/129/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 120, "url_ui": "http://localhost:8080/test/120", "url_api": "http://localhost:8080/api/v2/tests/120/"}, - "finding_count": 2, "findings": {"new": [{"id": 329, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/329", - "url_api": "http://localhost:8080/api/v2/findings/329/"}, {"id": 330, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/330", - "url_api": "http://localhost:8080/api/v2/findings/330/"}], "reactivated": [], + 129, "url_ui": "http://localhost:8080/test/129", "url_api": "http://localhost:8080/api/v2/tests/129/"}, + "finding_count": 2, "findings": {"new": [{"id": 374, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/374", + "url_api": "http://localhost:8080/api/v2/findings/374/"}, {"id": 375, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/375", + "url_api": "http://localhost:8080/api/v2/findings/375/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -953,7 +953,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -967,51 +967,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:45920\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:41366\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/120\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/120/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/129\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/129/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 120, \\\"url_ui\\\": \\\"http://localhost:8080/test/120\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/120/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 329, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 129, \\\"url_ui\\\": \\\"http://localhost:8080/test/129\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/129/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 374, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/329\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/329/\\\"}, - {\\\"id\\\": 330, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/330\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/330/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/374\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/374/\\\"}, + {\\\"id\\\": 375, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/375\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/375/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 329,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/329/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/329\"\n },\n - \ {\n \"id\": 330,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/330/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/330\"\n }\n ],\n + \ \"id\": 374,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/374/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/374\"\n },\n + \ {\n \"id\": 375,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/375/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/375\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 120,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/120/\",\n - \ \"url_ui\": \"http://localhost:8080/test/120\"\n },\n \"title\": + 129,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/129/\",\n + \ \"url_ui\": \"http://localhost:8080/test/129\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/120/\",\n - \ \"url_ui\": \"http://localhost:8080/test/120\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/129/\",\n + \ \"url_ui\": \"http://localhost:8080/test/129\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1021,7 +1021,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:26 GMT + - Sat, 24 May 2025 10:35:18 GMT Transfer-Encoding: - chunked status: @@ -1046,12 +1046,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:27.355+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:18.709+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 21086398-ec1c-4c52-b133-424227019d46 + - 2d63bea7-a335-44c7-af46-59d4737c6d43 Atl-Traceid: - - 21086398ec1c4c52b133424227019d46 + - 2d63bea7a33544c7af4659d4737c6d43 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1061,7 +1061,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:27 GMT + - Sat, 24 May 2025 10:35:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1071,7 +1071,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=203,atl-edge;dur=170,atl-edge-internal;dur=18,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="wjN549vzxqFiTaCbJDR5arrqmGlV5yeUX6zIQs22vJMaEIJtEkhAIw==",cdn-downstream-fbl;dur=207 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=131,atl-edge;dur=124,atl-edge-internal;dur=17,atl-edge-upstream;dur=107,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="tKgsk6NnFkOYAGe5ec06dOY3Hr_HNlpJSynlRDApNK-V8bAofeC7sQ==",cdn-downstream-fbl;dur=135 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1081,15 +1081,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 aa3674a12327640af71c59263be8ffc6.cloudfront.net (CloudFront) + - 1.1 e086ec27af2d3105a1a9fa7efa1be454.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - wjN549vzxqFiTaCbJDR5arrqmGlV5yeUX6zIQs22vJMaEIJtEkhAIw== + - tKgsk6NnFkOYAGe5ec06dOY3Hr_HNlpJSynlRDApNK-V8bAofeC7sQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 37a4eb5cae6828df939fb23d15689fe1 + - e9b3353c5cadc0a3086b5c085791135a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1115,19 +1115,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18275 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19701 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18275","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18275","key":"NTEST-1890","fields":{"statuscategorychangedate":"2025-04-30T18:28:22.952+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19701","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19701","key":"NTEST-3029","fields":{"statuscategorychangedate":"2025-05-24T12:35:15.518+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1890/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:22.649+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00taf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:22.733+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3029/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:15.204+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010o7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:15.280+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/329]\n\n*Defect - Dojo link:* http://localhost:8080/finding/329 (329)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/374]\n\n*Defect + Dojo link:* http://localhost:8080/finding/374 (374)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/120]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/129]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1135,14 +1135,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1890/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18275/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3029/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19701/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 0b863474-e1a6-4198-bcfa-241eed94b80c + - f9418792-8ed2-46c8-8ba1-7534cae51197 Atl-Traceid: - - 0b863474e1a64198bcfa241eed94b80c + - f94187928ed246c88ba17534cae51197 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1152,7 +1152,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:27 GMT + - Sat, 24 May 2025 10:35:19 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1162,7 +1162,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=31,cdn-upstream-fbl;dur=391,atl-edge;dur=262,atl-edge-internal;dur=18,atl-edge-upstream;dur=246,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="rY8o1-pAxwhqxprY0SM1UvgEprF8NbdJ5Qzx5gugmUoFm5LhHGDQ2Q==",cdn-downstream-fbl;dur=396 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=217,atl-edge;dur=210,atl-edge-internal;dur=16,atl-edge-upstream;dur=194,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="nqr5soUQiuXh8N55ixo-fq0KXgqh3DtS4SXlag3srWQ4hdOodKtDpA==",cdn-downstream-fbl;dur=221 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1172,15 +1172,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1b7fa09f50c08a88d619f90eef5ee94a.cloudfront.net (CloudFront) + - 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - rY8o1-pAxwhqxprY0SM1UvgEprF8NbdJ5Qzx5gugmUoFm5LhHGDQ2Q== + - nqr5soUQiuXh8N55ixo-fq0KXgqh3DtS4SXlag3srWQ4hdOodKtDpA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 19586b30b0821206328d65110c91578b + - f14b871db6843970dc724f06890a9b0d X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1218,9 +1218,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 26fe5216-e8c4-446d-ba3b-c930858fe497 + - c0d6a111-4bbb-4084-8143-9f1503161722 Atl-Traceid: - - 26fe5216e8c4446dba3bc930858fe497 + - c0d6a1114bbb408481439f1503161722 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1230,7 +1230,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:28 GMT + - Sat, 24 May 2025 10:35:19 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1240,7 +1240,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="IULU9fj4K9iTe6JXQiUWN_xMsLuT_RUyiIl3uZv_MUhwttJKFGkNzA==",cdn-downstream-fbl;dur=395,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=71,cdn-upstream-fbl;dur=392,atl-edge;dur=298,atl-edge-internal;dur=17,atl-edge-upstream;dur=281,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=298,atl-edge;dur=291,atl-edge-internal;dur=16,atl-edge-upstream;dur=274,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="lsKWbRJ5uyXE4gzXnbb76rPbGOL55WWTmoDJF35e7pCOvzwblF0xqA==",cdn-downstream-fbl;dur=302 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1250,18 +1250,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9832e15ad117dafc81b031983cbde91e.cloudfront.net (CloudFront) + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - IULU9fj4K9iTe6JXQiUWN_xMsLuT_RUyiIl3uZv_MUhwttJKFGkNzA== + - lsKWbRJ5uyXE4gzXnbb76rPbGOL55WWTmoDJF35e7pCOvzwblF0xqA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - c821340f856466b17869156f3747f939 + - e3b3c6b8ff4e6fa90310ee1701c9c92c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1274,11 +1274,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/329]\n\n*Defect - Dojo link:* http://localhost:8080/finding/329 (329)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/374]\n\n*Defect + Dojo link:* http://localhost:8080/finding/374 (374)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/120]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/129]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1296,21 +1296,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1336' + - '1337' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18275 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19701 response: body: string: '' headers: Atl-Request-Id: - - ec3addd0-06fa-4125-a7aa-4b81cc5ebb5d + - 974eca1b-6afa-40c8-972d-0da02c520b5e Atl-Traceid: - - ec3addd006fa4125a7aa4b81cc5ebb5d + - 974eca1b6afa40c8972d0da02c520b5e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1318,7 +1318,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:29 GMT + - Sat, 24 May 2025 10:35:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1328,7 +1328,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="m11sQlF8-TKnHTMHTnCzeMwpAgRREYF82sPnBvtUxkxgLzu7ln7O8Q==",cdn-downstream-fbl;dur=651,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=56,cdn-upstream-fbl;dur=648,atl-edge;dur=570,atl-edge-internal;dur=18,atl-edge-upstream;dur=552,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=521,atl-edge;dur=513,atl-edge-internal;dur=15,atl-edge-upstream;dur=498,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="TgHlvRkxeaqb0op0UIpS9Yg6Mq8wQDAch9ja3Nkm6XMpVkW7e3XKZQ==",cdn-downstream-fbl;dur=526 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1336,15 +1336,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 087e16218fcf1ccb7472a2c9f6a4cbe2.cloudfront.net (CloudFront) + - 1.1 e086ec27af2d3105a1a9fa7efa1be454.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - m11sQlF8-TKnHTMHTnCzeMwpAgRREYF82sPnBvtUxkxgLzu7ln7O8Q== + - TgHlvRkxeaqb0op0UIpS9Yg6Mq8wQDAch9ja3Nkm6XMpVkW7e3XKZQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 6b8acb7c3796072de6343f3b2d14f862 + - 98f69336048a542cb3f957e62e94f96c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1370,19 +1370,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18275 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19701 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18275","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18275","key":"NTEST-1890","fields":{"statuscategorychangedate":"2025-04-30T18:28:22.952+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19701","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19701","key":"NTEST-3029","fields":{"statuscategorychangedate":"2025-05-24T12:35:15.518+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1890/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:22.649+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":["tag1","tag2"],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00taf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:29.077+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3029/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:15.204+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":["tag1","tag2"],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010o7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:19.789+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/329]\n\n*Defect - Dojo link:* http://localhost:8080/finding/329 (329)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/374]\n\n*Defect + Dojo link:* http://localhost:8080/finding/374 (374)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/120]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/129]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1390,14 +1390,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1890/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18275/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3029/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19701/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 2be7658a-04dd-430c-b374-3e0fbb000a00 + - 56578f90-2424-45e9-b07d-2e58f26289aa Atl-Traceid: - - 2be7658a04dd430cb3743e0fbb000a00 + - 56578f90242445e9b07d2e58f26289aa Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1407,7 +1407,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:29 GMT + - Sat, 24 May 2025 10:35:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1417,7 +1417,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=298,atl-edge;dur=264,atl-edge-internal;dur=14,atl-edge-upstream;dur=250,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="IpD9uY7inREVRqFNCApIr7QY8Yk1eaVpmNoSP7fqtAZCQZypTUqKSA==",cdn-downstream-fbl;dur=302 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=248,atl-edge;dur=220,atl-edge-internal;dur=16,atl-edge-upstream;dur=204,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="140BWPKS2RVUKMlmEEgi1RhgyOoTrIEzP-vwVpkmzWN_2QEy8wH0rw==",cdn-downstream-fbl;dur=252 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1427,15 +1427,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4bbf91f2f9edc22eb68408b6405ae452.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - IpD9uY7inREVRqFNCApIr7QY8Yk1eaVpmNoSP7fqtAZCQZypTUqKSA== + - 140BWPKS2RVUKMlmEEgi1RhgyOoTrIEzP-vwVpkmzWN_2QEy8wH0rw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - dca7a325f174db191d24a88c0cc5ff32 + - cbffed6eaa28cb72ef5798b5f63f909a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1464,12 +1464,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:30.284+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:20.552+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 34b8ac81-d8d8-424a-ba9d-19bbd99cc641 + - 506369d7-ed52-45ce-946a-152e018553fa Atl-Traceid: - - 34b8ac81d8d8424aba9d19bbd99cc641 + - 506369d7ed5245ce946a152e018553fa Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1479,7 +1479,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:30 GMT + - Sat, 24 May 2025 10:35:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1489,7 +1489,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=188,atl-edge;dur=155,atl-edge-internal;dur=12,atl-edge-upstream;dur=143,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="aOMw6uAg1e1x3s2PI9qRQq-ea7itMltiunrrOxDbxQXDNsjORMko5w==",cdn-downstream-fbl;dur=191 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=110,atl-edge;dur=103,atl-edge-internal;dur=14,atl-edge-upstream;dur=89,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="qPV_eqkQ8HK83a76aOZBRtbs6XxBIYS4PBdWYbea3I06tC3KqoJgCw==",cdn-downstream-fbl;dur=114 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1499,15 +1499,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 7d27498ef63e76e5a81975299a76fae4.cloudfront.net (CloudFront) + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - aOMw6uAg1e1x3s2PI9qRQq-ea7itMltiunrrOxDbxQXDNsjORMko5w== + - qPV_eqkQ8HK83a76aOZBRtbs6XxBIYS4PBdWYbea3I06tC3KqoJgCw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - ab4858e772d3785728dd8fff823cbca8 + - c5e891db85d78c27535ae518abcd37c3 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1533,19 +1533,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18275 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19701 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18275","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18275","key":"NTEST-1890","fields":{"statuscategorychangedate":"2025-04-30T18:28:22.952+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19701","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19701","key":"NTEST-3029","fields":{"statuscategorychangedate":"2025-05-24T12:35:15.518+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1890/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:22.649+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":["tag1","tag2"],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00taf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:29.077+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3029/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:15.204+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":["tag1","tag2"],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010o7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:19.789+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/329]\n\n*Defect - Dojo link:* http://localhost:8080/finding/329 (329)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/374]\n\n*Defect + Dojo link:* http://localhost:8080/finding/374 (374)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/120]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/129]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1553,14 +1553,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1890/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18275/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3029/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19701/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - af6c7c84-5f1b-436d-ba85-d181c11de76b + - 8c8e5c1a-3431-4fd6-b9d6-9259d2f20a0f Atl-Traceid: - - af6c7c845f1b436dba85d181c11de76b + - 8c8e5c1a34314fd6b9d69259d2f20a0f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1570,7 +1570,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:30 GMT + - Sat, 24 May 2025 10:35:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1580,7 +1580,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=276,atl-edge;dur=243,atl-edge-internal;dur=15,atl-edge-upstream;dur=228,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="CGNj1198u-zpZDz6Zgy2TuPjO6PQyCmSci3g9oUvG0w0N9sPWpxBJQ==",cdn-downstream-fbl;dur=280 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="paVa9aNBSd1vnooM5547A3pGWHLfP8SfhLjUKxkM7Xj3qrBLeQ80WQ==",cdn-downstream-fbl;dur=215,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=212,atl-edge;dur=184,atl-edge-internal;dur=17,atl-edge-upstream;dur=167,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1590,15 +1590,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1918cab433d8a05c792c3cff85897f3c.cloudfront.net (CloudFront) + - 1.1 0e12b175c31e0e750266df78bf0e1068.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - CGNj1198u-zpZDz6Zgy2TuPjO6PQyCmSci3g9oUvG0w0N9sPWpxBJQ== + - paVa9aNBSd1vnooM5547A3pGWHLfP8SfhLjUKxkM7Xj3qrBLeQ80WQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 27fec07f0ed6664df3fc2fa24940a2ad + - 73d92daa956ec649d2ceb04bbda8335d X-Cache: - Miss from cloudfront X-Content-Type-Options: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_epic_as_issue_type.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_epic_as_issue_type.yaml index 96303fa7c9d..0421f465f30 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_epic_as_issue_type.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_epic_as_issue_type.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:31.070+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:21.113+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - aafe79da-5460-457e-9564-df053c6db2f0 + - 9f45fad5-399d-42cc-abdc-2f31eadb1321 Atl-Traceid: - - aafe79da5460457e9564df053c6db2f0 + - 9f45fad5399d42ccabdc2f31eadb1321 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:31 GMT + - Sat, 24 May 2025 10:35:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="6yGqPQuaqG0DZ2wRPZXxgAQc6XH08Abdp-w1pW0x2mN0sZNCy_SvHw==",cdn-downstream-fbl;dur=231,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=55,cdn-upstream-fbl;dur=229,atl-edge;dur=155,atl-edge-internal;dur=13,atl-edge-upstream;dur=142,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=116,atl-edge;dur=108,atl-edge-internal;dur=15,atl-edge-upstream;dur=94,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="--gMHZWRUK3JxCKOmKCJG2u1wq6e24sg4j4rwhca86hvBVezpfCRhQ==",cdn-downstream-fbl;dur=119 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9d71affbaf22baf23eab459f3d2ee77a.cloudfront.net (CloudFront) + - 1.1 0e12b175c31e0e750266df78bf0e1068.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 6yGqPQuaqG0DZ2wRPZXxgAQc6XH08Abdp-w1pW0x2mN0sZNCy_SvHw== + - --gMHZWRUK3JxCKOmKCJG2u1wq6e24sg4j4rwhca86hvBVezpfCRhQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 6cee77a965f6194d67d47d7a9d40374a + - 4f373afd7f1547a5db1983fe744a4e9c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -102,9 +102,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 42e29019-7b0a-45e4-afd8-b9308cb1928f + - d6d11bdf-912c-4dcf-ae4d-7abea755fc95 Atl-Traceid: - - 42e290197b0a45e4afd8b9308cb1928f + - d6d11bdf912c4dcfae4d7abea755fc95 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -114,7 +114,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:31 GMT + - Sat, 24 May 2025 10:35:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -124,7 +124,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=287,atl-edge;dur=254,atl-edge-internal;dur=16,atl-edge-upstream;dur=238,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="-jlvkV05zqBE_tJb-54L1YwfA364URn9QDrT8DTxU-yby9cBArxW4Q==",cdn-downstream-fbl;dur=292 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=279,atl-edge;dur=272,atl-edge-internal;dur=15,atl-edge-upstream;dur=257,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="hDXQNkRw9B6JlO8HYhE8rWUvbD3EOhcLtrLzIQIGlCzL2697RRENzw==",cdn-downstream-fbl;dur=283 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -134,18 +134,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b5141080f2dac9506b5156fa7721b41c.cloudfront.net (CloudFront) + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - -jlvkV05zqBE_tJb-54L1YwfA364URn9QDrT8DTxU-yby9cBArxW4Q== + - hDXQNkRw9B6JlO8HYhE8rWUvbD3EOhcLtrLzIQIGlCzL2697RRENzw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 6413aa331c9f0d26937b569280e4a9de + - e9f4299c69125e8c396a378a0e8cf0cf X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -158,11 +158,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Epic"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/331]\n\n*Defect - Dojo link:* http://localhost:8080/finding/331 (331)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/376]\n\n*Defect + Dojo link:* http://localhost:8080/finding/376 (376)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/121]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/130]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -181,7 +181,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1380' + - '1381' Content-Type: - application/json User-Agent: @@ -190,12 +190,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18279","key":"NTEST-1892","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18279"}' + string: '{"id":"19703","key":"NTEST-3031","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19703"}' headers: Atl-Request-Id: - - 3c4f315d-0a57-46b6-894c-2f2b8b17cd21 + - 97968293-a2df-4cb8-8574-e715f09df776 Atl-Traceid: - - 3c4f315d0a5746b6894c2f2b8b17cd21 + - 97968293a2df4cb88574e715f09df776 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -203,7 +203,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:32 GMT + - Sat, 24 May 2025 10:35:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -213,7 +213,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="1-RU1G7fA8P5mImwxFOx5U_rwHHmEuSkP03Ru4SKlAPmzLKajB-0bg==",cdn-downstream-fbl;dur=835,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=831,atl-edge;dur=745,atl-edge-internal;dur=16,atl-edge-upstream;dur=730,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=717,atl-edge;dur=709,atl-edge-internal;dur=15,atl-edge-upstream;dur=694,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="TRhQJ5MmwN3FOVxOjXwVb4l-CBLmdf6cUQLAOg_17JXGkyS9txDqag==",cdn-downstream-fbl;dur=720 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -223,15 +223,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 452324c4cfd54555e3a2d8c074edaf78.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 1-RU1G7fA8P5mImwxFOx5U_rwHHmEuSkP03Ru4SKlAPmzLKajB-0bg== + - TRhQJ5MmwN3FOVxOjXwVb4l-CBLmdf6cUQLAOg_17JXGkyS9txDqag== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - f3ecfc4815afa3dbb4361711bfce3c89 + - 4a03f69b038131bedf07da5f3c1b1778 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -257,20 +257,20 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1892 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3031 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18279","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18279","key":"NTEST-1892","fields":{"statuscategorychangedate":"2025-04-30T18:28:32.412+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10000","id":"10000","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19703","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19703","key":"NTEST-3031","fields":{"statuscategorychangedate":"2025-05-24T12:35:22.216+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10000","id":"10000","description":"A big user story that needs to be broken down. Created by Jira Software - do not edit or delete.","iconUrl":"https://defectdojo.atlassian.net/images/icons/issuetypes/epic.svg","name":"Epic","subtask":false,"hierarchyLevel":1},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"fixVersions":[],"customfield_10033":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1892/watchers","watchCount":1,"isWatching":true},"created":"2025-04-30T18:28:32.085+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"customfield_10023":null,"labels":[],"customfield_10026":null,"customfield_10016":null,"customfield_10017":"purple","customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tav:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:32.216+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3031/watchers","watchCount":1,"isWatching":true},"created":"2025-05-24T12:35:21.873+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"customfield_10023":null,"labels":[],"customfield_10026":null,"customfield_10016":null,"customfield_10017":"dark_blue","customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010on:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:21.975+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/331]\n\n*Defect - Dojo link:* http://localhost:8080/finding/331 (331)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/376]\n\n*Defect + Dojo link:* http://localhost:8080/finding/376 (376)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/121]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/130]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -279,15 +279,15 @@ interactions: for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10011":"Zap1: Cookie Without Secure Flag","customfield_10056":null,"customfield_10012":{"self":"https://defectdojo.atlassian.net/rest/api/2/customFieldOption/10016","value":"To - Do","id":"10016"},"customfield_10013":"ghx-label-7","customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10049":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"aggregatetimeestimate":null,"attachment":[],"customfield_10009":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10048":null,"customfield_10004":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1892/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18279/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Do","id":"10016"},"customfield_10013":"ghx-label-4","customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10049":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"aggregatetimeestimate":null,"attachment":[],"customfield_10009":null,"summary":"Zap1: + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10048":null,"customfield_10004":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3031/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19703/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - bfde8bce-3c4f-4f93-8fcc-fe12f253d6b1 + - 8040837e-0861-4d25-a2e5-36a519ff04ac Atl-Traceid: - - bfde8bce3c4f4f938fccfe12f253d6b1 + - 8040837e08614d25a2e536a519ff04ac Cache-Control: - no-cache, no-store, no-transform Connection: @@ -297,7 +297,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:32 GMT + - Sat, 24 May 2025 10:35:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -307,7 +307,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=303,atl-edge;dur=270,atl-edge-internal;dur=17,atl-edge-upstream;dur=253,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="0y7YuHB4F-9wWQPqRy4taUkOy0TV4bMqHOC9LV68sYanPY5usIWo1w==",cdn-downstream-fbl;dur=306 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=217,atl-edge;dur=210,atl-edge-internal;dur=15,atl-edge-upstream;dur=195,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="bbydcH5zPzHhvvFTIMUez4_6Ff8gZleWXVl2PxyYeihGjVqdpz313w==",cdn-downstream-fbl;dur=221 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -317,15 +317,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5ea7f8bcbac3004590a821cdd0466e1c.cloudfront.net (CloudFront) + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 0y7YuHB4F-9wWQPqRy4taUkOy0TV4bMqHOC9LV68sYanPY5usIWo1w== + - bbydcH5zPzHhvvFTIMUez4_6Ff8gZleWXVl2PxyYeihGjVqdpz313w== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - a81fead0ece54db477daa9ab42d0b08c + - 5c62a79734cc90ef77cb60e0dd744dc2 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -351,20 +351,20 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18279 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19703 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18279","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18279","key":"NTEST-1892","fields":{"statuscategorychangedate":"2025-04-30T18:28:32.412+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10000","id":"10000","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19703","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19703","key":"NTEST-3031","fields":{"statuscategorychangedate":"2025-05-24T12:35:22.216+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10000","id":"10000","description":"A big user story that needs to be broken down. Created by Jira Software - do not edit or delete.","iconUrl":"https://defectdojo.atlassian.net/images/icons/issuetypes/epic.svg","name":"Epic","subtask":false,"hierarchyLevel":1},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"fixVersions":[],"customfield_10033":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1892/watchers","watchCount":1,"isWatching":true},"created":"2025-04-30T18:28:32.085+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"customfield_10023":null,"labels":[],"customfield_10026":null,"customfield_10016":null,"customfield_10017":"purple","customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tav:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:32.216+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3031/watchers","watchCount":1,"isWatching":true},"created":"2025-05-24T12:35:21.873+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"customfield_10023":null,"labels":[],"customfield_10026":null,"customfield_10016":null,"customfield_10017":"dark_blue","customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010on:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:21.975+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/331]\n\n*Defect - Dojo link:* http://localhost:8080/finding/331 (331)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/376]\n\n*Defect + Dojo link:* http://localhost:8080/finding/376 (376)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/121]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/130]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -373,15 +373,15 @@ interactions: for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10011":"Zap1: Cookie Without Secure Flag","customfield_10056":null,"customfield_10012":{"self":"https://defectdojo.atlassian.net/rest/api/2/customFieldOption/10016","value":"To - Do","id":"10016"},"customfield_10013":"ghx-label-7","customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10049":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"aggregatetimeestimate":null,"attachment":[],"customfield_10009":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10048":null,"customfield_10004":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1892/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18279/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Do","id":"10016"},"customfield_10013":"ghx-label-4","customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10049":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"aggregatetimeestimate":null,"attachment":[],"customfield_10009":null,"summary":"Zap1: + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10048":null,"customfield_10004":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3031/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19703/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - aec2a5b0-e095-465b-8128-fb5f239bb31d + - de39b29c-e591-4099-9a25-388d477ce9f7 Atl-Traceid: - - aec2a5b0e095465b8128fb5f239bb31d + - de39b29ce59140999a25388d477ce9f7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -391,7 +391,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:33 GMT + - Sat, 24 May 2025 10:35:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -401,7 +401,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="Lf-RyF7zhgdPjdToRxXaXlR3Pa_HwG8DaZwJSidUS1bQ-oIvY5OWKw==",cdn-downstream-fbl;dur=359,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=66,cdn-upstream-fbl;dur=357,atl-edge;dur=268,atl-edge-internal;dur=19,atl-edge-upstream;dur=249,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=199,atl-edge;dur=190,atl-edge-internal;dur=17,atl-edge-upstream;dur=171,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="xE1_1-j5p4jJbWVqScJvAecKyX86h_ev3EqtCJoDnL5NIJx9KJqoQA==",cdn-downstream-fbl;dur=203 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -411,15 +411,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 dd3ca66f64c2ab5745848b5787ca747a.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Lf-RyF7zhgdPjdToRxXaXlR3Pa_HwG8DaZwJSidUS1bQ-oIvY5OWKw== + - xE1_1-j5p4jJbWVqScJvAecKyX86h_ev3EqtCJoDnL5NIJx9KJqoQA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 6e727b6ba762432b4aac7f068fa6b697 + - 5173451a2885ca4b01a4204de544dd13 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -448,12 +448,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:33.829+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:23.063+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 9fdd9ea2-17c9-44e8-8a65-7484c13f6b2d + - 72a1fe99-efcc-4af1-a482-3333aebddbbc Atl-Traceid: - - 9fdd9ea217c944e88a657484c13f6b2d + - 72a1fe99efcc4af1a4823333aebddbbc Cache-Control: - no-cache, no-store, no-transform Connection: @@ -463,7 +463,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:33 GMT + - Sat, 24 May 2025 10:35:23 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -473,7 +473,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="5BugPBxoS4frxVs7iUNxvFYHw2Le41ltk0TPHbPY7svzw9b0JW5BMg==",cdn-downstream-fbl;dur=246,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=244,atl-edge;dur=159,atl-edge-internal;dur=14,atl-edge-upstream;dur=146,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=112,atl-edge;dur=105,atl-edge-internal;dur=14,atl-edge-upstream;dur=91,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="GjCjlza7-X3mW9DVIWhX2lRxFhaz0NP1rUOJTz2qSgGHGZllmL4l-Q==",cdn-downstream-fbl;dur=117 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -483,15 +483,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 48f2e5da4dd7651bfa3bfd0054610cf4.cloudfront.net (CloudFront) + - 1.1 b0062bb33b961b53be87d688f2bdd9f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 5BugPBxoS4frxVs7iUNxvFYHw2Le41ltk0TPHbPY7svzw9b0JW5BMg== + - GjCjlza7-X3mW9DVIWhX2lRxFhaz0NP1rUOJTz2qSgGHGZllmL4l-Q== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - c1a9d0dff5cb3e278a1c4e91357b3e79 + - 03c44e24547d4007185dbfef2b0bc196 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -532,9 +532,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 9ff3fabe-0008-410b-82dc-2834ebbde811 + - 028b5682-f3aa-4bb9-b9a3-9ce51121fdda Atl-Traceid: - - 9ff3fabe0008410b82dc2834ebbde811 + - 028b5682f3aa4bb9b9a39ce51121fdda Cache-Control: - no-cache, no-store, no-transform Connection: @@ -544,7 +544,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:34 GMT + - Sat, 24 May 2025 10:35:23 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -554,7 +554,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="jJFPpr10iA9f1L69XebJMfmlYolNKmH0d_Uq1kSg_WLk1oGpBNYn_A==",cdn-downstream-fbl;dur=397,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=101,cdn-upstream-fbl;dur=394,atl-edge;dur=257,atl-edge-internal;dur=18,atl-edge-upstream;dur=240,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=280,atl-edge;dur=273,atl-edge-internal;dur=16,atl-edge-upstream;dur=258,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="v9cDiBEyDWYU5XY3iiDqghS0Df__IQsC9L5yxNP6FkNTQ2V7mTkvEQ==",cdn-downstream-fbl;dur=284 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -564,18 +564,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a65725dd05dc27eea7ae75a2e122228e.cloudfront.net (CloudFront) + - 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - jJFPpr10iA9f1L69XebJMfmlYolNKmH0d_Uq1kSg_WLk1oGpBNYn_A== + - v9cDiBEyDWYU5XY3iiDqghS0Df__IQsC9L5yxNP6FkNTQ2V7mTkvEQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 0513450174a52dcde1221024c2cafefe + - 1118adcbc5161f94728800c3c3603557 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -588,11 +588,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Epic"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/332]\n\n*Defect - Dojo link:* http://localhost:8080/finding/332 (332)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/377]\n\n*Defect + Dojo link:* http://localhost:8080/finding/377 (377)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/121]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/130]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -611,7 +611,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1380' + - '1381' Content-Type: - application/json User-Agent: @@ -620,12 +620,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18281","key":"NTEST-1893","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18281"}' + string: '{"id":"19704","key":"NTEST-3032","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19704"}' headers: Atl-Request-Id: - - 1788d899-7cb6-4a29-82a8-4963ac0a932a + - 9edbf6e6-1c81-45a5-964d-e9efb239482b Atl-Traceid: - - 1788d8997cb64a2982a84963ac0a932a + - 9edbf6e61c8145a5964de9efb239482b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -633,7 +633,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:35 GMT + - Sat, 24 May 2025 10:35:24 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -643,7 +643,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=750,atl-edge;dur=717,atl-edge-internal;dur=14,atl-edge-upstream;dur=703,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="aNEpnh-QrzCxPryEvy2_l_x-zHqSSgQ_jj9Xv8pFtu1xMOZ99cKUUg==",cdn-downstream-fbl;dur=755 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=688,atl-edge;dur=681,atl-edge-internal;dur=15,atl-edge-upstream;dur=666,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ypbwseIHGZu_xIUfj9l9GWJL_SUyvgq9vDa5iLThdnXGh1BUVX9cZw==",cdn-downstream-fbl;dur=692 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -653,15 +653,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 de5b26aba33b480d2b740b96a34fe916.cloudfront.net (CloudFront) + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - aNEpnh-QrzCxPryEvy2_l_x-zHqSSgQ_jj9Xv8pFtu1xMOZ99cKUUg== + - ypbwseIHGZu_xIUfj9l9GWJL_SUyvgq9vDa5iLThdnXGh1BUVX9cZw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - b2231863ec4c01795c45ba0f6b614127 + - cbc021e9fe5678f89b76a75f1e529c81 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -687,20 +687,20 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1893 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3032 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18281","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18281","key":"NTEST-1893","fields":{"statuscategorychangedate":"2025-04-30T18:28:35.157+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10000","id":"10000","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19704","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19704","key":"NTEST-3032","fields":{"statuscategorychangedate":"2025-05-24T12:35:24.142+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10000","id":"10000","description":"A big user story that needs to be broken down. Created by Jira Software - do not edit or delete.","iconUrl":"https://defectdojo.atlassian.net/images/icons/issuetypes/epic.svg","name":"Epic","subtask":false,"hierarchyLevel":1},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"fixVersions":[],"customfield_10033":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1893/watchers","watchCount":1,"isWatching":true},"created":"2025-04-30T18:28:34.855+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"customfield_10023":null,"labels":[],"customfield_10026":null,"customfield_10016":null,"customfield_10017":"grey","customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tb3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:34.964+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3032/watchers","watchCount":1,"isWatching":true},"created":"2025-05-24T12:35:23.801+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"customfield_10023":null,"labels":[],"customfield_10026":null,"customfield_10016":null,"customfield_10017":"green","customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ov:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:23.929+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/332]\n\n*Defect - Dojo link:* http://localhost:8080/finding/332 (332)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/377]\n\n*Defect + Dojo link:* http://localhost:8080/finding/377 (377)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/121]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/130]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -709,15 +709,15 @@ interactions: for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10011":"Zap2: Cookie Without Secure Flag","customfield_10056":null,"customfield_10012":{"self":"https://defectdojo.atlassian.net/rest/api/2/customFieldOption/10016","value":"To - Do","id":"10016"},"customfield_10013":"ghx-label-12","customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10049":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"aggregatetimeestimate":null,"attachment":[],"customfield_10009":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10048":null,"customfield_10004":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1893/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18281/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Do","id":"10016"},"customfield_10013":"ghx-label-6","customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10049":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"aggregatetimeestimate":null,"attachment":[],"customfield_10009":null,"summary":"Zap2: + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10048":null,"customfield_10004":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3032/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19704/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 1e082183-d900-44ff-b4e7-6a99a351f543 + - 02a17cff-05e2-492c-95a4-dcd6cfe359ea Atl-Traceid: - - 1e082183d90044ffb4e76a99a351f543 + - 02a17cff05e2492c95a4dcd6cfe359ea Cache-Control: - no-cache, no-store, no-transform Connection: @@ -727,7 +727,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:35 GMT + - Sat, 24 May 2025 10:35:24 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -737,7 +737,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="KikHThxoPO-1VMkYMXLxkF5UjQjFVOt8vsHj1hmYmysU3SrtLOkOvg==",cdn-downstream-fbl;dur=357,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=354,atl-edge;dur=267,atl-edge-internal;dur=15,atl-edge-upstream;dur=252,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=231,atl-edge;dur=223,atl-edge-internal;dur=19,atl-edge-upstream;dur=205,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="isHRVI1JSOKuh7YjT8yr6j19EspLCBKjfntcoL4uOxTTzXu9Ld58gw==",cdn-downstream-fbl;dur=234 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -747,15 +747,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a9a3eef6ee6df44793fb3d5e366a7238.cloudfront.net (CloudFront) + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - KikHThxoPO-1VMkYMXLxkF5UjQjFVOt8vsHj1hmYmysU3SrtLOkOvg== + - isHRVI1JSOKuh7YjT8yr6j19EspLCBKjfntcoL4uOxTTzXu9Ld58gw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 364bb5bb767d761153775d5d99a91369 + - 6d607704b6977c9477944215493fda3c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -781,20 +781,20 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18281 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19704 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18281","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18281","key":"NTEST-1893","fields":{"statuscategorychangedate":"2025-04-30T18:28:35.157+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10000","id":"10000","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19704","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19704","key":"NTEST-3032","fields":{"statuscategorychangedate":"2025-05-24T12:35:24.142+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10000","id":"10000","description":"A big user story that needs to be broken down. Created by Jira Software - do not edit or delete.","iconUrl":"https://defectdojo.atlassian.net/images/icons/issuetypes/epic.svg","name":"Epic","subtask":false,"hierarchyLevel":1},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"fixVersions":[],"customfield_10033":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1893/watchers","watchCount":1,"isWatching":true},"created":"2025-04-30T18:28:34.855+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"customfield_10023":null,"labels":[],"customfield_10026":null,"customfield_10016":null,"customfield_10017":"grey","customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tb3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:34.964+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"aggregatetimespent":null,"resolution":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"lastViewed":null,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3032/watchers","watchCount":1,"isWatching":true},"created":"2025-05-24T12:35:23.801+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"customfield_10023":null,"labels":[],"customfield_10026":null,"customfield_10016":null,"customfield_10017":"green","customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010ov:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:23.929+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/332]\n\n*Defect - Dojo link:* http://localhost:8080/finding/332 (332)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/377]\n\n*Defect + Dojo link:* http://localhost:8080/finding/377 (377)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/121]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/130]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -803,15 +803,15 @@ interactions: for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10011":"Zap2: Cookie Without Secure Flag","customfield_10056":null,"customfield_10012":{"self":"https://defectdojo.atlassian.net/rest/api/2/customFieldOption/10016","value":"To - Do","id":"10016"},"customfield_10013":"ghx-label-12","customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10049":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"aggregatetimeestimate":null,"attachment":[],"customfield_10009":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10048":null,"customfield_10004":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1893/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18281/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Do","id":"10016"},"customfield_10013":"ghx-label-6","customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10049":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"aggregatetimeestimate":null,"attachment":[],"customfield_10009":null,"summary":"Zap2: + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10047":null,"customfield_10003":null,"customfield_10048":null,"customfield_10004":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3032/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19704/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 62bc0e50-2109-441f-9272-18f311c3b564 + - 74b5b767-6253-4ab9-aa97-1af56216ba26 Atl-Traceid: - - 62bc0e502109441f927218f311c3b564 + - 74b5b76762534ab9aa971af56216ba26 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -821,7 +821,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:36 GMT + - Sat, 24 May 2025 10:35:24 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -831,7 +831,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=273,atl-edge;dur=240,atl-edge-internal;dur=15,atl-edge-upstream;dur=225,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="WjR853BifEHGZ_WoZ2yUHUynZtxjPM4xLY7XQj-c2WwVM4WJ140euA==",cdn-downstream-fbl;dur=278 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="dt48JrZ8QKYJoQfoXZCeR7z92x4T_5bmWBucYYtqULHBM7CoaKAbrg==",cdn-downstream-fbl;dur=217,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=214,atl-edge;dur=206,atl-edge-internal;dur=14,atl-edge-upstream;dur=192,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -841,15 +841,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - WjR853BifEHGZ_WoZ2yUHUynZtxjPM4xLY7XQj-c2WwVM4WJ140euA== + - dt48JrZ8QKYJoQfoXZCeR7z92x4T_5bmWBucYYtqULHBM7CoaKAbrg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 43719126ec8130ab1de6c1b2f01672fa + - 5d6940fb190f007687725c9a3c82861b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -862,14 +862,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/121", "url_api": "http://localhost:8080/api/v2/tests/121/", + "http://localhost:8080/test/130", "url_api": "http://localhost:8080/api/v2/tests/130/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 121, "url_ui": "http://localhost:8080/test/121", "url_api": "http://localhost:8080/api/v2/tests/121/"}}' + 130, "url_ui": "http://localhost:8080/test/130", "url_api": "http://localhost:8080/api/v2/tests/130/"}}' headers: Accept: - application/json @@ -884,7 +884,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -898,13 +898,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:51418\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:33142\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/121\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/121/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/130\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/130/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -912,8 +912,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 121, \\\"url_ui\\\": \\\"http://localhost:8080/test/121\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/121/\\\"}}\",\n \"files\": + null, \\\"id\\\": 130, \\\"url_ui\\\": \\\"http://localhost:8080/test/130\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/130/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -923,11 +923,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 121,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/121/\",\n - \ \"url_ui\": \"http://localhost:8080/test/121\"\n },\n \"title\": + 130,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/130/\",\n + \ \"url_ui\": \"http://localhost:8080/test/130\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/121/\",\n \"url_ui\": - \"http://localhost:8080/test/121\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/130/\",\n \"url_ui\": + \"http://localhost:8080/test/130\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -936,7 +936,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:36 GMT + - Sat, 24 May 2025 10:35:24 GMT Transfer-Encoding: - chunked status: @@ -945,19 +945,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/121", "url_api": "http://localhost:8080/api/v2/tests/121/", + "url_ui": "http://localhost:8080/test/130", "url_api": "http://localhost:8080/api/v2/tests/130/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 121, "url_ui": "http://localhost:8080/test/121", "url_api": "http://localhost:8080/api/v2/tests/121/"}, - "finding_count": 2, "findings": {"new": [{"id": 331, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/331", - "url_api": "http://localhost:8080/api/v2/findings/331/"}, {"id": 332, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/332", - "url_api": "http://localhost:8080/api/v2/findings/332/"}], "reactivated": [], + 130, "url_ui": "http://localhost:8080/test/130", "url_api": "http://localhost:8080/api/v2/tests/130/"}, + "finding_count": 2, "findings": {"new": [{"id": 376, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/376", + "url_api": "http://localhost:8080/api/v2/findings/376/"}, {"id": 377, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/377", + "url_api": "http://localhost:8080/api/v2/findings/377/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -973,7 +973,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -987,51 +987,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:51426\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:33150\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/121\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/121/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/130\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/130/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 121, \\\"url_ui\\\": \\\"http://localhost:8080/test/121\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/121/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 331, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 130, \\\"url_ui\\\": \\\"http://localhost:8080/test/130\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/130/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 376, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/331\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/331/\\\"}, - {\\\"id\\\": 332, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/332\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/332/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/376\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/376/\\\"}, + {\\\"id\\\": 377, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/377\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/377/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 331,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/331/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/331\"\n },\n - \ {\n \"id\": 332,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/332/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/332\"\n }\n ],\n + \ \"id\": 376,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/376/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/376\"\n },\n + \ {\n \"id\": 377,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/377/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/377\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 121,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/121/\",\n - \ \"url_ui\": \"http://localhost:8080/test/121\"\n },\n \"title\": + 130,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/130/\",\n + \ \"url_ui\": \"http://localhost:8080/test/130\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/121/\",\n - \ \"url_ui\": \"http://localhost:8080/test/121\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/130/\",\n + \ \"url_ui\": \"http://localhost:8080/test/130\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1041,7 +1041,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:36 GMT + - Sat, 24 May 2025 10:35:24 GMT Transfer-Encoding: - chunked status: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_is_false.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_is_false.yaml index 3e771a608e0..3abcfc3fc2b 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_is_false.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_is_false.yaml @@ -2,14 +2,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/122", "url_api": "http://localhost:8080/api/v2/tests/122/", + "http://localhost:8080/test/131", "url_api": "http://localhost:8080/api/v2/tests/131/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 122, "url_ui": "http://localhost:8080/test/122", "url_api": "http://localhost:8080/api/v2/tests/122/"}}' + 131, "url_ui": "http://localhost:8080/test/131", "url_api": "http://localhost:8080/api/v2/tests/131/"}}' headers: Accept: - application/json @@ -24,7 +24,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -38,13 +38,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:51440\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:33152\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/122\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/122/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/131\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/131/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -52,8 +52,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 122, \\\"url_ui\\\": \\\"http://localhost:8080/test/122\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/122/\\\"}}\",\n \"files\": + null, \\\"id\\\": 131, \\\"url_ui\\\": \\\"http://localhost:8080/test/131\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/131/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -63,11 +63,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 122,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/122/\",\n - \ \"url_ui\": \"http://localhost:8080/test/122\"\n },\n \"title\": + 131,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/131/\",\n + \ \"url_ui\": \"http://localhost:8080/test/131\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/122/\",\n \"url_ui\": - \"http://localhost:8080/test/122\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/131/\",\n \"url_ui\": + \"http://localhost:8080/test/131\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -76,7 +76,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:36 GMT + - Sat, 24 May 2025 10:35:24 GMT Transfer-Encoding: - chunked status: @@ -85,19 +85,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/122", "url_api": "http://localhost:8080/api/v2/tests/122/", + "url_ui": "http://localhost:8080/test/131", "url_api": "http://localhost:8080/api/v2/tests/131/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 122, "url_ui": "http://localhost:8080/test/122", "url_api": "http://localhost:8080/api/v2/tests/122/"}, - "finding_count": 2, "findings": {"new": [{"id": 333, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/333", - "url_api": "http://localhost:8080/api/v2/findings/333/"}, {"id": 334, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/334", - "url_api": "http://localhost:8080/api/v2/findings/334/"}], "reactivated": [], + 131, "url_ui": "http://localhost:8080/test/131", "url_api": "http://localhost:8080/api/v2/tests/131/"}, + "finding_count": 2, "findings": {"new": [{"id": 378, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/378", + "url_api": "http://localhost:8080/api/v2/findings/378/"}, {"id": 379, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/379", + "url_api": "http://localhost:8080/api/v2/findings/379/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -113,7 +113,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -127,51 +127,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:51456\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:33156\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/122\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/122/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/131\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/131/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 122, \\\"url_ui\\\": \\\"http://localhost:8080/test/122\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/122/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 333, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 131, \\\"url_ui\\\": \\\"http://localhost:8080/test/131\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/131/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 378, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/333\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/333/\\\"}, - {\\\"id\\\": 334, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/334\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/334/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/378\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/378/\\\"}, + {\\\"id\\\": 379, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/379\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/379/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 333,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/333/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/333\"\n },\n - \ {\n \"id\": 334,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/334/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/334\"\n }\n ],\n + \ \"id\": 378,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/378/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/378\"\n },\n + \ {\n \"id\": 379,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/379/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/379\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 122,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/122/\",\n - \ \"url_ui\": \"http://localhost:8080/test/122\"\n },\n \"title\": + 131,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/131/\",\n + \ \"url_ui\": \"http://localhost:8080/test/131\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/122/\",\n - \ \"url_ui\": \"http://localhost:8080/test/122\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/131/\",\n + \ \"url_ui\": \"http://localhost:8080/test/131\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -181,7 +181,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:36 GMT + - Sat, 24 May 2025 10:35:24 GMT Transfer-Encoding: - chunked status: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_is_false_but_push_all.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_is_false_but_push_all.yaml index 139493fe1f5..12b39b606d3 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_is_false_but_push_all.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_is_false_but_push_all.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:36.874+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:25.369+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - d992a220-1d86-4935-9a52-6e1cc51414ae + - bda4801f-3d0e-485e-9de5-f58fbb5635ff Atl-Traceid: - - d992a2201d8649359a526e1cc51414ae + - bda4801f3d0e485e9de5f58fbb5635ff Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:36 GMT + - Sat, 24 May 2025 10:35:25 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="Blr8fZuM5AxqAJFa_9DTseCKHJrqoZrJmGl5FU9G3oD9Q0K3cduvEg==",cdn-downstream-fbl;dur=250,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=68,cdn-upstream-fbl;dur=247,atl-edge;dur=155,atl-edge-internal;dur=15,atl-edge-upstream;dur=140,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=169,atl-edge;dur=162,atl-edge-internal;dur=15,atl-edge-upstream;dur=147,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Bfgf_HHsVeic9QzUVDYj87qgJlWYkCsLpT7T4osEiw0u3-CChIi74g==",cdn-downstream-fbl;dur=173 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 57f0537bdb26692a5be92bbbe93e4ea2.cloudfront.net (CloudFront) + - 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Blr8fZuM5AxqAJFa_9DTseCKHJrqoZrJmGl5FU9G3oD9Q0K3cduvEg== + - Bfgf_HHsVeic9QzUVDYj87qgJlWYkCsLpT7T4osEiw0u3-CChIi74g== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 742652b39844b9bf07cae1d0dcc7d80c + - 1f76e4c72a55fe2519b32307da19b107 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 56dc45d7-38bd-46cf-be95-c8ff565958a9 + - b5401859-605b-4f53-869c-b0aa0f758f7a Atl-Traceid: - - 56dc45d738bd46cfbe95c8ff565958a9 + - b5401859605b4f53869cb0aa0f758f7a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:37 GMT + - Sat, 24 May 2025 10:35:25 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="TgSjaDfdyf_V9ikthbUt0yx1jEsUBmKvAJ0Ssh-rlQk2De-Yu50VzQ==",cdn-downstream-fbl;dur=359,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=56,cdn-upstream-fbl;dur=356,atl-edge;dur=281,atl-edge-internal;dur=16,atl-edge-upstream;dur=265,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=262,atl-edge;dur=254,atl-edge-internal;dur=16,atl-edge-upstream;dur=239,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="bXuVRR-azyp_CQffKlrhedzTGFmpajebSKSrzgc6I4NAPoWQNm-f9A==",cdn-downstream-fbl;dur=267 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 05df0d22c8cc3d4b946b6f2dc43d6b9c.cloudfront.net (CloudFront) + - 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - TgSjaDfdyf_V9ikthbUt0yx1jEsUBmKvAJ0Ssh-rlQk2De-Yu50VzQ== + - bXuVRR-azyp_CQffKlrhedzTGFmpajebSKSrzgc6I4NAPoWQNm-f9A== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 5923138c9dfb6d110617d38a9deabbeb + - 55a2cebc503bda521c3f5cd49d8037f7 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -155,11 +155,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/335]\n\n*Defect - Dojo link:* http://localhost:8080/finding/335 (335)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/380]\n\n*Defect + Dojo link:* http://localhost:8080/finding/380 (380)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/123]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/132]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -177,7 +177,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -186,12 +186,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18283","key":"NTEST-1894","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18283"}' + string: '{"id":"19705","key":"NTEST-3033","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19705"}' headers: Atl-Request-Id: - - 39473f85-6652-4295-ad5e-c5bcde5623b1 + - b20c1f70-064b-4596-ac2c-94e11fce45eb Atl-Traceid: - - 39473f8566524295ad5ec5bcde5623b1 + - b20c1f70064b4596ac2c94e11fce45eb Cache-Control: - no-cache, no-store, no-transform Connection: @@ -199,7 +199,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:38 GMT + - Sat, 24 May 2025 10:35:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -209,7 +209,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="OJ9r04HzXpDS6yUyAtNqkYqcSizAdsrHQHxlbLg4kkK5oNgYzPZUOg==",cdn-downstream-fbl;dur=807,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=77,cdn-upstream-fbl;dur=804,atl-edge;dur=704,atl-edge-internal;dur=17,atl-edge-upstream;dur=687,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=635,atl-edge;dur=627,atl-edge-internal;dur=19,atl-edge-upstream;dur=608,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ws_kkWD0NwA6U38bBEr3fJOMe_DtJeIpaimf0D20QGIMDTn5mFAt3w==",cdn-downstream-fbl;dur=639 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -219,15 +219,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 16bedbdd3b6cf84254f58a51bce00b14.cloudfront.net (CloudFront) + - 1.1 0e12b175c31e0e750266df78bf0e1068.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - OJ9r04HzXpDS6yUyAtNqkYqcSizAdsrHQHxlbLg4kkK5oNgYzPZUOg== + - ws_kkWD0NwA6U38bBEr3fJOMe_DtJeIpaimf0D20QGIMDTn5mFAt3w== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 6d6fcf7a7fe3ea26b6c137469eaccdad + - 1512f6f2fc100e2b164dd731abb04309 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -253,19 +253,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1894 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3033 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18283","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18283","key":"NTEST-1894","fields":{"statuscategorychangedate":"2025-04-30T18:28:38.430+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19705","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19705","key":"NTEST-3033","fields":{"statuscategorychangedate":"2025-05-24T12:35:26.401+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1894/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:38.144+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tbb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:38.224+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3033/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:26.133+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010p3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:26.203+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/335]\n\n*Defect - Dojo link:* http://localhost:8080/finding/335 (335)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/380]\n\n*Defect + Dojo link:* http://localhost:8080/finding/380 (380)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/123]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/132]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -273,14 +273,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1894/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18283/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3033/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19705/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 8673ee58-1a10-4ebf-8685-db93b5a13df1 + - b9562b1b-903e-460f-b2ac-a843953a283c Atl-Traceid: - - 8673ee581a104ebf8685db93b5a13df1 + - b9562b1b903e460fb2aca843953a283c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -290,7 +290,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:39 GMT + - Sat, 24 May 2025 10:35:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -300,7 +300,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=18,cdn-upstream-fbl;dur=345,atl-edge;dur=270,atl-edge-internal;dur=14,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="jBRO6liul-rb8RD30xxVb9kG45B9x_--IB-bbAjzi5ZTDeIVAPJWeQ==",cdn-downstream-fbl;dur=349 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Ur7g0kCOD-6OgubHWeu7v7oJhEIPFDPT_7fl840RzmiF9XW7hh8Bmw==",cdn-downstream-fbl;dur=270,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=18,cdn-upstream-fbl;dur=267,atl-edge;dur=240,atl-edge-internal;dur=16,atl-edge-upstream;dur=225,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -310,15 +310,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 13926aef629bc9518d9ad769185e8c4e.cloudfront.net (CloudFront) + - 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - jBRO6liul-rb8RD30xxVb9kG45B9x_--IB-bbAjzi5ZTDeIVAPJWeQ== + - Ur7g0kCOD-6OgubHWeu7v7oJhEIPFDPT_7fl840RzmiF9XW7hh8Bmw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 57c5bf75de905b5700ddd72b82f5a8fe + - 56b58e1bf1cb9476d4c1c2fe08964f07 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -344,19 +344,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18283 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19705 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18283","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18283","key":"NTEST-1894","fields":{"statuscategorychangedate":"2025-04-30T18:28:38.430+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19705","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19705","key":"NTEST-3033","fields":{"statuscategorychangedate":"2025-05-24T12:35:26.401+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1894/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:38.144+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tbb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:38.224+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3033/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:26.133+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010p3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:26.203+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/335]\n\n*Defect - Dojo link:* http://localhost:8080/finding/335 (335)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/380]\n\n*Defect + Dojo link:* http://localhost:8080/finding/380 (380)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/123]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/132]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -364,14 +364,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1894/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18283/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3033/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19705/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - e9351a19-da5b-459b-8f98-77dc10cd58d1 + - 57512f8b-44ea-4c6c-b0f1-47da31aa1a77 Atl-Traceid: - - e9351a19da5b459b8f9877dc10cd58d1 + - 57512f8b44ea4c6cb0f147da31aa1a77 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -381,7 +381,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:39 GMT + - Sat, 24 May 2025 10:35:27 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -391,7 +391,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="gnm5_WqNM3e6PY_Pd7AiBVE8Fj6uNk_Afkbd6QRMr1swDHmSn_5IFg==",cdn-downstream-fbl;dur=327,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=55,cdn-upstream-fbl;dur=325,atl-edge;dur=250,atl-edge-internal;dur=14,atl-edge-upstream;dur=236,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=248,atl-edge;dur=241,atl-edge-internal;dur=14,atl-edge-upstream;dur=227,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="jBU7O42X_JwOuC0eU2_DlPFjNk5FnSlsu96F7kiFySpytLQJIgk0Lg==",cdn-downstream-fbl;dur=252 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -401,15 +401,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 471c951325b4c2c11c6c583a1d28e92a.cloudfront.net (CloudFront) + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - gnm5_WqNM3e6PY_Pd7AiBVE8Fj6uNk_Afkbd6QRMr1swDHmSn_5IFg== + - jBU7O42X_JwOuC0eU2_DlPFjNk5FnSlsu96F7kiFySpytLQJIgk0Lg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - c851f3ae4bf1cbff97296bea7267ef8b + - f2ed7ab343814c7ea1f644351f41a251 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -438,12 +438,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:40.076+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:27.391+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - d149a81a-2fb9-4c51-8429-d77302726453 + - 7eda30a6-ad52-4919-a968-58a22da553dc Atl-Traceid: - - d149a81a2fb94c518429d77302726453 + - 7eda30a6ad524919a96858a22da553dc Cache-Control: - no-cache, no-store, no-transform Connection: @@ -453,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:40 GMT + - Sat, 24 May 2025 10:35:27 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -463,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="KCINUVBon2DWsRLRsom_3zMXj61eCXc0mjN4SmODWvG8sm_OMGhlKg==",cdn-downstream-fbl;dur=229,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=67,cdn-upstream-fbl;dur=226,atl-edge;dur=136,atl-edge-internal;dur=14,atl-edge-upstream;dur=123,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="GIEZS41G-JJEVefbA8KBEklSFQgt-tBwtbbTG9akrr-Pxzh0PzPBlA==",cdn-downstream-fbl;dur=141,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=139,atl-edge;dur=110,atl-edge-internal;dur=14,atl-edge-upstream;dur=96,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -473,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 595c26368a4c8eede29e4b5da7206efc.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - KCINUVBon2DWsRLRsom_3zMXj61eCXc0mjN4SmODWvG8sm_OMGhlKg== + - GIEZS41G-JJEVefbA8KBEklSFQgt-tBwtbbTG9akrr-Pxzh0PzPBlA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - b2bb2b87ce4d0bb1c9d72b02aafd49b6 + - bfcb7356b60b365a5f45291fa4845e95 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -519,9 +519,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 6e23cefd-e95d-4a4c-9bfc-da53ab898516 + - 6e5fabbd-c60f-4f8c-baac-6cd6ac9f657a Atl-Traceid: - - 6e23cefde95d4a4c9bfcda53ab898516 + - 6e5fabbdc60f4f8cbaac6cd6ac9f657a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -531,7 +531,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:40 GMT + - Sat, 24 May 2025 10:35:27 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -541,7 +541,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=282,atl-edge;dur=250,atl-edge-internal;dur=13,atl-edge-upstream;dur=236,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="_SHDrCclqBvkOyw79vj44_K6F5mQqHR3OzClEFuTfVo0xvtKkMlWyA==",cdn-downstream-fbl;dur=286 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=299,atl-edge;dur=291,atl-edge-internal;dur=16,atl-edge-upstream;dur=275,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="rDdthL_kF8aGiZ3YPYQoBmLG1ylEaCh8JMl4nIkWCS1HmjrIh27SnA==",cdn-downstream-fbl;dur=303 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -551,18 +551,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 800cba2437ee092ab9e4755c65d34a72.cloudfront.net (CloudFront) + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - _SHDrCclqBvkOyw79vj44_K6F5mQqHR3OzClEFuTfVo0xvtKkMlWyA== + - rDdthL_kF8aGiZ3YPYQoBmLG1ylEaCh8JMl4nIkWCS1HmjrIh27SnA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c72451ff81e673606d1b8e0815da1c90 + - c39235742e4163e6cabd52b1afc91e1a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -575,11 +575,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/336]\n\n*Defect - Dojo link:* http://localhost:8080/finding/336 (336)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/381]\n\n*Defect + Dojo link:* http://localhost:8080/finding/381 (381)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/123]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/132]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -597,7 +597,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -606,12 +606,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18285","key":"NTEST-1895","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18285"}' + string: '{"id":"19706","key":"NTEST-3034","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19706"}' headers: Atl-Request-Id: - - 7cb5bcd1-e1ed-423c-b241-bac57e955ab7 + - 8586dd27-367e-422d-b227-f5d09c85b657 Atl-Traceid: - - 7cb5bcd1e1ed423cb241bac57e955ab7 + - 8586dd27367e422db227f5d09c85b657 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -619,7 +619,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:41 GMT + - Sat, 24 May 2025 10:35:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -629,7 +629,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=741,atl-edge;dur=719,atl-edge-internal;dur=20,atl-edge-upstream;dur=700,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="dsFh0fZFXvmQMpg0NloJ9ViNKCPpDL5QUdqFPQQvOeLdel3erFjhqQ==",cdn-downstream-fbl;dur=746 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=633,atl-edge;dur=625,atl-edge-internal;dur=15,atl-edge-upstream;dur=611,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="FAmE8jPjXEqycvzTCvd9Sqb21HUtgNSI72NTsSbHP7gM0MQgsnXjwQ==",cdn-downstream-fbl;dur=637 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -639,15 +639,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 7b64a70fe0edcfd6cd8e281be975ea8a.cloudfront.net (CloudFront) + - 1.1 1a89beee9d72657437f5e91f57220804.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - dsFh0fZFXvmQMpg0NloJ9ViNKCPpDL5QUdqFPQQvOeLdel3erFjhqQ== + - FAmE8jPjXEqycvzTCvd9Sqb21HUtgNSI72NTsSbHP7gM0MQgsnXjwQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 0895250a73dc7fc49fc2436f896b98b7 + - 55e3654988e6361cc78c98e3bcad12e8 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -673,19 +673,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1895 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3034 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18285","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18285","key":"NTEST-1895","fields":{"statuscategorychangedate":"2025-04-30T18:28:41.315+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19706","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19706","key":"NTEST-3034","fields":{"statuscategorychangedate":"2025-05-24T12:35:28.434+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1895/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:41.014+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tbj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:41.090+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3034/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:28.142+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010pb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:28.211+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/336]\n\n*Defect - Dojo link:* http://localhost:8080/finding/336 (336)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/381]\n\n*Defect + Dojo link:* http://localhost:8080/finding/381 (381)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/123]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/132]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -693,14 +693,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1895/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18285/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3034/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19706/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - da0ee09c-64c3-47d3-9583-66d1d7c3047f + - 3e9c94ca-da55-4a88-877a-931c29486a37 Atl-Traceid: - - da0ee09c64c347d3958366d1d7c3047f + - 3e9c94cada554a88877a931c29486a37 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -710,7 +710,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:41 GMT + - Sat, 24 May 2025 10:35:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -720,7 +720,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="-vKQRO6KQa3-hrfea6RauNsKvIy_pr0OKJidrQEqa3DGGjkROPUp8Q==",cdn-downstream-fbl;dur=398,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=53,cdn-upstream-fbl;dur=395,atl-edge;dur=323,atl-edge-internal;dur=16,atl-edge-upstream;dur=307,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=216,atl-edge;dur=208,atl-edge-internal;dur=15,atl-edge-upstream;dur=193,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="IoIWsHwvlB9iqDHTavuLSv10UkyNm6iivW6cwDZhVOZgV31gd2UQIA==",cdn-downstream-fbl;dur=219 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -730,15 +730,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f6567fa2210130239a3a2c737c9517ac.cloudfront.net (CloudFront) + - 1.1 9835af751c15612a813bbc131d2ce1e6.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - -vKQRO6KQa3-hrfea6RauNsKvIy_pr0OKJidrQEqa3DGGjkROPUp8Q== + - IoIWsHwvlB9iqDHTavuLSv10UkyNm6iivW6cwDZhVOZgV31gd2UQIA== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 92d182c20fe22e49418d399f52e00c8b + - 13e418c4a04c6fdbfa8e35475f47c8b8 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -764,19 +764,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18285 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19706 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18285","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18285","key":"NTEST-1895","fields":{"statuscategorychangedate":"2025-04-30T18:28:41.315+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19706","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19706","key":"NTEST-3034","fields":{"statuscategorychangedate":"2025-05-24T12:35:28.434+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1895/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:41.014+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tbj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:41.090+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3034/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:28.142+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010pb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:28.211+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/336]\n\n*Defect - Dojo link:* http://localhost:8080/finding/336 (336)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/381]\n\n*Defect + Dojo link:* http://localhost:8080/finding/381 (381)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/123]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/132]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -784,14 +784,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1895/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18285/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3034/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19706/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - fb5865f3-35de-4a05-9b4e-88bcebe2ff34 + - 12124feb-1d2d-4080-887a-14f3469a1620 Atl-Traceid: - - fb5865f335de4a059b4e88bcebe2ff34 + - 12124feb1d2d4080887a14f3469a1620 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -801,7 +801,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:42 GMT + - Sat, 24 May 2025 10:35:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -811,7 +811,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="7dcPdecRuWgX3MNiw_u4SIDRC8WN4r7FPvnE-CufCXVRwbbGMwyaww==",cdn-downstream-fbl;dur=300,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=298,atl-edge;dur=278,atl-edge-internal;dur=15,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=208,atl-edge;dur=201,atl-edge-internal;dur=16,atl-edge-upstream;dur=186,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="qCAR0Z4flCssO-NL9VUWah9w19BmvaqJ4qLphraX2KZuLjzodokFUg==",cdn-downstream-fbl;dur=213 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -821,15 +821,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c973663b623c0e82cd366d5ae7837bf4.cloudfront.net (CloudFront) + - 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 7dcPdecRuWgX3MNiw_u4SIDRC8WN4r7FPvnE-CufCXVRwbbGMwyaww== + - qCAR0Z4flCssO-NL9VUWah9w19BmvaqJ4qLphraX2KZuLjzodokFUg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - f4a8654b5d30aeb0be30a04c8c0dd1a7 + - f30ce9dab5b36f1640ae9c08e11c72d1 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -842,14 +842,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/123", "url_api": "http://localhost:8080/api/v2/tests/123/", + "http://localhost:8080/test/132", "url_api": "http://localhost:8080/api/v2/tests/132/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 123, "url_ui": "http://localhost:8080/test/123", "url_api": "http://localhost:8080/api/v2/tests/123/"}}' + 132, "url_ui": "http://localhost:8080/test/132", "url_api": "http://localhost:8080/api/v2/tests/132/"}}' headers: Accept: - application/json @@ -864,7 +864,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -878,13 +878,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:42266\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:33160\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/123\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/123/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/132\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/132/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -892,8 +892,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 123, \\\"url_ui\\\": \\\"http://localhost:8080/test/123\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/123/\\\"}}\",\n \"files\": + null, \\\"id\\\": 132, \\\"url_ui\\\": \\\"http://localhost:8080/test/132\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/132/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -903,11 +903,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 123,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/123/\",\n - \ \"url_ui\": \"http://localhost:8080/test/123\"\n },\n \"title\": + 132,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/132/\",\n + \ \"url_ui\": \"http://localhost:8080/test/132\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/123/\",\n \"url_ui\": - \"http://localhost:8080/test/123\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/132/\",\n \"url_ui\": + \"http://localhost:8080/test/132\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -916,7 +916,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:42 GMT + - Sat, 24 May 2025 10:35:28 GMT Transfer-Encoding: - chunked status: @@ -925,19 +925,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/123", "url_api": "http://localhost:8080/api/v2/tests/123/", + "url_ui": "http://localhost:8080/test/132", "url_api": "http://localhost:8080/api/v2/tests/132/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 123, "url_ui": "http://localhost:8080/test/123", "url_api": "http://localhost:8080/api/v2/tests/123/"}, - "finding_count": 2, "findings": {"new": [{"id": 335, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/335", - "url_api": "http://localhost:8080/api/v2/findings/335/"}, {"id": 336, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/336", - "url_api": "http://localhost:8080/api/v2/findings/336/"}], "reactivated": [], + 132, "url_ui": "http://localhost:8080/test/132", "url_api": "http://localhost:8080/api/v2/tests/132/"}, + "finding_count": 2, "findings": {"new": [{"id": 380, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/380", + "url_api": "http://localhost:8080/api/v2/findings/380/"}, {"id": 381, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/381", + "url_api": "http://localhost:8080/api/v2/findings/381/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -953,7 +953,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -967,51 +967,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:42272\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:33168\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/123\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/123/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/132\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/132/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 123, \\\"url_ui\\\": \\\"http://localhost:8080/test/123\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/123/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 335, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 132, \\\"url_ui\\\": \\\"http://localhost:8080/test/132\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/132/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 380, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/335\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/335/\\\"}, - {\\\"id\\\": 336, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/336\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/336/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/380\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/380/\\\"}, + {\\\"id\\\": 381, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/381\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/381/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 335,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/335/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/335\"\n },\n - \ {\n \"id\": 336,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/336/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/336\"\n }\n ],\n + \ \"id\": 380,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/380/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/380\"\n },\n + \ {\n \"id\": 381,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/381/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/381\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 123,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/123/\",\n - \ \"url_ui\": \"http://localhost:8080/test/123\"\n },\n \"title\": + 132,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/132/\",\n + \ \"url_ui\": \"http://localhost:8080/test/132\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/123/\",\n - \ \"url_ui\": \"http://localhost:8080/test/123\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/132/\",\n + \ \"url_ui\": \"http://localhost:8080/test/132\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1021,7 +1021,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:42 GMT + - Sat, 24 May 2025 10:35:28 GMT Transfer-Encoding: - chunked status: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_false.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_false.yaml index d5221c5f294..d06becdedda 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_false.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_false.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:42.909+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:29.391+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 4267798e-17aa-4482-9750-d1a02157218d + - 5398b9cb-96e9-4adc-96cf-8c82e71e7a30 Atl-Traceid: - - 4267798e17aa44829750d1a02157218d + - 5398b9cb96e94adc96cf8c82e71e7a30 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:42 GMT + - Sat, 24 May 2025 10:35:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=224,atl-edge;dur=191,atl-edge-internal;dur=14,atl-edge-upstream;dur=177,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="HBgdbXBBm631l1D8RKOeokADHOEoS60-042FJT5ncowoL5krupK_Hw==",cdn-downstream-fbl;dur=228 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=110,atl-edge;dur=102,atl-edge-internal;dur=14,atl-edge-upstream;dur=88,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="XcTVlqJ6Tm4ahJ7HLOeovB7zcJwTl2VUjmK5aCeyDZcBsVyyUs9Ndw==",cdn-downstream-fbl;dur=114 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a78d8f4a6ccd81221651cd6112d5330a.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - HBgdbXBBm631l1D8RKOeokADHOEoS60-042FJT5ncowoL5krupK_Hw== + - XcTVlqJ6Tm4ahJ7HLOeovB7zcJwTl2VUjmK5aCeyDZcBsVyyUs9Ndw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 85fbc8cc369e67c60245560519a9c5b2 + - 8cef9dd18ca6dc08cf006f8ab36c8ceb X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 0e67a6f3-3658-44fd-a5b2-0faa901ca98b + - 055b5d72-2a33-43a5-af1d-cfb66097ad74 Atl-Traceid: - - 0e67a6f3365844fda5b20faa901ca98b + - 055b5d722a3343a5af1dcfb66097ad74 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:43 GMT + - Sat, 24 May 2025 10:35:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=362,atl-edge;dur=330,atl-edge-internal;dur=15,atl-edge-upstream;dur=315,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="ZOQbZlj0c0i0j-lpm5RVaRwm0LNPDC4ZTuxTLbqfanm2zBF8nYo43A==",cdn-downstream-fbl;dur=366 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=236,atl-edge;dur=228,atl-edge-internal;dur=16,atl-edge-upstream;dur=213,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="t5d6iLwRYp896vRzy91ZjQmAYToOuZ-8M4reZFzj9UjMMzQlkeNE4w==",cdn-downstream-fbl;dur=240 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c7697b9c4955dc41900ab918dddd33e0.cloudfront.net (CloudFront) + - 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ZOQbZlj0c0i0j-lpm5RVaRwm0LNPDC4ZTuxTLbqfanm2zBF8nYo43A== + - t5d6iLwRYp896vRzy91ZjQmAYToOuZ-8M4reZFzj9UjMMzQlkeNE4w== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - f96e3f486d7610d623b33d98d1149a8c + - fedb9f3ef6be295bc591c38f15fcbd80 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -155,11 +155,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/337]\n\n*Defect - Dojo link:* http://localhost:8080/finding/337 (337)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/382]\n\n*Defect + Dojo link:* http://localhost:8080/finding/382 (382)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/124]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/133]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -177,7 +177,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -186,12 +186,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18287","key":"NTEST-1896","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18287"}' + string: '{"id":"19707","key":"NTEST-3035","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19707"}' headers: Atl-Request-Id: - - 834a9439-db65-4abd-9697-46c4ac33c820 + - a7c5b982-c711-4b11-b68a-53e2f72d25fa Atl-Traceid: - - 834a9439db654abd969746c4ac33c820 + - a7c5b982c7114b11b68a53e2f72d25fa Cache-Control: - no-cache, no-store, no-transform Connection: @@ -199,7 +199,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:44 GMT + - Sat, 24 May 2025 10:35:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -209,7 +209,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="IBNvbcofP8rdRf7R7ULpnM9zOloEF9nVrmB5HJEexgjQswe_7d469w==",cdn-downstream-fbl;dur=755,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=752,atl-edge;dur=668,atl-edge-internal;dur=17,atl-edge-upstream;dur=651,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=620,atl-edge;dur=613,atl-edge-internal;dur=18,atl-edge-upstream;dur=596,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="O_xBu38ZRs-fqCi-DU5O8It9dkykiPBzUFVLG5S3X8bRo7RPNAIeLQ==",cdn-downstream-fbl;dur=624 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -219,15 +219,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b376080c70ff0aef5ae83cd4d75e16d0.cloudfront.net (CloudFront) + - 1.1 b6cf988ed9428ad8492255f2faaacfdc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - IBNvbcofP8rdRf7R7ULpnM9zOloEF9nVrmB5HJEexgjQswe_7d469w== + - O_xBu38ZRs-fqCi-DU5O8It9dkykiPBzUFVLG5S3X8bRo7RPNAIeLQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 4e974f3cd6f892a5de87833ac4136255 + - 35d3eb57b2c28199f1b0b67da5a3c2a1 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -253,19 +253,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1896 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3035 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18287","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18287","key":"NTEST-1896","fields":{"statuscategorychangedate":"2025-04-30T18:28:44.206+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19707","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19707","key":"NTEST-3035","fields":{"statuscategorychangedate":"2025-05-24T12:35:30.356+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1896/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:43.910+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tbr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:43.989+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3035/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:30.097+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010pj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:30.170+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/337]\n\n*Defect - Dojo link:* http://localhost:8080/finding/337 (337)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/382]\n\n*Defect + Dojo link:* http://localhost:8080/finding/382 (382)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/124]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/133]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -273,14 +273,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1896/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18287/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3035/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19707/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - c1786e54-9c5a-4dd9-80ab-f6cb3829fb28 + - d4ef3223-e0fb-4bfc-8de3-7216e7b6e13e Atl-Traceid: - - c1786e549c5a4dd980abf6cb3829fb28 + - d4ef3223e0fb4bfc8de37216e7b6e13e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -290,7 +290,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:44 GMT + - Sat, 24 May 2025 10:35:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -300,7 +300,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="MQyTCyn4P2LMgyVtXwgVBAPemY_7PS75P-54AJNn5pEbv5wrSRztkA==",cdn-downstream-fbl;dur=273,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=270,atl-edge;dur=245,atl-edge-internal;dur=15,atl-edge-upstream;dur=231,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=221,atl-edge;dur=214,atl-edge-internal;dur=18,atl-edge-upstream;dur=195,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="iLsvWEtDtoeKGInMRq0bXlTZwrpiXSVZf05YeonC5bsNThqSKg8a6Q==",cdn-downstream-fbl;dur=224 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -310,15 +310,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 51e6f466f192ce588105b138cebcc0d0.cloudfront.net (CloudFront) + - 1.1 97eaba44803576cf9f5d9993fc05ccee.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - MQyTCyn4P2LMgyVtXwgVBAPemY_7PS75P-54AJNn5pEbv5wrSRztkA== + - iLsvWEtDtoeKGInMRq0bXlTZwrpiXSVZf05YeonC5bsNThqSKg8a6Q== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - b2656e6c230d3427c0b233389d00b6eb + - f99dcb3c586ecdf242f98754e09341e1 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -344,19 +344,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18287 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19707 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18287","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18287","key":"NTEST-1896","fields":{"statuscategorychangedate":"2025-04-30T18:28:44.206+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19707","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19707","key":"NTEST-3035","fields":{"statuscategorychangedate":"2025-05-24T12:35:30.356+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1896/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:43.910+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tbr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:43.989+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3035/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:30.097+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010pj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:30.170+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/337]\n\n*Defect - Dojo link:* http://localhost:8080/finding/337 (337)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/382]\n\n*Defect + Dojo link:* http://localhost:8080/finding/382 (382)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/124]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/133]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -364,14 +364,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1896/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18287/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3035/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19707/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - d3b8aa48-5185-41ad-8d54-4135b6631b3a + - eef5d2b5-2c99-4b9e-a422-82af1886965a Atl-Traceid: - - d3b8aa48518541ad8d544135b6631b3a + - eef5d2b52c994b9ea42282af1886965a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -381,7 +381,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:45 GMT + - Sat, 24 May 2025 10:35:31 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -391,7 +391,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=279,atl-edge;dur=247,atl-edge-internal;dur=14,atl-edge-upstream;dur=232,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="HTBGZnCAlzTDLqAhCqy4jLOIv4snaPB9djMPOdX5WTfyGL_KCYSDTw==",cdn-downstream-fbl;dur=284 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=6,cdn-upstream-fbl;dur=279,atl-edge;dur=249,atl-edge-internal;dur=20,atl-edge-upstream;dur=230,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="S51RWN-zwzP1kpJzTzMYjvFr4WPv9-AVN-W3VNM_TDGHSZwBdvQsRQ==",cdn-downstream-fbl;dur=282 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -401,15 +401,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 de5b26aba33b480d2b740b96a34fe916.cloudfront.net (CloudFront) + - 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - HTBGZnCAlzTDLqAhCqy4jLOIv4snaPB9djMPOdX5WTfyGL_KCYSDTw== + - S51RWN-zwzP1kpJzTzMYjvFr4WPv9-AVN-W3VNM_TDGHSZwBdvQsRQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - fcd57d24c5e8062644d9d80a2ba49d3b + - df87adb03ddb7fb02ccb6db170f44ed2 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -438,12 +438,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:45.731+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:31.308+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 2eaa84e8-b281-4aa9-ad87-ee113a55823d + - f3340ca2-f27e-476f-9041-85d8a3e269df Atl-Traceid: - - 2eaa84e8b2814aa9ad87ee113a55823d + - f3340ca2f27e476f904185d8a3e269df Cache-Control: - no-cache, no-store, no-transform Connection: @@ -453,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:45 GMT + - Sat, 24 May 2025 10:35:31 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -463,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=175,atl-edge;dur=141,atl-edge-internal;dur=13,atl-edge-upstream;dur=129,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="tiUkz6oB3f0g-p6w7Umb5fVvLZSwILLZ6mg0PdeeofR_4Q94GJ6OyA==",cdn-downstream-fbl;dur=180 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=117,atl-edge;dur=109,atl-edge-internal;dur=17,atl-edge-upstream;dur=93,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="HY2wg5Uo3dLvvRxleDjlIoQkSYNVNdLC5Jfk7yxsdF3h49mxh68eJA==",cdn-downstream-fbl;dur=122 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -473,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ad310b4d7c581c35032fa3fce068e53c.cloudfront.net (CloudFront) + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - tiUkz6oB3f0g-p6w7Umb5fVvLZSwILLZ6mg0PdeeofR_4Q94GJ6OyA== + - HY2wg5Uo3dLvvRxleDjlIoQkSYNVNdLC5Jfk7yxsdF3h49mxh68eJA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 97ac3136734f74bdc4129e52ed274ee2 + - dd794ba87bdebec532af7b280fdfa15e X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -519,9 +519,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 1cd59631-77a0-4583-b787-9ece098f4f39 + - b5e1ac39-6926-45c2-b679-f3ed405df175 Atl-Traceid: - - 1cd5963177a04583b7879ece098f4f39 + - b5e1ac39692645c2b679f3ed405df175 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -531,7 +531,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:46 GMT + - Sat, 24 May 2025 10:35:31 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -541,7 +541,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=415,atl-edge;dur=324,atl-edge-internal;dur=15,atl-edge-upstream;dur=309,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="gYe-L7qXUUSt4puh5zSg8yzMHJ7ajUbtv7UfqRfGEcx7rknI9zE3mA==",cdn-downstream-fbl;dur=419 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=258,atl-edge;dur=250,atl-edge-internal;dur=17,atl-edge-upstream;dur=233,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="A2-Gba67PxaHoBhe7Wcxw0eB0ZCgHZUBdvnOwJQXR2cy5MbHoRbQFg==",cdn-downstream-fbl;dur=261 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -551,18 +551,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 87d6d7b4889aec5ce2bf57d717a99d3c.cloudfront.net (CloudFront) + - 1.1 5de5e66003332bec09dff893114ac06c.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - gYe-L7qXUUSt4puh5zSg8yzMHJ7ajUbtv7UfqRfGEcx7rknI9zE3mA== + - A2-Gba67PxaHoBhe7Wcxw0eB0ZCgHZUBdvnOwJQXR2cy5MbHoRbQFg== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - eedd0c726ffc0090b67f2dfa4e888b9d + - 6e9b3fc3945fb9025bdbea33b5f6033c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -575,11 +575,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/338]\n\n*Defect - Dojo link:* http://localhost:8080/finding/338 (338)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/383]\n\n*Defect + Dojo link:* http://localhost:8080/finding/383 (383)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/124]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/133]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -597,7 +597,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -606,12 +606,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18289","key":"NTEST-1897","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18289"}' + string: '{"id":"19708","key":"NTEST-3036","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19708"}' headers: Atl-Request-Id: - - 0280ef58-59aa-4aae-9c31-91f7bab4645e + - e6bd7062-186c-4d9f-ab26-12c1e8475aa2 Atl-Traceid: - - 0280ef5859aa4aae9c3191f7bab4645e + - e6bd7062186c4d9fab2612c1e8475aa2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -619,7 +619,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:47 GMT + - Sat, 24 May 2025 10:35:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -629,7 +629,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="LlDp-R97-8zUzf3TUHIkqT0IELDNx2DmtRHB2mgysI-R85wrS5ZqQQ==",cdn-downstream-fbl;dur=797,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=793,atl-edge;dur=706,atl-edge-internal;dur=15,atl-edge-upstream;dur=691,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=708,atl-edge;dur=701,atl-edge-internal;dur=15,atl-edge-upstream;dur=686,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="dqp_f0bT9ryMeEE0kGEh-363EM2ccaAYZnCe3-iEWbN-Bc8vneL8Zw==",cdn-downstream-fbl;dur=712 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -639,15 +639,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3699bc5ea5aacbe1d32ebe3e874f0c68.cloudfront.net (CloudFront) + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - LlDp-R97-8zUzf3TUHIkqT0IELDNx2DmtRHB2mgysI-R85wrS5ZqQQ== + - dqp_f0bT9ryMeEE0kGEh-363EM2ccaAYZnCe3-iEWbN-Bc8vneL8Zw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 0896a0ba1c9f6575fffad62a17a4f82d + - 06e75ba45bf0d8d9ec49f726b674956a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -673,19 +673,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1897 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3036 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18289","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18289","key":"NTEST-1897","fields":{"statuscategorychangedate":"2025-04-30T18:28:47.191+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19708","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19708","key":"NTEST-3036","fields":{"statuscategorychangedate":"2025-05-24T12:35:32.361+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1897/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:46.897+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tbz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:46.978+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3036/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:32.033+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010pr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:32.116+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/338]\n\n*Defect - Dojo link:* http://localhost:8080/finding/338 (338)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/383]\n\n*Defect + Dojo link:* http://localhost:8080/finding/383 (383)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/124]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/133]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -693,14 +693,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1897/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18289/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3036/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19708/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 1c3f3c1b-f021-4592-8a92-69542d4a0b06 + - c9ad3ece-1f3e-44d1-a406-ea910b80e431 Atl-Traceid: - - 1c3f3c1bf02145928a9269542d4a0b06 + - c9ad3ece1f3e44d1a406ea910b80e431 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -710,7 +710,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:47 GMT + - Sat, 24 May 2025 10:35:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -720,7 +720,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=313,atl-edge;dur=280,atl-edge-internal;dur=16,atl-edge-upstream;dur=264,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="nh2-Ew46-ydcHRIMaSGdz6pOKxaPu8R55k1D-oWA944XJag_YwUYjg==",cdn-downstream-fbl;dur=318 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=232,atl-edge;dur=225,atl-edge-internal;dur=16,atl-edge-upstream;dur=210,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="hKezK081hbfeOh-DRD7f59UynS1Oy8cn5tVvtlZfrEupmMnoNSrcYQ==",cdn-downstream-fbl;dur=236 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -730,15 +730,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 d45e064f8c3e1035d136019303749e0e.cloudfront.net (CloudFront) + - 1.1 5de5e66003332bec09dff893114ac06c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - nh2-Ew46-ydcHRIMaSGdz6pOKxaPu8R55k1D-oWA944XJag_YwUYjg== + - hKezK081hbfeOh-DRD7f59UynS1Oy8cn5tVvtlZfrEupmMnoNSrcYQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - f6be88eb1026de5bb0823e9d01da3273 + - 902ab5dbb4abc79931875282bf4be21c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -764,19 +764,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18289 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19708 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18289","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18289","key":"NTEST-1897","fields":{"statuscategorychangedate":"2025-04-30T18:28:47.191+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19708","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19708","key":"NTEST-3036","fields":{"statuscategorychangedate":"2025-05-24T12:35:32.361+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1897/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:46.897+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tbz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:46.978+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3036/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:32.033+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010pr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:32.116+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/338]\n\n*Defect - Dojo link:* http://localhost:8080/finding/338 (338)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/383]\n\n*Defect + Dojo link:* http://localhost:8080/finding/383 (383)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/124]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/133]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -784,14 +784,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1897/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18289/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3036/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19708/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 950ef7dc-6c68-41a1-adb2-d25ac5a944e5 + - f24e8024-f426-4d19-aedc-79d6f0861b6b Atl-Traceid: - - 950ef7dc6c6841a1adb2d25ac5a944e5 + - f24e8024f4264d19aedc79d6f0861b6b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -801,7 +801,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:48 GMT + - Sat, 24 May 2025 10:35:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -811,7 +811,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="HphXcO0eaNxVmhT7GwZY6QJAm3jSEpK5Doo439Y1cIkJAUOADxI3Yg==",cdn-downstream-fbl;dur=423,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=95,cdn-upstream-fbl;dur=420,atl-edge;dur=293,atl-edge-internal;dur=16,atl-edge-upstream;dur=277,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=258,atl-edge;dur=251,atl-edge-internal;dur=16,atl-edge-upstream;dur=236,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Q0amkZvbt2Pt4C27Zyzi85iB1TWAAZ6qJChFvAz8hR-b0nuhGC1Qcw==",cdn-downstream-fbl;dur=262 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -821,15 +821,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 22067fb5d7eb764108747a104222f50a.cloudfront.net (CloudFront) + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - HphXcO0eaNxVmhT7GwZY6QJAm3jSEpK5Doo439Y1cIkJAUOADxI3Yg== + - Q0amkZvbt2Pt4C27Zyzi85iB1TWAAZ6qJChFvAz8hR-b0nuhGC1Qcw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c7baf634693707122d1163973926b469 + - 4cdf4fb6d12f20fb624b4313fc5685fc X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -842,14 +842,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/124", "url_api": "http://localhost:8080/api/v2/tests/124/", + "http://localhost:8080/test/133", "url_api": "http://localhost:8080/api/v2/tests/133/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 124, "url_ui": "http://localhost:8080/test/124", "url_api": "http://localhost:8080/api/v2/tests/124/"}}' + 133, "url_ui": "http://localhost:8080/test/133", "url_api": "http://localhost:8080/api/v2/tests/133/"}}' headers: Accept: - application/json @@ -864,7 +864,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -878,13 +878,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:57210\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:33184\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/124\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/124/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/133\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/133/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -892,8 +892,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 124, \\\"url_ui\\\": \\\"http://localhost:8080/test/124\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/124/\\\"}}\",\n \"files\": + null, \\\"id\\\": 133, \\\"url_ui\\\": \\\"http://localhost:8080/test/133\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/133/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -903,11 +903,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 124,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/124/\",\n - \ \"url_ui\": \"http://localhost:8080/test/124\"\n },\n \"title\": + 133,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/133/\",\n + \ \"url_ui\": \"http://localhost:8080/test/133\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/124/\",\n \"url_ui\": - \"http://localhost:8080/test/124\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/133/\",\n \"url_ui\": + \"http://localhost:8080/test/133\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -916,7 +916,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:48 GMT + - Sat, 24 May 2025 10:35:31 GMT Transfer-Encoding: - chunked status: @@ -925,19 +925,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/124", "url_api": "http://localhost:8080/api/v2/tests/124/", + "url_ui": "http://localhost:8080/test/133", "url_api": "http://localhost:8080/api/v2/tests/133/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 124, "url_ui": "http://localhost:8080/test/124", "url_api": "http://localhost:8080/api/v2/tests/124/"}, - "finding_count": 2, "findings": {"new": [{"id": 337, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/337", - "url_api": "http://localhost:8080/api/v2/findings/337/"}, {"id": 338, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/338", - "url_api": "http://localhost:8080/api/v2/findings/338/"}], "reactivated": [], + 133, "url_ui": "http://localhost:8080/test/133", "url_api": "http://localhost:8080/api/v2/tests/133/"}, + "finding_count": 2, "findings": {"new": [{"id": 382, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/382", + "url_api": "http://localhost:8080/api/v2/findings/382/"}, {"id": 383, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/383", + "url_api": "http://localhost:8080/api/v2/findings/383/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -953,7 +953,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -967,51 +967,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:57218\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:33188\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/124\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/124/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/133\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/133/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 124, \\\"url_ui\\\": \\\"http://localhost:8080/test/124\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/124/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 337, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 133, \\\"url_ui\\\": \\\"http://localhost:8080/test/133\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/133/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 382, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/337\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/337/\\\"}, - {\\\"id\\\": 338, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/338\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/338/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/382\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/382/\\\"}, + {\\\"id\\\": 383, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/383\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/383/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 337,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/337/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/337\"\n },\n - \ {\n \"id\": 338,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/338/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/338\"\n }\n ],\n + \ \"id\": 382,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/382/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/382\"\n },\n + \ {\n \"id\": 383,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/383/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/383\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 124,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/124/\",\n - \ \"url_ui\": \"http://localhost:8080/test/124\"\n },\n \"title\": + 133,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/133/\",\n + \ \"url_ui\": \"http://localhost:8080/test/133\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/124/\",\n - \ \"url_ui\": \"http://localhost:8080/test/124\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/133/\",\n + \ \"url_ui\": \"http://localhost:8080/test/133\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1021,7 +1021,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:48 GMT + - Sat, 24 May 2025 10:35:31 GMT Transfer-Encoding: - chunked status: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_true.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_true.yaml index 9d133ed438e..6b6c6ea12c0 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_true.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_not_verified_enforced_verified_globally_false_enforced_verified_jira_true.yaml @@ -2,14 +2,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/125", "url_api": "http://localhost:8080/api/v2/tests/125/", + "http://localhost:8080/test/134", "url_api": "http://localhost:8080/api/v2/tests/134/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 125, "url_ui": "http://localhost:8080/test/125", "url_api": "http://localhost:8080/api/v2/tests/125/"}}' + 134, "url_ui": "http://localhost:8080/test/134", "url_api": "http://localhost:8080/api/v2/tests/134/"}}' headers: Accept: - application/json @@ -24,7 +24,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -38,13 +38,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:57226\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:32890\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/125\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/125/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/134\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/134/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -52,8 +52,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 125, \\\"url_ui\\\": \\\"http://localhost:8080/test/125\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/125/\\\"}}\",\n \"files\": + null, \\\"id\\\": 134, \\\"url_ui\\\": \\\"http://localhost:8080/test/134\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/134/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -63,11 +63,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 125,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/125/\",\n - \ \"url_ui\": \"http://localhost:8080/test/125\"\n },\n \"title\": + 134,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/134/\",\n + \ \"url_ui\": \"http://localhost:8080/test/134\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/125/\",\n \"url_ui\": - \"http://localhost:8080/test/125\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/134/\",\n \"url_ui\": + \"http://localhost:8080/test/134\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -76,7 +76,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:48 GMT + - Sat, 24 May 2025 10:35:31 GMT Transfer-Encoding: - chunked status: @@ -85,19 +85,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/125", "url_api": "http://localhost:8080/api/v2/tests/125/", + "url_ui": "http://localhost:8080/test/134", "url_api": "http://localhost:8080/api/v2/tests/134/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 125, "url_ui": "http://localhost:8080/test/125", "url_api": "http://localhost:8080/api/v2/tests/125/"}, - "finding_count": 2, "findings": {"new": [{"id": 339, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/339", - "url_api": "http://localhost:8080/api/v2/findings/339/"}, {"id": 340, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/340", - "url_api": "http://localhost:8080/api/v2/findings/340/"}], "reactivated": [], + 134, "url_ui": "http://localhost:8080/test/134", "url_api": "http://localhost:8080/api/v2/tests/134/"}, + "finding_count": 2, "findings": {"new": [{"id": 384, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/384", + "url_api": "http://localhost:8080/api/v2/findings/384/"}, {"id": 385, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/385", + "url_api": "http://localhost:8080/api/v2/findings/385/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -113,7 +113,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -127,51 +127,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:57238\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:32904\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/125\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/125/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/134\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/134/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 125, \\\"url_ui\\\": \\\"http://localhost:8080/test/125\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/125/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 339, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 134, \\\"url_ui\\\": \\\"http://localhost:8080/test/134\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/134/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 384, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/339\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/339/\\\"}, - {\\\"id\\\": 340, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/340\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/340/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/384\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/384/\\\"}, + {\\\"id\\\": 385, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/385\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/385/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 339,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/339/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/339\"\n },\n - \ {\n \"id\": 340,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/340/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/340\"\n }\n ],\n + \ \"id\": 384,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/384/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/384\"\n },\n + \ {\n \"id\": 385,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/385/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/385\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 125,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/125/\",\n - \ \"url_ui\": \"http://localhost:8080/test/125\"\n },\n \"title\": + 134,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/134/\",\n + \ \"url_ui\": \"http://localhost:8080/test/134\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/125/\",\n - \ \"url_ui\": \"http://localhost:8080/test/125\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/134/\",\n + \ \"url_ui\": \"http://localhost:8080/test/134\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -181,7 +181,1910 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:48 GMT + - Sat, 24 May 2025 10:35:31 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:33.625+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 34d08be2-e4fc-497e-8d4f-ccc3a40f8ec1 + Atl-Traceid: + - 34d08be2e4fc497e8d4fccc3a40f8ec1 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:33 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=115,atl-edge;dur=108,atl-edge-internal;dur=14,atl-edge-upstream;dur=94,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="dPPJS_QoEjd8ZsjRnazAtwQVmWO4vvT0dxbbYCy5zUex7CgtWyBlrQ==",cdn-downstream-fbl;dur=120 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - dPPJS_QoEjd8ZsjRnazAtwQVmWO4vvT0dxbbYCy5zUex7CgtWyBlrQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 4d8de00d43dad7a53872d278082736c7 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 3bb40afe-f110-4c10-81d0-e6debb954755 + Atl-Traceid: + - 3bb40afef1104c1081d0e6debb954755 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:34 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=308,atl-edge;dur=301,atl-edge-internal;dur=17,atl-edge-upstream;dur=285,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="RvyRkczPOqTWWd0fyI6gzASMT3CGrJdnSfXHyUhzB2jKk2wXSij42g==",cdn-downstream-fbl;dur=313 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - RvyRkczPOqTWWd0fyI6gzASMT3CGrJdnSfXHyUhzB2jKk2wXSij42g== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 6636991bda574f61f644b98cad4f1f0f + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "CVE-2018-20839 - (Systemd, 237-3ubuntu10.29)", "description": "\n\n\n\n\n\n*Title*: + [CVE-2018-20839 - (Systemd, 237-3ubuntu10.29)|http://localhost:8080/finding/386]\n\n*Defect + Dojo link:* http://localhost:8080/finding/386 (386)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-20839|https://nvd.nist.gov/vuln/detail/CVE-2018-20839]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/135]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: systemd - 237-3ubuntu10.29\n\n\n\n\n\n\n\n*Description*:\nsystemd + 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext + passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 + and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) + check is mishandled.\n Vulnerable feature: systemd\n Vulnerable Versions: 237-3ubuntu10.29\n + Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2018-20839\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20839\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1351' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19709","key":"NTEST-3037","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19709"}' + headers: + Atl-Request-Id: + - dfb65e53-31d3-49a6-8368-ad0420e46e48 + Atl-Traceid: + - dfb65e5331d349a68368ad0420e46e48 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:34 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=693,atl-edge;dur=685,atl-edge-internal;dur=15,atl-edge-upstream;dur=670,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="bKDeF0e6mIYncDE5quB1CU8BgkV-mUJ_Nze6yJpoH0c2ShRBOQW-1w==",cdn-downstream-fbl;dur=695 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - bKDeF0e6mIYncDE5quB1CU8BgkV-mUJ_Nze6yJpoH0c2ShRBOQW-1w== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - aa4f975767531603477f8ad240bc1737 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3037 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19709","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19709","key":"NTEST-3037","fields":{"statuscategorychangedate":"2025-05-24T12:35:34.729+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3037/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:34.403+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010pz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:34.484+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2018-20839 - (Systemd, 237-3ubuntu10.29)|http://localhost:8080/finding/386]\n\n*Defect + Dojo link:* http://localhost:8080/finding/386 (386)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-20839|https://nvd.nist.gov/vuln/detail/CVE-2018-20839]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/135]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: systemd - 237-3ubuntu10.29\n\n\n\n\n\n\n\n*Description*:\nsystemd + 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext + passwords in certain circumstances, such as watching a shutdown, or using + Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current + keyboard mode) check is mishandled.\n Vulnerable feature: systemd\n Vulnerable + Versions: 237-3ubuntu10.29\n Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2018-20839\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20839\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2018-20839 + - (Systemd, 237-3ubuntu10.29)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3037/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19709/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 35e4d197-7281-47d4-8b04-c673debd9764 + Atl-Traceid: + - 35e4d197728147d48b04c673debd9764 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:35 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=251,atl-edge;dur=242,atl-edge-internal;dur=17,atl-edge-upstream;dur=226,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="CS40ygQONKfTHhVd1b6cSTWGTpfqwIW5XQYtbmyppo7fkK-4W4Thpw==",cdn-downstream-fbl;dur=255 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - CS40ygQONKfTHhVd1b6cSTWGTpfqwIW5XQYtbmyppo7fkK-4W4Thpw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 1a7e1acfb33f78c8b15d8f5f9ebee7ba + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19709 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19709","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19709","key":"NTEST-3037","fields":{"statuscategorychangedate":"2025-05-24T12:35:34.729+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3037/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:34.403+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010pz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:34.484+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2018-20839 - (Systemd, 237-3ubuntu10.29)|http://localhost:8080/finding/386]\n\n*Defect + Dojo link:* http://localhost:8080/finding/386 (386)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-20839|https://nvd.nist.gov/vuln/detail/CVE-2018-20839]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/135]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: systemd - 237-3ubuntu10.29\n\n\n\n\n\n\n\n*Description*:\nsystemd + 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext + passwords in certain circumstances, such as watching a shutdown, or using + Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current + keyboard mode) check is mishandled.\n Vulnerable feature: systemd\n Vulnerable + Versions: 237-3ubuntu10.29\n Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2018-20839\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20839\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2018-20839 + - (Systemd, 237-3ubuntu10.29)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3037/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19709/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 07b3efea-ed9e-475a-977d-fb2e53862df1 + Atl-Traceid: + - 07b3efeaed9e475a977dfb2e53862df1 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:35 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=255,atl-edge;dur=247,atl-edge-internal;dur=15,atl-edge-upstream;dur=232,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="HWdR1Sul--8JRKnQ2GPMYWsGBXpf85K9WeSzvJb_kV-xq1J11bqmYg==",cdn-downstream-fbl;dur=259 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 5de5e66003332bec09dff893114ac06c.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - HWdR1Sul--8JRKnQ2GPMYWsGBXpf85K9WeSzvJb_kV-xq1J11bqmYg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 947f21b302af8a301f085cce9b6e6906 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:35.666+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 03ced0b9-4a29-4cc1-a51d-01a98cd975b8 + Atl-Traceid: + - 03ced0b94a294cc1a51d01a98cd975b8 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:35 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=109,atl-edge;dur=102,atl-edge-internal;dur=14,atl-edge-upstream;dur=88,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="olHEWQBS8xGDCLg7wmwpugMNq2s37uk_kf92zN8gkf7YjOyjAlUrXw==",cdn-downstream-fbl;dur=114 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 c337a55bb25a3540411fbbf6c8ad1b46.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - olHEWQBS8xGDCLg7wmwpugMNq2s37uk_kf92zN8gkf7YjOyjAlUrXw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 68be522e364f386ed20df8543fd91c7d + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 8142a48c-9b7f-486a-aaeb-5bed0b3a3111 + Atl-Traceid: + - 8142a48c9b7f486aaaeb5bed0b3a3111 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:36 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="fBPzxwASuGxhZetARD4fzXaw5m1kAVUuvdELZWzNgxS-peow2aQrOQ==",cdn-downstream-fbl;dur=305,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=303,atl-edge;dur=274,atl-edge-internal;dur=15,atl-edge-upstream;dur=259,atl-edge-pop;desc="aws-eu-central-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 1a89beee9d72657437f5e91f57220804.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - fBPzxwASuGxhZetARD4fzXaw5m1kAVUuvdELZWzNgxS-peow2aQrOQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - d7138d0b13d155cf40866c3dd25f9f64 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)", "description": + "\n\n\n\n\n\n*Title*: [CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)|http://localhost:8080/finding/387]\n\n*Defect + Dojo link:* http://localhost:8080/finding/387 (387)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-5094|https://nvd.nist.gov/vuln/detail/CVE-2019-5094]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/135]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: e2fsprogs - 1.44.1-1ubuntu1.1\n\n\n\n\n\n\n\n*Description*:\nAn + exploitable code execution vulnerability exists in the quota file functionality + of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds + write on the heap, resulting in code execution. An attacker can corrupt a partition + to trigger this vulnerability.\n Vulnerable feature: e2fsprogs\n Vulnerable + Versions: 1.44.1-1ubuntu1.1\n Fixed by: 1.44.1-1ubuntu1.2\n Namespace: ubuntu:18.04\n + CVE: CVE-2019-5094\n\n\n*Mitigation*:\n1.44.1-1ubuntu1.2\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5094\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1416' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19710","key":"NTEST-3038","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19710"}' + headers: + Atl-Request-Id: + - 59c84ab9-68ce-404e-a512-f0f965d8c40a + Atl-Traceid: + - 59c84ab968ce404ea512f0f965d8c40a + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:36 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=715,atl-edge;dur=707,atl-edge-internal;dur=16,atl-edge-upstream;dur=691,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="PR6hdHc1XwfrXBeVVpjcDwygP_RkiaVea1iFRNYMngJqopWS-LsD3w==",cdn-downstream-fbl;dur=719 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - PR6hdHc1XwfrXBeVVpjcDwygP_RkiaVea1iFRNYMngJqopWS-LsD3w== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 1685cc88a53b033c491a907bde39df5f + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3038 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19710","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19710","key":"NTEST-3038","fields":{"statuscategorychangedate":"2025-05-24T12:35:36.760+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3038/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:36.438+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010q7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:36.521+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)|http://localhost:8080/finding/387]\n\n*Defect + Dojo link:* http://localhost:8080/finding/387 (387)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-5094|https://nvd.nist.gov/vuln/detail/CVE-2019-5094]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/135]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: e2fsprogs - 1.44.1-1ubuntu1.1\n\n\n\n\n\n\n\n*Description*:\nAn + exploitable code execution vulnerability exists in the quota file functionality + of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds + write on the heap, resulting in code execution. An attacker can corrupt a + partition to trigger this vulnerability.\n Vulnerable feature: e2fsprogs\n + Vulnerable Versions: 1.44.1-1ubuntu1.1\n Fixed by: 1.44.1-1ubuntu1.2\n Namespace: + ubuntu:18.04\n CVE: CVE-2019-5094\n\n\n*Mitigation*:\n1.44.1-1ubuntu1.2\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5094\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2019-5094 + - (E2fsprogs, 1.44.1-1ubuntu1.1)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3038/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19710/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - c958848d-92ad-416c-b4ab-2eca9567b25e + Atl-Traceid: + - c958848d92ad416cb4ab2eca9567b25e + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:37 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=329,atl-edge;dur=322,atl-edge-internal;dur=16,atl-edge-upstream;dur=307,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="cfVx_TjEooe96i2RALEjwXlfwwfjDQjViOXM9M4rV4LLj-Ih3OdjxA==",cdn-downstream-fbl;dur=333 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 13a0a1a7b326f5c854b35536576cfe0e.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - cfVx_TjEooe96i2RALEjwXlfwwfjDQjViOXM9M4rV4LLj-Ih3OdjxA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 2c994efc3d6ec106d91fd32bde49fc25 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19710 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19710","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19710","key":"NTEST-3038","fields":{"statuscategorychangedate":"2025-05-24T12:35:36.760+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3038/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:36.438+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010q7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:36.521+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)|http://localhost:8080/finding/387]\n\n*Defect + Dojo link:* http://localhost:8080/finding/387 (387)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-5094|https://nvd.nist.gov/vuln/detail/CVE-2019-5094]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/135]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: e2fsprogs - 1.44.1-1ubuntu1.1\n\n\n\n\n\n\n\n*Description*:\nAn + exploitable code execution vulnerability exists in the quota file functionality + of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds + write on the heap, resulting in code execution. An attacker can corrupt a + partition to trigger this vulnerability.\n Vulnerable feature: e2fsprogs\n + Vulnerable Versions: 1.44.1-1ubuntu1.1\n Fixed by: 1.44.1-1ubuntu1.2\n Namespace: + ubuntu:18.04\n CVE: CVE-2019-5094\n\n\n*Mitigation*:\n1.44.1-1ubuntu1.2\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5094\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2019-5094 + - (E2fsprogs, 1.44.1-1ubuntu1.1)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3038/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19710/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 153ca70b-f7da-4b36-84de-29d6940c66a8 + Atl-Traceid: + - 153ca70bf7da4b3684de29d6940c66a8 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:37 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=208,atl-edge;dur=201,atl-edge-internal;dur=17,atl-edge-upstream;dur=183,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="iBgTLARnmQJ4NpgIrz-7J2OI7LeKNNt6OdW5S-lzgwCgzN6T9GRu2A==",cdn-downstream-fbl;dur=212 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 e086ec27af2d3105a1a9fa7efa1be454.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - iBgTLARnmQJ4NpgIrz-7J2OI7LeKNNt6OdW5S-lzgwCgzN6T9GRu2A== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 68d172775fb0f1448ff62e5491524837 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:37.750+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 58b985c5-f8e1-4451-ae63-790b4b1ab0ff + Atl-Traceid: + - 58b985c5f8e14451ae63790b4b1ab0ff + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:37 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=121,atl-edge;dur=108,atl-edge-internal;dur=22,atl-edge-upstream;dur=91,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="JhWCEN74HK4iwYBWD0zdj9uVO1sJuwXmGmW2tZwn4EwV_Eb2qIZIfA==",cdn-downstream-fbl;dur=124 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 d0b402ca7e5fc6514bdd05f23e206b58.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - JhWCEN74HK4iwYBWD0zdj9uVO1sJuwXmGmW2tZwn4EwV_Eb2qIZIfA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 1649cedcea36b1bca1d5ee6e5616b5da + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 5dbd940d-abe5-403f-b4ce-36e1a2a78be9 + Atl-Traceid: + - 5dbd940dabe5403fb4ce36e1a2a78be9 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:38 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=260,atl-edge;dur=253,atl-edge-internal;dur=16,atl-edge-upstream;dur=237,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="UiN5RrqX4rI5jrqIW4Ieicm4GX9rtG3XVbeI73stlPN15KoGoTTwbQ==",cdn-downstream-fbl;dur=263 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 b0062bb33b961b53be87d688f2bdd9f8.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - UiN5RrqX4rI5jrqIW4Ieicm4GX9rtG3XVbeI73stlPN15KoGoTTwbQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 321afb87bb574ed166a02c164ab25331 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)", "description": "\n\n\n\n\n\n*Title*: + [CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)|http://localhost:8080/finding/388]\n\n*Defect + Dojo link:* http://localhost:8080/finding/388 (388)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-11236|https://nvd.nist.gov/vuln/detail/CVE-2018-11236]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/135]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: glibc - 2.27-3ubuntu1\n\n\n\n\n\n\n\n*Description*:\nstdlib/canonicalize.c + in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing + very long pathname arguments to the realpath function, could encounter an integer + overflow on 32-bit architectures, leading to a stack-based buffer overflow and, + potentially, arbitrary code execution.\n Vulnerable feature: glibc\n Vulnerable + Versions: 2.27-3ubuntu1\n Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2018-11236\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-11236\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1355' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19711","key":"NTEST-3039","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19711"}' + headers: + Atl-Request-Id: + - c38e39ef-6899-444d-9dbc-7f3ac105221a + Atl-Traceid: + - c38e39ef6899444d9dbc7f3ac105221a + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:38 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="8h-rLKxNiJHnBa5v426GnKCUhIQJS1Tdvg796r1Tj-wSB5jNNQg3tQ==",cdn-downstream-fbl;dur=644,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=641,atl-edge;dur=613,atl-edge-internal;dur=15,atl-edge-upstream;dur=599,atl-edge-pop;desc="aws-eu-central-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 1a89beee9d72657437f5e91f57220804.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 8h-rLKxNiJHnBa5v426GnKCUhIQJS1Tdvg796r1Tj-wSB5jNNQg3tQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 3352b5ca7d6b26e55848c84e5ae37fd2 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3039 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19711","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19711","key":"NTEST-3039","fields":{"statuscategorychangedate":"2025-05-24T12:35:38.733+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3039/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:38.472+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010qf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:38.542+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)|http://localhost:8080/finding/388]\n\n*Defect + Dojo link:* http://localhost:8080/finding/388 (388)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-11236|https://nvd.nist.gov/vuln/detail/CVE-2018-11236]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/135]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: glibc - 2.27-3ubuntu1\n\n\n\n\n\n\n\n*Description*:\nstdlib/canonicalize.c + in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing + very long pathname arguments to the realpath function, could encounter an + integer overflow on 32-bit architectures, leading to a stack-based buffer + overflow and, potentially, arbitrary code execution.\n Vulnerable feature: + glibc\n Vulnerable Versions: 2.27-3ubuntu1\n Fixed by: \n Namespace: ubuntu:18.04\n + CVE: CVE-2018-11236\n\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-11236\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2018-11236 + - (Glibc, 2.27-3ubuntu1)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3039/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19711/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 5c490937-7cf8-4127-b9e2-99b16a8a3a14 + Atl-Traceid: + - 5c4909377cf84127b9e299b16a8a3a14 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:39 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=225,atl-edge;dur=217,atl-edge-internal;dur=15,atl-edge-upstream;dur=202,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="TPRhPkfCHInqT2GHtzgsWAJZ7dHyZ22TIexpQK2XTyR-rvld-_9J-g==",cdn-downstream-fbl;dur=229 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - TPRhPkfCHInqT2GHtzgsWAJZ7dHyZ22TIexpQK2XTyR-rvld-_9J-g== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - bd9078107c74549dbf524ad18a7a5f0f + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19711 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19711","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19711","key":"NTEST-3039","fields":{"statuscategorychangedate":"2025-05-24T12:35:38.733+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3039/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:38.472+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010qf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:38.542+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)|http://localhost:8080/finding/388]\n\n*Defect + Dojo link:* http://localhost:8080/finding/388 (388)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-11236|https://nvd.nist.gov/vuln/detail/CVE-2018-11236]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/135]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: glibc - 2.27-3ubuntu1\n\n\n\n\n\n\n\n*Description*:\nstdlib/canonicalize.c + in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing + very long pathname arguments to the realpath function, could encounter an + integer overflow on 32-bit architectures, leading to a stack-based buffer + overflow and, potentially, arbitrary code execution.\n Vulnerable feature: + glibc\n Vulnerable Versions: 2.27-3ubuntu1\n Fixed by: \n Namespace: ubuntu:18.04\n + CVE: CVE-2018-11236\n\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-11236\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2018-11236 + - (Glibc, 2.27-3ubuntu1)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3039/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19711/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 77ceb6b0-ba68-4442-98f7-d34bbe18fe75 + Atl-Traceid: + - 77ceb6b0ba68444298f7d34bbe18fe75 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:39 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=245,atl-edge;dur=237,atl-edge-internal;dur=14,atl-edge-upstream;dur=224,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="sVtFQQ1dtWFCoWhwxgD8kPeMlpu66owLOTGsVVeS7Y5fmjuqy4qsgg==",cdn-downstream-fbl;dur=249 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 0e12b175c31e0e750266df78bf0e1068.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - sVtFQQ1dtWFCoWhwxgD8kPeMlpu66owLOTGsVVeS7Y5fmjuqy4qsgg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 4c5f5c56bf977ac4eb2e0a7b3b7f81ec + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:39.620+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - ade317aa-276a-42fb-80d4-745614fe1e20 + Atl-Traceid: + - ade317aa276a42fb80d4745614fe1e20 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:39 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=114,atl-edge;dur=106,atl-edge-internal;dur=15,atl-edge-upstream;dur=91,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="2HHStm-OB55HSj-J3HJ23FEvADAdbuBiFDZIcOOSabX98Tb3zBD6gQ==",cdn-downstream-fbl;dur=120 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 34833e1e6b760bb81603c4fa1e0bb5d6.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 2HHStm-OB55HSj-J3HJ23FEvADAdbuBiFDZIcOOSabX98Tb3zBD6gQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - f8f21b114b4022735c9b864bd5dbefbc + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 9b5bc984-332a-435c-b3b8-0954e6d42bbb + Atl-Traceid: + - 9b5bc984332a435cb3b80954e6d42bbb + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:39 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=283,atl-edge;dur=275,atl-edge-internal;dur=16,atl-edge-upstream;dur=260,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="QUr0unwzyj-C00mR2SyhQ_lIf-9c2ZntmSSuazoBlOL9fgWJLFkkRA==",cdn-downstream-fbl;dur=287 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - QUr0unwzyj-C00mR2SyhQ_lIf-9c2ZntmSSuazoBlOL9fgWJLFkkRA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 5a7f8939a63a0da236a438597de3b821 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)", "description": "\n\n\n\n\n\n*Title*: + [CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)|http://localhost:8080/finding/389]\n\n*Defect + Dojo link:* http://localhost:8080/finding/389 (389)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-13050|https://nvd.nist.gov/vuln/detail/CVE-2019-13050]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/135]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: gnupg2 - 2.2.4-1ubuntu1.2\n\n\n\n\n\n\n\n*Description*:\nInteraction + between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and + GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration + line referring to a host on the SKS keyserver network. Retrieving data from + this network may cause a persistent denial of service, because of a Certificate + Spamming Attack.\n Vulnerable feature: gnupg2\n Vulnerable Versions: 2.2.4-1ubuntu1.2\n + Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2019-13050\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-13050\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1413' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19712","key":"NTEST-3040","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19712"}' + headers: + Atl-Request-Id: + - b78018d9-62d6-4bf5-91d5-e31fdae28d60 + Atl-Traceid: + - b78018d962d64bf591d5e31fdae28d60 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:40 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=792,atl-edge;dur=785,atl-edge-internal;dur=15,atl-edge-upstream;dur=769,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="qOI4Q38dF0YUJCgExw0G0ZEInigyp4JiAAHJkPl0ZqMMnDbfdMQpIg==",cdn-downstream-fbl;dur=795 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - qOI4Q38dF0YUJCgExw0G0ZEInigyp4JiAAHJkPl0ZqMMnDbfdMQpIg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 8180dab1d0804a7d4ddb08e30f4e1f64 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3040 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19712","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19712","key":"NTEST-3040","fields":{"statuscategorychangedate":"2025-05-24T12:35:40.765+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3040/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:40.403+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010qn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:40.492+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)|http://localhost:8080/finding/389]\n\n*Defect + Dojo link:* http://localhost:8080/finding/389 (389)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-13050|https://nvd.nist.gov/vuln/detail/CVE-2019-13050]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/135]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: gnupg2 - 2.2.4-1ubuntu1.2\n\n\n\n\n\n\n\n*Description*:\nInteraction + between the sks-keyserver code through 1.2.0 of the SKS keyserver network, + and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration + line referring to a host on the SKS keyserver network. Retrieving data from + this network may cause a persistent denial of service, because of a Certificate + Spamming Attack.\n Vulnerable feature: gnupg2\n Vulnerable Versions: 2.2.4-1ubuntu1.2\n + Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2019-13050\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-13050\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2019-13050 + - (Gnupg2, 2.2.4-1ubuntu1.2)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3040/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19712/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 6eeff197-9848-473e-bc7d-398ed5769d3e + Atl-Traceid: + - 6eeff1979848473ebc7d398ed5769d3e + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:41 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=224,atl-edge;dur=217,atl-edge-internal;dur=21,atl-edge-upstream;dur=195,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="QK1yQ_C54_oIygpRcnV-ZqMVEW9RVnsgi4kfTVyWaZUON4saAbWyRg==",cdn-downstream-fbl;dur=228 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - QK1yQ_C54_oIygpRcnV-ZqMVEW9RVnsgi4kfTVyWaZUON4saAbWyRg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 5be1b599fd115890312390b4c9ee14b2 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19712 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19712","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19712","key":"NTEST-3040","fields":{"statuscategorychangedate":"2025-05-24T12:35:40.765+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3040/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:40.403+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010qn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:40.492+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)|http://localhost:8080/finding/389]\n\n*Defect + Dojo link:* http://localhost:8080/finding/389 (389)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-13050|https://nvd.nist.gov/vuln/detail/CVE-2019-13050]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/135]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: gnupg2 - 2.2.4-1ubuntu1.2\n\n\n\n\n\n\n\n*Description*:\nInteraction + between the sks-keyserver code through 1.2.0 of the SKS keyserver network, + and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration + line referring to a host on the SKS keyserver network. Retrieving data from + this network may cause a persistent denial of service, because of a Certificate + Spamming Attack.\n Vulnerable feature: gnupg2\n Vulnerable Versions: 2.2.4-1ubuntu1.2\n + Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2019-13050\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-13050\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2019-13050 + - (Gnupg2, 2.2.4-1ubuntu1.2)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3040/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19712/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 2c71c81f-1feb-4573-8c9d-b84f0cc03cce + Atl-Traceid: + - 2c71c81f1feb45738c9db84f0cc03cce + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:41 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=277,atl-edge;dur=270,atl-edge-internal;dur=16,atl-edge-upstream;dur=253,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="7b11BamsjEanDg-tEOPIg0DO3LlFaZwGNN9jSXYrWYTiGFMpI8u4Dw==",cdn-downstream-fbl;dur=281 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 7b11BamsjEanDg-tEOPIg0DO3LlFaZwGNN9jSXYrWYTiGFMpI8u4Dw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - d2a5bd532888b0ee401080649b126252 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"description": "Event test_added has occurred.", "title": "Test created + for Security How-to: 1st Quarter Engagement: Clair Scan", "user": null, "url_ui": + "http://localhost:8080/test/135", "url_api": "http://localhost:8080/api/v2/tests/135/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 135, "url_ui": "http://localhost:8080/test/135", "url_api": "http://localhost:8080/api/v2/tests/135/"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '845' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - test_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"845\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:32912\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for + Security How-to: 1st Quarter Engagement: Clair Scan\\\", \\\"user\\\": null, + \\\"url_ui\\\": \\\"http://localhost:8080/test/135\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/135/\\\", + \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": + \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, + \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": + \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, + \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": + 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": + null, \\\"id\\\": 135, \\\"url_ui\\\": \\\"http://localhost:8080/test/135\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/135/\\\"}}\",\n \"files\": + {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added + has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": + \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 135,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/135/\",\n + \ \"url_ui\": \"http://localhost:8080/test/135\"\n },\n \"title\": + \"Test created for Security How-to: 1st Quarter Engagement: Clair Scan\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/tests/135/\",\n \"url_ui\": + \"http://localhost:8080/test/135\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:35:39 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated + 4 findings for Security How-to: 1st Quarter Engagement: Clair Scan", "user": + null, "url_ui": "http://localhost:8080/test/135", "url_api": "http://localhost:8080/api/v2/tests/135/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 135, "url_ui": "http://localhost:8080/test/135", "url_api": "http://localhost:8080/api/v2/tests/135/"}, + "finding_count": 4, "findings": {"new": [{"id": 386, "title": "CVE-2018-20839 + - (Systemd, 237-3ubuntu10.29)", "severity": "Medium", "url_ui": "http://localhost:8080/finding/386", + "url_api": "http://localhost:8080/api/v2/findings/386/"}, {"id": 387, "title": + "CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)", "severity": "Medium", "url_ui": + "http://localhost:8080/finding/387", "url_api": "http://localhost:8080/api/v2/findings/387/"}, + {"id": 388, "title": "CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)", "severity": + "Medium", "url_ui": "http://localhost:8080/finding/388", "url_api": "http://localhost:8080/api/v2/findings/388/"}, + {"id": 389, "title": "CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)", "severity": + "Medium", "url_ui": "http://localhost:8080/finding/389", "url_api": "http://localhost:8080/api/v2/findings/389/"}], + "reactivated": [], "mitigated": [], "untouched": []}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '1735' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - scan_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"1735\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:32918\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated + 4 findings for Security How-to: 1st Quarter Engagement: Clair Scan\\\", \\\"user\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/135\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/135/\\\", \\\"product_type\\\": {\\\"name\\\": + \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 135, \\\"url_ui\\\": \\\"http://localhost:8080/test/135\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/135/\\\"}, \\\"finding_count\\\": + 4, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 386, \\\"title\\\": \\\"CVE-2018-20839 + - (Systemd, 237-3ubuntu10.29)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/386\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/386/\\\"}, + {\\\"id\\\": 387, \\\"title\\\": \\\"CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)\\\", + \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/387\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/387/\\\"}, {\\\"id\\\": + 388, \\\"title\\\": \\\"CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)\\\", \\\"severity\\\": + \\\"Medium\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/388\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/388/\\\"}, {\\\"id\\\": + 389, \\\"title\\\": \\\"CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)\\\", \\\"severity\\\": + \\\"Medium\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/389\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/389/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": + 4,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n + \ \"id\": 386,\n \"severity\": \"Medium\",\n \"title\": + \"CVE-2018-20839 - (Systemd, 237-3ubuntu10.29)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/386/\",\n \"url_ui\": \"http://localhost:8080/finding/386\"\n + \ },\n {\n \"id\": 387,\n \"severity\": \"Medium\",\n + \ \"title\": \"CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/387/\",\n \"url_ui\": + \"http://localhost:8080/finding/387\"\n },\n {\n \"id\": + 388,\n \"severity\": \"Medium\",\n \"title\": \"CVE-2018-11236 + - (Glibc, 2.27-3ubuntu1)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/388/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/388\"\n },\n + \ {\n \"id\": 389,\n \"severity\": \"Medium\",\n \"title\": + \"CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/389/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/389\"\n }\n ],\n + \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 135,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/135/\",\n + \ \"url_ui\": \"http://localhost:8080/test/135\"\n },\n \"title\": + \"Created/Updated 4 findings for Security How-to: 1st Quarter Engagement: + Clair Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/135/\",\n + \ \"url_ui\": \"http://localhost:8080/test/135\",\n \"user\": null\n + \ }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:35:39 GMT Transfer-Encoding: - chunked status: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_false.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_false.yaml index fca4f42ad86..f4fc3871673 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_false.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_false.yaml @@ -2,14 +2,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/126", "url_api": "http://localhost:8080/api/v2/tests/126/", + "http://localhost:8080/test/136", "url_api": "http://localhost:8080/api/v2/tests/136/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 126, "url_ui": "http://localhost:8080/test/126", "url_api": "http://localhost:8080/api/v2/tests/126/"}}' + 136, "url_ui": "http://localhost:8080/test/136", "url_api": "http://localhost:8080/api/v2/tests/136/"}}' headers: Accept: - application/json @@ -24,7 +24,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -38,13 +38,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:57240\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:32920\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/126\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/126/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/136\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/136/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -52,8 +52,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 126, \\\"url_ui\\\": \\\"http://localhost:8080/test/126\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/126/\\\"}}\",\n \"files\": + null, \\\"id\\\": 136, \\\"url_ui\\\": \\\"http://localhost:8080/test/136\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/136/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -63,11 +63,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 126,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/126/\",\n - \ \"url_ui\": \"http://localhost:8080/test/126\"\n },\n \"title\": + 136,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/136/\",\n + \ \"url_ui\": \"http://localhost:8080/test/136\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/126/\",\n \"url_ui\": - \"http://localhost:8080/test/126\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/136/\",\n \"url_ui\": + \"http://localhost:8080/test/136\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -76,7 +76,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:48 GMT + - Sat, 24 May 2025 10:35:39 GMT Transfer-Encoding: - chunked status: @@ -85,19 +85,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/126", "url_api": "http://localhost:8080/api/v2/tests/126/", + "url_ui": "http://localhost:8080/test/136", "url_api": "http://localhost:8080/api/v2/tests/136/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 126, "url_ui": "http://localhost:8080/test/126", "url_api": "http://localhost:8080/api/v2/tests/126/"}, - "finding_count": 2, "findings": {"new": [{"id": 341, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/341", - "url_api": "http://localhost:8080/api/v2/findings/341/"}, {"id": 342, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/342", - "url_api": "http://localhost:8080/api/v2/findings/342/"}], "reactivated": [], + 136, "url_ui": "http://localhost:8080/test/136", "url_api": "http://localhost:8080/api/v2/tests/136/"}, + "finding_count": 2, "findings": {"new": [{"id": 390, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/390", + "url_api": "http://localhost:8080/api/v2/findings/390/"}, {"id": 391, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/391", + "url_api": "http://localhost:8080/api/v2/findings/391/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -113,7 +113,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -127,51 +127,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:57250\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:32932\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/126\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/126/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/136\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/136/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 126, \\\"url_ui\\\": \\\"http://localhost:8080/test/126\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/126/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 341, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 136, \\\"url_ui\\\": \\\"http://localhost:8080/test/136\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/136/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 390, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/341\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/341/\\\"}, - {\\\"id\\\": 342, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/342\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/342/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/390\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/390/\\\"}, + {\\\"id\\\": 391, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/391\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/391/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 341,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/341/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/341\"\n },\n - \ {\n \"id\": 342,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/342/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/342\"\n }\n ],\n + \ \"id\": 390,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/390/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/390\"\n },\n + \ {\n \"id\": 391,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/391/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/391\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 126,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/126/\",\n - \ \"url_ui\": \"http://localhost:8080/test/126\"\n },\n \"title\": + 136,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/136/\",\n + \ \"url_ui\": \"http://localhost:8080/test/136\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/126/\",\n - \ \"url_ui\": \"http://localhost:8080/test/126\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/136/\",\n + \ \"url_ui\": \"http://localhost:8080/test/136\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -181,7 +181,1910 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:48 GMT + - Sat, 24 May 2025 10:35:39 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:42.198+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 20bb6fb0-8413-4c5b-9324-ff6d9cf3e31e + Atl-Traceid: + - 20bb6fb084134c5b9324ff6d9cf3e31e + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:42 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=120,atl-edge;dur=112,atl-edge-internal;dur=17,atl-edge-upstream;dur=96,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="WrQDX11vzkX6tNZ_VFS9fd9CdJEAUcEAz5dFxxcj9qe6ofJz9HCUwg==",cdn-downstream-fbl;dur=124 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - WrQDX11vzkX6tNZ_VFS9fd9CdJEAUcEAz5dFxxcj9qe6ofJz9HCUwg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 588458ee6ad97e053100d99eed2bf825 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 39ce4180-60c3-429e-bff3-4e657e6f5ba1 + Atl-Traceid: + - 39ce418060c3429ebff34e657e6f5ba1 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:42 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=282,atl-edge;dur=275,atl-edge-internal;dur=16,atl-edge-upstream;dur=259,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="EuFmdga3sm2vN-0sATzZ1D8Z4b87xlgV60xFvd_9_LDfPwCbGphvEA==",cdn-downstream-fbl;dur=285 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - EuFmdga3sm2vN-0sATzZ1D8Z4b87xlgV60xFvd_9_LDfPwCbGphvEA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 556f58b8c4f6b10579afd42154b1e1f1 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "CVE-2018-20839 - (Systemd, 237-3ubuntu10.29)", "description": "\n\n\n\n\n\n*Title*: + [CVE-2018-20839 - (Systemd, 237-3ubuntu10.29)|http://localhost:8080/finding/392]\n\n*Defect + Dojo link:* http://localhost:8080/finding/392 (392)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-20839|https://nvd.nist.gov/vuln/detail/CVE-2018-20839]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/137]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: systemd - 237-3ubuntu10.29\n\n\n\n\n\n\n\n*Description*:\nsystemd + 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext + passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 + and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) + check is mishandled.\n Vulnerable feature: systemd\n Vulnerable Versions: 237-3ubuntu10.29\n + Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2018-20839\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20839\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1351' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19713","key":"NTEST-3041","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19713"}' + headers: + Atl-Request-Id: + - 10844c2a-eea4-4e95-879e-e859f1ba0b96 + Atl-Traceid: + - 10844c2aeea44e95879ee859f1ba0b96 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:43 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=640,atl-edge;dur=633,atl-edge-internal;dur=19,atl-edge-upstream;dur=615,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="UlmN3a-4PTxkfDSZlnuKYZ8e5SKlfIY8yk8gr6_Sip0ijwG3HNvQwg==",cdn-downstream-fbl;dur=643 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 f5d6b2021b5a22554c0e7f5b20207324.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - UlmN3a-4PTxkfDSZlnuKYZ8e5SKlfIY8yk8gr6_Sip0ijwG3HNvQwg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 866a9be4d6e60ff5185c307c89ffddc7 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3041 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19713","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19713","key":"NTEST-3041","fields":{"statuscategorychangedate":"2025-05-24T12:35:43.209+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3041/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:42.917+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010qv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:42.995+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2018-20839 - (Systemd, 237-3ubuntu10.29)|http://localhost:8080/finding/392]\n\n*Defect + Dojo link:* http://localhost:8080/finding/392 (392)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-20839|https://nvd.nist.gov/vuln/detail/CVE-2018-20839]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/137]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: systemd - 237-3ubuntu10.29\n\n\n\n\n\n\n\n*Description*:\nsystemd + 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext + passwords in certain circumstances, such as watching a shutdown, or using + Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current + keyboard mode) check is mishandled.\n Vulnerable feature: systemd\n Vulnerable + Versions: 237-3ubuntu10.29\n Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2018-20839\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20839\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2018-20839 + - (Systemd, 237-3ubuntu10.29)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3041/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19713/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - e959d466-08c6-4dde-8c97-b8e4bf52db66 + Atl-Traceid: + - e959d46608c64dde8c97b8e4bf52db66 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:43 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=249,atl-edge;dur=242,atl-edge-internal;dur=15,atl-edge-upstream;dur=226,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="WDg0dyJY86vOTHb2fH1mBU-QrbUClQng_jBfhWxPBfc3URWd9tLXJw==",cdn-downstream-fbl;dur=252 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 f5d6b2021b5a22554c0e7f5b20207324.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - WDg0dyJY86vOTHb2fH1mBU-QrbUClQng_jBfhWxPBfc3URWd9tLXJw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 48d46893ad2a7af92dfc907e6551d1df + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19713 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19713","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19713","key":"NTEST-3041","fields":{"statuscategorychangedate":"2025-05-24T12:35:43.209+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3041/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:42.917+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010qv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:42.995+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2018-20839 - (Systemd, 237-3ubuntu10.29)|http://localhost:8080/finding/392]\n\n*Defect + Dojo link:* http://localhost:8080/finding/392 (392)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-20839|https://nvd.nist.gov/vuln/detail/CVE-2018-20839]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/137]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: systemd - 237-3ubuntu10.29\n\n\n\n\n\n\n\n*Description*:\nsystemd + 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext + passwords in certain circumstances, such as watching a shutdown, or using + Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current + keyboard mode) check is mishandled.\n Vulnerable feature: systemd\n Vulnerable + Versions: 237-3ubuntu10.29\n Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2018-20839\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20839\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2018-20839 + - (Systemd, 237-3ubuntu10.29)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3041/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19713/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - bcd9ecfb-b639-4b7e-a56d-ee989e0ca26f + Atl-Traceid: + - bcd9ecfbb6394b7ea56dee989e0ca26f + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:43 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=215,atl-edge;dur=208,atl-edge-internal;dur=15,atl-edge-upstream;dur=193,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="epPhdCOw1JvbZCgCQJ3H5CwsjtebEvAetzU0g6hIDmpW_5t43JOWXQ==",cdn-downstream-fbl;dur=220 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 ef674a9df28e4fc8d944ae07304fa954.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - epPhdCOw1JvbZCgCQJ3H5CwsjtebEvAetzU0g6hIDmpW_5t43JOWXQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - c590ae5e54fc3ba6c979784376127103 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:44.103+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 1039f038-91f1-4b5e-9ee5-5e57a8e6f776 + Atl-Traceid: + - 1039f03891f14b5e9ee55e57a8e6f776 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:44 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=107,atl-edge;dur=100,atl-edge-internal;dur=14,atl-edge-upstream;dur=86,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="pYh-wEAJpz3XV5bfjIAcrMP0esibkvAmKC4S3y02US2VV6nCNaegnw==",cdn-downstream-fbl;dur=112 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 c337a55bb25a3540411fbbf6c8ad1b46.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - pYh-wEAJpz3XV5bfjIAcrMP0esibkvAmKC4S3y02US2VV6nCNaegnw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 8cc0143a845d30e7ef3ff23bd608c33e + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - f0da9be5-9945-461e-923a-04ee1b8a6e0e + Atl-Traceid: + - f0da9be59945461e923a04ee1b8a6e0e + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:44 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=258,atl-edge;dur=251,atl-edge-internal;dur=16,atl-edge-upstream;dur=235,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="tXNxdaKD5SGCn4GpMyX7GvJzGbsAPO3CwRyyS71CSdiK1h-d8Eo3pQ==",cdn-downstream-fbl;dur=262 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - tXNxdaKD5SGCn4GpMyX7GvJzGbsAPO3CwRyyS71CSdiK1h-d8Eo3pQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - b8a9e5ce86c9da933fdd8658cbdc8b96 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)", "description": + "\n\n\n\n\n\n*Title*: [CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)|http://localhost:8080/finding/393]\n\n*Defect + Dojo link:* http://localhost:8080/finding/393 (393)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-5094|https://nvd.nist.gov/vuln/detail/CVE-2019-5094]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/137]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: e2fsprogs - 1.44.1-1ubuntu1.1\n\n\n\n\n\n\n\n*Description*:\nAn + exploitable code execution vulnerability exists in the quota file functionality + of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds + write on the heap, resulting in code execution. An attacker can corrupt a partition + to trigger this vulnerability.\n Vulnerable feature: e2fsprogs\n Vulnerable + Versions: 1.44.1-1ubuntu1.1\n Fixed by: 1.44.1-1ubuntu1.2\n Namespace: ubuntu:18.04\n + CVE: CVE-2019-5094\n\n\n*Mitigation*:\n1.44.1-1ubuntu1.2\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5094\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1416' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19714","key":"NTEST-3042","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19714"}' + headers: + Atl-Request-Id: + - 9a06c64c-6cbc-4311-b588-ca7da02b33aa + Atl-Traceid: + - 9a06c64c6cbc4311b588ca7da02b33aa + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:45 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=677,atl-edge;dur=669,atl-edge-internal;dur=15,atl-edge-upstream;dur=654,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="WhzeS7_YWa-m7LQ-Y5DjD1GhTWxrc4jjibXS2-asOids9o0EZDzYpA==",cdn-downstream-fbl;dur=682 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - WhzeS7_YWa-m7LQ-Y5DjD1GhTWxrc4jjibXS2-asOids9o0EZDzYpA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - ab3e23ab7000144d6cc4c6c864c4438c + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3042 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19714","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19714","key":"NTEST-3042","fields":{"statuscategorychangedate":"2025-05-24T12:35:45.100+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3042/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:44.770+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010r3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:44.850+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)|http://localhost:8080/finding/393]\n\n*Defect + Dojo link:* http://localhost:8080/finding/393 (393)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-5094|https://nvd.nist.gov/vuln/detail/CVE-2019-5094]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/137]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: e2fsprogs - 1.44.1-1ubuntu1.1\n\n\n\n\n\n\n\n*Description*:\nAn + exploitable code execution vulnerability exists in the quota file functionality + of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds + write on the heap, resulting in code execution. An attacker can corrupt a + partition to trigger this vulnerability.\n Vulnerable feature: e2fsprogs\n + Vulnerable Versions: 1.44.1-1ubuntu1.1\n Fixed by: 1.44.1-1ubuntu1.2\n Namespace: + ubuntu:18.04\n CVE: CVE-2019-5094\n\n\n*Mitigation*:\n1.44.1-1ubuntu1.2\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5094\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2019-5094 + - (E2fsprogs, 1.44.1-1ubuntu1.1)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3042/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19714/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 0e994648-c09c-490c-aafc-5a0a8396512f + Atl-Traceid: + - 0e994648c09c490caafc5a0a8396512f + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:45 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=239,atl-edge;dur=232,atl-edge-internal;dur=14,atl-edge-upstream;dur=218,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="2Bn60I4JJpNPfr4YTBUAC4dkLLFHCsHe_QhGJwAdgr4AaRb_4gPDKA==",cdn-downstream-fbl;dur=243 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 2Bn60I4JJpNPfr4YTBUAC4dkLLFHCsHe_QhGJwAdgr4AaRb_4gPDKA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 7b0183d8750f6a1567fe3e6c45e3af17 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19714 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19714","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19714","key":"NTEST-3042","fields":{"statuscategorychangedate":"2025-05-24T12:35:45.100+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3042/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:44.770+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010r3:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:44.850+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)|http://localhost:8080/finding/393]\n\n*Defect + Dojo link:* http://localhost:8080/finding/393 (393)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-5094|https://nvd.nist.gov/vuln/detail/CVE-2019-5094]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/137]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: e2fsprogs - 1.44.1-1ubuntu1.1\n\n\n\n\n\n\n\n*Description*:\nAn + exploitable code execution vulnerability exists in the quota file functionality + of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds + write on the heap, resulting in code execution. An attacker can corrupt a + partition to trigger this vulnerability.\n Vulnerable feature: e2fsprogs\n + Vulnerable Versions: 1.44.1-1ubuntu1.1\n Fixed by: 1.44.1-1ubuntu1.2\n Namespace: + ubuntu:18.04\n CVE: CVE-2019-5094\n\n\n*Mitigation*:\n1.44.1-1ubuntu1.2\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5094\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2019-5094 + - (E2fsprogs, 1.44.1-1ubuntu1.1)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3042/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19714/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 4e2c7f0a-f7c6-47cc-b666-261f31607676 + Atl-Traceid: + - 4e2c7f0af7c647ccb666261f31607676 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:45 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=222,atl-edge;dur=214,atl-edge-internal;dur=18,atl-edge-upstream;dur=197,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="OYIg36pdnVlyPUd3PSsyZmILpVRQHO2Jw_IAwyih6sPDvfxV-PWJww==",cdn-downstream-fbl;dur=227 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 0e12b175c31e0e750266df78bf0e1068.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - OYIg36pdnVlyPUd3PSsyZmILpVRQHO2Jw_IAwyih6sPDvfxV-PWJww== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - cca8a422d0b24c859ed52988bc3fc2d2 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:45.998+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 35e16d6a-0d8a-4554-a650-a00ddcf3e02a + Atl-Traceid: + - 35e16d6a0d8a4554a650a00ddcf3e02a + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:46 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=109,atl-edge;dur=101,atl-edge-internal;dur=15,atl-edge-upstream;dur=87,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Ad5tiwJmvXHWrq0LjG5UdLbrpYVJyIjTVBnIkA5w6ov8ineqh5AOSw==",cdn-downstream-fbl;dur=113 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - Ad5tiwJmvXHWrq0LjG5UdLbrpYVJyIjTVBnIkA5w6ov8ineqh5AOSw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - d232257528cc46ad6f68c5e035077b18 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 689b4506-6622-4117-b819-dba5f82eacec + Atl-Traceid: + - 689b450666224117b819dba5f82eacec + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:46 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=306,atl-edge;dur=299,atl-edge-internal;dur=15,atl-edge-upstream;dur=283,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="jmMyh-rBUmVglus7U_yGt_6mzgnnhfDRo0d3AqWlx-SfebUNCCKPQA==",cdn-downstream-fbl;dur=310 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - jmMyh-rBUmVglus7U_yGt_6mzgnnhfDRo0d3AqWlx-SfebUNCCKPQA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - f38fe7228a210d3befd4c3f5a4a55936 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)", "description": "\n\n\n\n\n\n*Title*: + [CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)|http://localhost:8080/finding/394]\n\n*Defect + Dojo link:* http://localhost:8080/finding/394 (394)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-11236|https://nvd.nist.gov/vuln/detail/CVE-2018-11236]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/137]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: glibc - 2.27-3ubuntu1\n\n\n\n\n\n\n\n*Description*:\nstdlib/canonicalize.c + in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing + very long pathname arguments to the realpath function, could encounter an integer + overflow on 32-bit architectures, leading to a stack-based buffer overflow and, + potentially, arbitrary code execution.\n Vulnerable feature: glibc\n Vulnerable + Versions: 2.27-3ubuntu1\n Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2018-11236\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-11236\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1355' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19715","key":"NTEST-3043","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19715"}' + headers: + Atl-Request-Id: + - f9067697-683d-474b-b6a1-93da31230f16 + Atl-Traceid: + - f9067697683d474bb6a193da31230f16 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:47 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=731,atl-edge;dur=724,atl-edge-internal;dur=15,atl-edge-upstream;dur=709,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Go5cI_NdL9XBs5yE_r9SpyYex_Iw4MI4HJ5tWtVC2BBUI8KjlRqIDQ==",cdn-downstream-fbl;dur=735 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - Go5cI_NdL9XBs5yE_r9SpyYex_Iw4MI4HJ5tWtVC2BBUI8KjlRqIDQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - e8a9794eeb95f171f5ac0122d4efcd5e + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3043 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19715","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19715","key":"NTEST-3043","fields":{"statuscategorychangedate":"2025-05-24T12:35:47.119+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3043/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:46.788+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010rb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:46.877+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)|http://localhost:8080/finding/394]\n\n*Defect + Dojo link:* http://localhost:8080/finding/394 (394)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-11236|https://nvd.nist.gov/vuln/detail/CVE-2018-11236]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/137]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: glibc - 2.27-3ubuntu1\n\n\n\n\n\n\n\n*Description*:\nstdlib/canonicalize.c + in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing + very long pathname arguments to the realpath function, could encounter an + integer overflow on 32-bit architectures, leading to a stack-based buffer + overflow and, potentially, arbitrary code execution.\n Vulnerable feature: + glibc\n Vulnerable Versions: 2.27-3ubuntu1\n Fixed by: \n Namespace: ubuntu:18.04\n + CVE: CVE-2018-11236\n\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-11236\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2018-11236 + - (Glibc, 2.27-3ubuntu1)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3043/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19715/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - d5ace2e4-1e8f-41fc-a0d4-43be62a1df97 + Atl-Traceid: + - d5ace2e41e8f41fca0d443be62a1df97 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:47 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=273,atl-edge;dur=265,atl-edge-internal;dur=17,atl-edge-upstream;dur=249,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="g6zHk0pFld59Z_8tdngXeeDM8NwpeHY7ahe2PJVXhTnIAk0xyvy4Dw==",cdn-downstream-fbl;dur=277 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - g6zHk0pFld59Z_8tdngXeeDM8NwpeHY7ahe2PJVXhTnIAk0xyvy4Dw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 9e5b5035adf04397de817e8ea5ad686d + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19715 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19715","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19715","key":"NTEST-3043","fields":{"statuscategorychangedate":"2025-05-24T12:35:47.119+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3043/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:46.788+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010rb:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:46.877+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)|http://localhost:8080/finding/394]\n\n*Defect + Dojo link:* http://localhost:8080/finding/394 (394)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-11236|https://nvd.nist.gov/vuln/detail/CVE-2018-11236]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/137]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: glibc - 2.27-3ubuntu1\n\n\n\n\n\n\n\n*Description*:\nstdlib/canonicalize.c + in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing + very long pathname arguments to the realpath function, could encounter an + integer overflow on 32-bit architectures, leading to a stack-based buffer + overflow and, potentially, arbitrary code execution.\n Vulnerable feature: + glibc\n Vulnerable Versions: 2.27-3ubuntu1\n Fixed by: \n Namespace: ubuntu:18.04\n + CVE: CVE-2018-11236\n\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-11236\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2018-11236 + - (Glibc, 2.27-3ubuntu1)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3043/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19715/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 9f021d3e-db92-4ee0-8907-9df54a7410a6 + Atl-Traceid: + - 9f021d3edb924ee089079df54a7410a6 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:47 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=238,atl-edge;dur=231,atl-edge-internal;dur=17,atl-edge-upstream;dur=214,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="q_ngdVLJyj9Alb1JgK9TKcNx8FfU94OJWT0BQXXGwlsvzSE-CCI9ZA==",cdn-downstream-fbl;dur=243 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - q_ngdVLJyj9Alb1JgK9TKcNx8FfU94OJWT0BQXXGwlsvzSE-CCI9ZA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 4a569e6e3b4e8b8eee60d2e6e93dc69a + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:48.142+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 8a5d6234-f114-4cf4-92db-d787ccf125a8 + Atl-Traceid: + - 8a5d6234f1144cf492dbd787ccf125a8 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:48 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=172,atl-edge;dur=164,atl-edge-internal;dur=15,atl-edge-upstream;dur=149,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="R_hMNJL61fDu9nYPbGIpa3342J4g1r6Utlba8bpDSLdOzkRuk4PlGw==",cdn-downstream-fbl;dur=175 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 2f7b5be8899520ed019685dc425dc306.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - R_hMNJL61fDu9nYPbGIpa3342J4g1r6Utlba8bpDSLdOzkRuk4PlGw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - d36f41ea61b5b2b0b057fe075459b7a4 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - ca27a869-ade9-4951-947c-e469c09ccc11 + Atl-Traceid: + - ca27a869ade94951947ce469c09ccc11 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:48 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=247,atl-edge;dur=235,atl-edge-internal;dur=20,atl-edge-upstream;dur=219,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="kQudxfo4zayCIQuFtTD995Rr6wP6eIMdDtaIobz1A6nfqRkiB8CHeA==",cdn-downstream-fbl;dur=252 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - kQudxfo4zayCIQuFtTD995Rr6wP6eIMdDtaIobz1A6nfqRkiB8CHeA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 33751801ee847a53991dca867c1a9fdf + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)", "description": "\n\n\n\n\n\n*Title*: + [CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)|http://localhost:8080/finding/395]\n\n*Defect + Dojo link:* http://localhost:8080/finding/395 (395)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-13050|https://nvd.nist.gov/vuln/detail/CVE-2019-13050]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/137]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: gnupg2 - 2.2.4-1ubuntu1.2\n\n\n\n\n\n\n\n*Description*:\nInteraction + between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and + GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration + line referring to a host on the SKS keyserver network. Retrieving data from + this network may cause a persistent denial of service, because of a Certificate + Spamming Attack.\n Vulnerable feature: gnupg2\n Vulnerable Versions: 2.2.4-1ubuntu1.2\n + Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2019-13050\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-13050\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1413' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19716","key":"NTEST-3044","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19716"}' + headers: + Atl-Request-Id: + - 48db0249-6857-45be-bb9c-957c6ba648b8 + Atl-Traceid: + - 48db0249685745bebb9c957c6ba648b8 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:49 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="DRZ7ngKCuaoWkL30BQhaIjwwKcKUrhIvKWwkg_xMYIZVflkFH5pQDQ==",cdn-downstream-fbl;dur=761,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=19,cdn-upstream-fbl;dur=759,atl-edge;dur=732,atl-edge-internal;dur=17,atl-edge-upstream;dur=716,atl-edge-pop;desc="aws-eu-central-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 a4583a5b47f0a64ec35be32f95ac1b46.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - DRZ7ngKCuaoWkL30BQhaIjwwKcKUrhIvKWwkg_xMYIZVflkFH5pQDQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 0aec413101781a016a691dd44878179f + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3044 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19716","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19716","key":"NTEST-3044","fields":{"statuscategorychangedate":"2025-05-24T12:35:49.239+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3044/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:48.882+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010rj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:48.965+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)|http://localhost:8080/finding/395]\n\n*Defect + Dojo link:* http://localhost:8080/finding/395 (395)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-13050|https://nvd.nist.gov/vuln/detail/CVE-2019-13050]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/137]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: gnupg2 - 2.2.4-1ubuntu1.2\n\n\n\n\n\n\n\n*Description*:\nInteraction + between the sks-keyserver code through 1.2.0 of the SKS keyserver network, + and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration + line referring to a host on the SKS keyserver network. Retrieving data from + this network may cause a persistent denial of service, because of a Certificate + Spamming Attack.\n Vulnerable feature: gnupg2\n Vulnerable Versions: 2.2.4-1ubuntu1.2\n + Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2019-13050\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-13050\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2019-13050 + - (Gnupg2, 2.2.4-1ubuntu1.2)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3044/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19716/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - a4ca1d43-969a-4dcd-a527-0fde29ad92c1 + Atl-Traceid: + - a4ca1d43969a4dcda5270fde29ad92c1 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:49 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=223,atl-edge;dur=215,atl-edge-internal;dur=15,atl-edge-upstream;dur=201,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="8GfBLsIRf0OyVeq5-vdsQf5a9uGVebPvyBhTUJZzCCfC0H_aqd6GQg==",cdn-downstream-fbl;dur=228 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 0e12b175c31e0e750266df78bf0e1068.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 8GfBLsIRf0OyVeq5-vdsQf5a9uGVebPvyBhTUJZzCCfC0H_aqd6GQg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - abd8b36bc411f99cae607743194b7337 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19716 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19716","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19716","key":"NTEST-3044","fields":{"statuscategorychangedate":"2025-05-24T12:35:49.239+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3044/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:48.882+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010rj:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:48.965+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)|http://localhost:8080/finding/395]\n\n*Defect + Dojo link:* http://localhost:8080/finding/395 (395)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-13050|https://nvd.nist.gov/vuln/detail/CVE-2019-13050]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/137]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: gnupg2 - 2.2.4-1ubuntu1.2\n\n\n\n\n\n\n\n*Description*:\nInteraction + between the sks-keyserver code through 1.2.0 of the SKS keyserver network, + and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration + line referring to a host on the SKS keyserver network. Retrieving data from + this network may cause a persistent denial of service, because of a Certificate + Spamming Attack.\n Vulnerable feature: gnupg2\n Vulnerable Versions: 2.2.4-1ubuntu1.2\n + Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2019-13050\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-13050\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2019-13050 + - (Gnupg2, 2.2.4-1ubuntu1.2)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3044/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19716/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 772d1fb1-381b-4108-8436-bc2771b65f05 + Atl-Traceid: + - 772d1fb1381b41088436bc2771b65f05 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:49 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=224,atl-edge;dur=217,atl-edge-internal;dur=17,atl-edge-upstream;dur=200,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="24b2K4WVEDxAxsKk23nfeJiHQycuSIqQTfS5g8hEdK1TqucW0t608A==",cdn-downstream-fbl;dur=229 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 b26a5eb677aed7368a2c7fd7f1d673dc.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 24b2K4WVEDxAxsKk23nfeJiHQycuSIqQTfS5g8hEdK1TqucW0t608A== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 83c0ae0ced2af102ef83b737c79c6867 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"description": "Event test_added has occurred.", "title": "Test created + for Security How-to: 1st Quarter Engagement: Clair Scan", "user": null, "url_ui": + "http://localhost:8080/test/137", "url_api": "http://localhost:8080/api/v2/tests/137/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 137, "url_ui": "http://localhost:8080/test/137", "url_api": "http://localhost:8080/api/v2/tests/137/"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '845' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - test_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"845\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:50098\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for + Security How-to: 1st Quarter Engagement: Clair Scan\\\", \\\"user\\\": null, + \\\"url_ui\\\": \\\"http://localhost:8080/test/137\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/137/\\\", + \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": + \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, + \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": + \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, + \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": + 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": + null, \\\"id\\\": 137, \\\"url_ui\\\": \\\"http://localhost:8080/test/137\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/137/\\\"}}\",\n \"files\": + {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added + has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": + \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 137,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/137/\",\n + \ \"url_ui\": \"http://localhost:8080/test/137\"\n },\n \"title\": + \"Test created for Security How-to: 1st Quarter Engagement: Clair Scan\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/tests/137/\",\n \"url_ui\": + \"http://localhost:8080/test/137\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:35:47 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated + 4 findings for Security How-to: 1st Quarter Engagement: Clair Scan", "user": + null, "url_ui": "http://localhost:8080/test/137", "url_api": "http://localhost:8080/api/v2/tests/137/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 137, "url_ui": "http://localhost:8080/test/137", "url_api": "http://localhost:8080/api/v2/tests/137/"}, + "finding_count": 4, "findings": {"new": [{"id": 392, "title": "CVE-2018-20839 + - (Systemd, 237-3ubuntu10.29)", "severity": "Medium", "url_ui": "http://localhost:8080/finding/392", + "url_api": "http://localhost:8080/api/v2/findings/392/"}, {"id": 393, "title": + "CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)", "severity": "Medium", "url_ui": + "http://localhost:8080/finding/393", "url_api": "http://localhost:8080/api/v2/findings/393/"}, + {"id": 394, "title": "CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)", "severity": + "Medium", "url_ui": "http://localhost:8080/finding/394", "url_api": "http://localhost:8080/api/v2/findings/394/"}, + {"id": 395, "title": "CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)", "severity": + "Medium", "url_ui": "http://localhost:8080/finding/395", "url_api": "http://localhost:8080/api/v2/findings/395/"}], + "reactivated": [], "mitigated": [], "untouched": []}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '1735' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - scan_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"1735\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:50112\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated + 4 findings for Security How-to: 1st Quarter Engagement: Clair Scan\\\", \\\"user\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/137\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/137/\\\", \\\"product_type\\\": {\\\"name\\\": + \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 137, \\\"url_ui\\\": \\\"http://localhost:8080/test/137\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/137/\\\"}, \\\"finding_count\\\": + 4, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 392, \\\"title\\\": \\\"CVE-2018-20839 + - (Systemd, 237-3ubuntu10.29)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/392\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/392/\\\"}, + {\\\"id\\\": 393, \\\"title\\\": \\\"CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)\\\", + \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/393\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/393/\\\"}, {\\\"id\\\": + 394, \\\"title\\\": \\\"CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)\\\", \\\"severity\\\": + \\\"Medium\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/394\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/394/\\\"}, {\\\"id\\\": + 395, \\\"title\\\": \\\"CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)\\\", \\\"severity\\\": + \\\"Medium\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/395\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/395/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": + 4,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n + \ \"id\": 392,\n \"severity\": \"Medium\",\n \"title\": + \"CVE-2018-20839 - (Systemd, 237-3ubuntu10.29)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/392/\",\n \"url_ui\": \"http://localhost:8080/finding/392\"\n + \ },\n {\n \"id\": 393,\n \"severity\": \"Medium\",\n + \ \"title\": \"CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/393/\",\n \"url_ui\": + \"http://localhost:8080/finding/393\"\n },\n {\n \"id\": + 394,\n \"severity\": \"Medium\",\n \"title\": \"CVE-2018-11236 + - (Glibc, 2.27-3ubuntu1)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/394/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/394\"\n },\n + \ {\n \"id\": 395,\n \"severity\": \"Medium\",\n \"title\": + \"CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/395/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/395\"\n }\n ],\n + \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 137,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/137/\",\n + \ \"url_ui\": \"http://localhost:8080/test/137\"\n },\n \"title\": + \"Created/Updated 4 findings for Security How-to: 1st Quarter Engagement: + Clair Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/137/\",\n + \ \"url_ui\": \"http://localhost:8080/test/137\",\n \"user\": null\n + \ }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:35:47 GMT Transfer-Encoding: - chunked status: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_true.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_true.yaml index 22e87bb6a46..66ac24627c0 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_true.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_not_verified_enforced_verified_globally_true_enforced_verified_jira_true.yaml @@ -2,14 +2,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/127", "url_api": "http://localhost:8080/api/v2/tests/127/", + "http://localhost:8080/test/138", "url_api": "http://localhost:8080/api/v2/tests/138/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 127, "url_ui": "http://localhost:8080/test/127", "url_api": "http://localhost:8080/api/v2/tests/127/"}}' + 138, "url_ui": "http://localhost:8080/test/138", "url_api": "http://localhost:8080/api/v2/tests/138/"}}' headers: Accept: - application/json @@ -24,7 +24,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -38,13 +38,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:57252\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:50116\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/127\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/127/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/138\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/138/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -52,8 +52,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 127, \\\"url_ui\\\": \\\"http://localhost:8080/test/127\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/127/\\\"}}\",\n \"files\": + null, \\\"id\\\": 138, \\\"url_ui\\\": \\\"http://localhost:8080/test/138\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/138/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -63,11 +63,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 127,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/127/\",\n - \ \"url_ui\": \"http://localhost:8080/test/127\"\n },\n \"title\": + 138,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/138/\",\n + \ \"url_ui\": \"http://localhost:8080/test/138\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/127/\",\n \"url_ui\": - \"http://localhost:8080/test/127\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/138/\",\n \"url_ui\": + \"http://localhost:8080/test/138\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -76,7 +76,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:48 GMT + - Sat, 24 May 2025 10:35:47 GMT Transfer-Encoding: - chunked status: @@ -85,19 +85,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/127", "url_api": "http://localhost:8080/api/v2/tests/127/", + "url_ui": "http://localhost:8080/test/138", "url_api": "http://localhost:8080/api/v2/tests/138/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 127, "url_ui": "http://localhost:8080/test/127", "url_api": "http://localhost:8080/api/v2/tests/127/"}, - "finding_count": 2, "findings": {"new": [{"id": 343, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/343", - "url_api": "http://localhost:8080/api/v2/findings/343/"}, {"id": 344, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/344", - "url_api": "http://localhost:8080/api/v2/findings/344/"}], "reactivated": [], + 138, "url_ui": "http://localhost:8080/test/138", "url_api": "http://localhost:8080/api/v2/tests/138/"}, + "finding_count": 2, "findings": {"new": [{"id": 396, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/396", + "url_api": "http://localhost:8080/api/v2/findings/396/"}, {"id": 397, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/397", + "url_api": "http://localhost:8080/api/v2/findings/397/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -113,7 +113,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -127,51 +127,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:57260\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:50132\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/127\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/127/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/138\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/138/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 127, \\\"url_ui\\\": \\\"http://localhost:8080/test/127\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/127/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 343, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 138, \\\"url_ui\\\": \\\"http://localhost:8080/test/138\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/138/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 396, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/343\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/343/\\\"}, - {\\\"id\\\": 344, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/344\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/344/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/396\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/396/\\\"}, + {\\\"id\\\": 397, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/397\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/397/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 343,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/343/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/343\"\n },\n - \ {\n \"id\": 344,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/344/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/344\"\n }\n ],\n + \ \"id\": 396,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/396/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/396\"\n },\n + \ {\n \"id\": 397,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/397/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/397\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 127,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/127/\",\n - \ \"url_ui\": \"http://localhost:8080/test/127\"\n },\n \"title\": + 138,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/138/\",\n + \ \"url_ui\": \"http://localhost:8080/test/138\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/127/\",\n - \ \"url_ui\": \"http://localhost:8080/test/127\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/138/\",\n + \ \"url_ui\": \"http://localhost:8080/test/138\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -181,7 +181,1910 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:48 GMT + - Sat, 24 May 2025 10:35:47 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:50.477+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 0f8735c8-910a-4491-8769-4b5822d7f6ed + Atl-Traceid: + - 0f8735c8910a449187694b5822d7f6ed + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:50 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=115,atl-edge;dur=107,atl-edge-internal;dur=13,atl-edge-upstream;dur=95,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="VbBrKrdLvkvTKqUsE6DGUG9a63U5JHj88jZ7ShXg8wJZD7QiHI7QJA==",cdn-downstream-fbl;dur=118 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 37bca31d9c7de06b67b2363770e065b4.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - VbBrKrdLvkvTKqUsE6DGUG9a63U5JHj88jZ7ShXg8wJZD7QiHI7QJA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 491e6e94cde5eb1c232facbe0334b6da + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - f093175b-962f-4d65-af48-34972f4adbc3 + Atl-Traceid: + - f093175b962f4d65af4834972f4adbc3 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:50 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=240,atl-edge;dur=233,atl-edge-internal;dur=19,atl-edge-upstream;dur=214,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="q-_nt28mEbszys01Xz7bclg-Qu-kNwWRT2WtMhQV0mUwcrSYaqss3g==",cdn-downstream-fbl;dur=244 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - q-_nt28mEbszys01Xz7bclg-Qu-kNwWRT2WtMhQV0mUwcrSYaqss3g== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 38aaa02687175e1ee0401bd25044672d + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "CVE-2018-20839 - (Systemd, 237-3ubuntu10.29)", "description": "\n\n\n\n\n\n*Title*: + [CVE-2018-20839 - (Systemd, 237-3ubuntu10.29)|http://localhost:8080/finding/398]\n\n*Defect + Dojo link:* http://localhost:8080/finding/398 (398)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-20839|https://nvd.nist.gov/vuln/detail/CVE-2018-20839]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/139]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: systemd - 237-3ubuntu10.29\n\n\n\n\n\n\n\n*Description*:\nsystemd + 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext + passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 + and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) + check is mishandled.\n Vulnerable feature: systemd\n Vulnerable Versions: 237-3ubuntu10.29\n + Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2018-20839\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20839\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1351' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19717","key":"NTEST-3045","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19717"}' + headers: + Atl-Request-Id: + - 75e232b1-98f6-47f4-8837-9accf01a5c04 + Atl-Traceid: + - 75e232b198f647f488379accf01a5c04 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:51 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=676,atl-edge;dur=669,atl-edge-internal;dur=13,atl-edge-upstream;dur=656,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="wGPFb183N93Zz_HHtz0KtqMu5qjXtq1E0jzs1zrWPWtFt7HvsSK2Cg==",cdn-downstream-fbl;dur=681 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 d6029710111dc7ad6216b4063753d630.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - wGPFb183N93Zz_HHtz0KtqMu5qjXtq1E0jzs1zrWPWtFt7HvsSK2Cg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 7dcd55cd9e6fabe9f73d8fc42476921e + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3045 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19717","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19717","key":"NTEST-3045","fields":{"statuscategorychangedate":"2025-05-24T12:35:51.470+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3045/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:51.183+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010rr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:51.251+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2018-20839 - (Systemd, 237-3ubuntu10.29)|http://localhost:8080/finding/398]\n\n*Defect + Dojo link:* http://localhost:8080/finding/398 (398)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-20839|https://nvd.nist.gov/vuln/detail/CVE-2018-20839]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/139]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: systemd - 237-3ubuntu10.29\n\n\n\n\n\n\n\n*Description*:\nsystemd + 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext + passwords in certain circumstances, such as watching a shutdown, or using + Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current + keyboard mode) check is mishandled.\n Vulnerable feature: systemd\n Vulnerable + Versions: 237-3ubuntu10.29\n Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2018-20839\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20839\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2018-20839 + - (Systemd, 237-3ubuntu10.29)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3045/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19717/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 28f8d426-5426-4919-8845-2af4d9d50bf0 + Atl-Traceid: + - 28f8d4265426491988452af4d9d50bf0 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:51 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=241,atl-edge;dur=233,atl-edge-internal;dur=14,atl-edge-upstream;dur=219,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="AIYbQ_ua48lfTYm6ellJtdJ9Bje3cWgE3AgadF8L3bgKLeVkwlihgw==",cdn-downstream-fbl;dur=245 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - AIYbQ_ua48lfTYm6ellJtdJ9Bje3cWgE3AgadF8L3bgKLeVkwlihgw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - a7d4115423aeba9eeaeaa8a25e1abfd5 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19717 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19717","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19717","key":"NTEST-3045","fields":{"statuscategorychangedate":"2025-05-24T12:35:51.470+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3045/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:51.183+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010rr:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:51.251+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2018-20839 - (Systemd, 237-3ubuntu10.29)|http://localhost:8080/finding/398]\n\n*Defect + Dojo link:* http://localhost:8080/finding/398 (398)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-20839|https://nvd.nist.gov/vuln/detail/CVE-2018-20839]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/139]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: systemd - 237-3ubuntu10.29\n\n\n\n\n\n\n\n*Description*:\nsystemd + 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext + passwords in certain circumstances, such as watching a shutdown, or using + Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current + keyboard mode) check is mishandled.\n Vulnerable feature: systemd\n Vulnerable + Versions: 237-3ubuntu10.29\n Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2018-20839\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-20839\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2018-20839 + - (Systemd, 237-3ubuntu10.29)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3045/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19717/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - f74b66c6-a49d-4207-a7f3-0cad61b0838a + Atl-Traceid: + - f74b66c6a49d4207a7f30cad61b0838a + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:52 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=249,atl-edge;dur=242,atl-edge-internal;dur=15,atl-edge-upstream;dur=227,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="fWHLXYsVqCCyc-9JC2ygchHGBg-_gcYTIV4lZUcjbQGGhSrI5JDvYw==",cdn-downstream-fbl;dur=253 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - fWHLXYsVqCCyc-9JC2ygchHGBg-_gcYTIV4lZUcjbQGGhSrI5JDvYw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 76e886fe88aefda994784eb006dc7e9a + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:52.412+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - de36b1d0-5b82-4f6f-9072-ac393c7c964c + Atl-Traceid: + - de36b1d05b824f6f9072ac393c7c964c + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:52 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=115,atl-edge;dur=108,atl-edge-internal;dur=15,atl-edge-upstream;dur=93,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="zN9cT2CV5GhBveYuRL-KJJRZF2_g9_uUiTqNAOzGwwhRaxopbSZryg==",cdn-downstream-fbl;dur=119 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - zN9cT2CV5GhBveYuRL-KJJRZF2_g9_uUiTqNAOzGwwhRaxopbSZryg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - a484adaefe94c5556a24a7f1c73811d4 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - f5df8bb9-a25e-4565-b79a-32007dfbc7b1 + Atl-Traceid: + - f5df8bb9a25e4565b79a32007dfbc7b1 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:52 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="AHgMU6qsCqpdWbP02LXbXEeIqtuK9Fu4PY4MykW7bJk9G9R3hkKcvg==",cdn-downstream-fbl;dur=295,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=292,atl-edge;dur=262,atl-edge-internal;dur=20,atl-edge-upstream;dur=243,atl-edge-pop;desc="aws-eu-central-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 a8b68315e1e2575143f97748ffbb29a0.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - AHgMU6qsCqpdWbP02LXbXEeIqtuK9Fu4PY4MykW7bJk9G9R3hkKcvg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 25979a774421e73ec0c85b159b224b8c + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)", "description": + "\n\n\n\n\n\n*Title*: [CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)|http://localhost:8080/finding/399]\n\n*Defect + Dojo link:* http://localhost:8080/finding/399 (399)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-5094|https://nvd.nist.gov/vuln/detail/CVE-2019-5094]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/139]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: e2fsprogs - 1.44.1-1ubuntu1.1\n\n\n\n\n\n\n\n*Description*:\nAn + exploitable code execution vulnerability exists in the quota file functionality + of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds + write on the heap, resulting in code execution. An attacker can corrupt a partition + to trigger this vulnerability.\n Vulnerable feature: e2fsprogs\n Vulnerable + Versions: 1.44.1-1ubuntu1.1\n Fixed by: 1.44.1-1ubuntu1.2\n Namespace: ubuntu:18.04\n + CVE: CVE-2019-5094\n\n\n*Mitigation*:\n1.44.1-1ubuntu1.2\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5094\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1416' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19718","key":"NTEST-3046","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19718"}' + headers: + Atl-Request-Id: + - ae6090ab-5ee4-46d7-9848-34729089159d + Atl-Traceid: + - ae6090ab5ee446d7984834729089159d + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:53 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=647,atl-edge;dur=639,atl-edge-internal;dur=17,atl-edge-upstream;dur=623,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="gBEqs_qcIui5W5k-8-6bp68WpDsMGlbSnwp-ADM8ZvM3ICbt4_1lvA==",cdn-downstream-fbl;dur=650 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - gBEqs_qcIui5W5k-8-6bp68WpDsMGlbSnwp-ADM8ZvM3ICbt4_1lvA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - e8dee89e4719285b08ea53cd5511dfe9 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3046 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19718","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19718","key":"NTEST-3046","fields":{"statuscategorychangedate":"2025-05-24T12:35:53.456+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3046/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:53.136+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010rz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:53.216+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)|http://localhost:8080/finding/399]\n\n*Defect + Dojo link:* http://localhost:8080/finding/399 (399)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-5094|https://nvd.nist.gov/vuln/detail/CVE-2019-5094]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/139]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: e2fsprogs - 1.44.1-1ubuntu1.1\n\n\n\n\n\n\n\n*Description*:\nAn + exploitable code execution vulnerability exists in the quota file functionality + of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds + write on the heap, resulting in code execution. An attacker can corrupt a + partition to trigger this vulnerability.\n Vulnerable feature: e2fsprogs\n + Vulnerable Versions: 1.44.1-1ubuntu1.1\n Fixed by: 1.44.1-1ubuntu1.2\n Namespace: + ubuntu:18.04\n CVE: CVE-2019-5094\n\n\n*Mitigation*:\n1.44.1-1ubuntu1.2\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5094\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2019-5094 + - (E2fsprogs, 1.44.1-1ubuntu1.1)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3046/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19718/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - f15f40c0-908c-414b-9855-26225b543e39 + Atl-Traceid: + - f15f40c0908c414b985526225b543e39 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:53 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=210,atl-edge;dur=202,atl-edge-internal;dur=15,atl-edge-upstream;dur=187,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="1yILnHA4O8OZKcrhfi2DpCKD0AilUCteeWxKm_xaciDY8ZTjnHsETg==",cdn-downstream-fbl;dur=215 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 4ab1227a56c7dfaf7a8f7750683df1be.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 1yILnHA4O8OZKcrhfi2DpCKD0AilUCteeWxKm_xaciDY8ZTjnHsETg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 6753a49cd69627a261983486efbc8757 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19718 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19718","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19718","key":"NTEST-3046","fields":{"statuscategorychangedate":"2025-05-24T12:35:53.456+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3046/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:53.136+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010rz:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:53.216+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)|http://localhost:8080/finding/399]\n\n*Defect + Dojo link:* http://localhost:8080/finding/399 (399)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-5094|https://nvd.nist.gov/vuln/detail/CVE-2019-5094]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/139]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: e2fsprogs - 1.44.1-1ubuntu1.1\n\n\n\n\n\n\n\n*Description*:\nAn + exploitable code execution vulnerability exists in the quota file functionality + of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds + write on the heap, resulting in code execution. An attacker can corrupt a + partition to trigger this vulnerability.\n Vulnerable feature: e2fsprogs\n + Vulnerable Versions: 1.44.1-1ubuntu1.1\n Fixed by: 1.44.1-1ubuntu1.2\n Namespace: + ubuntu:18.04\n CVE: CVE-2019-5094\n\n\n*Mitigation*:\n1.44.1-1ubuntu1.2\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5094\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2019-5094 + - (E2fsprogs, 1.44.1-1ubuntu1.1)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3046/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19718/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 914eecc1-f1b3-4746-8a33-800ec9420f4c + Atl-Traceid: + - 914eecc1f1b347468a33800ec9420f4c + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:54 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=7,cdn-upstream-fbl;dur=246,atl-edge;dur=217,atl-edge-internal;dur=15,atl-edge-upstream;dur=201,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="Wij4X5vEFEoBO2zrkWNRAnT7xYirLZBhrohJkVITUeediSxVxvyi6A==",cdn-downstream-fbl;dur=254 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 f5d6b2021b5a22554c0e7f5b20207324.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - Wij4X5vEFEoBO2zrkWNRAnT7xYirLZBhrohJkVITUeediSxVxvyi6A== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - a2813e8ce2ffd9d48f7372b8390c2ba6 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:54.335+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 63033b56-c885-479c-be14-c3e889248492 + Atl-Traceid: + - 63033b56c885479cbe14c3e889248492 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:54 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=110,atl-edge;dur=102,atl-edge-internal;dur=17,atl-edge-upstream;dur=86,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="xaAaTnnqp4rD8Z_iPZSSTk-091wrfAdBd3n-MLlvBhfXefscqxnUzw==",cdn-downstream-fbl;dur=115 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - xaAaTnnqp4rD8Z_iPZSSTk-091wrfAdBd3n-MLlvBhfXefscqxnUzw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - eefc9ae9b2c54d90c529c09398008966 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 6781f486-18d4-4c3b-9c59-d1ff442b3cd5 + Atl-Traceid: + - 6781f48618d44c3b9c59d1ff442b3cd5 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:54 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=272,atl-edge;dur=265,atl-edge-internal;dur=16,atl-edge-upstream;dur=249,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="uDh5ALiXBwDz0fRKfz2n4GwKEduTYahlHMQ8wOaJBnatKQ-Hy4VfRg==",cdn-downstream-fbl;dur=275 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 c337a55bb25a3540411fbbf6c8ad1b46.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - uDh5ALiXBwDz0fRKfz2n4GwKEduTYahlHMQ8wOaJBnatKQ-Hy4VfRg== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - b5c1848ed637d8eae6c8c56bbffe35d3 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)", "description": "\n\n\n\n\n\n*Title*: + [CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)|http://localhost:8080/finding/400]\n\n*Defect + Dojo link:* http://localhost:8080/finding/400 (400)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-11236|https://nvd.nist.gov/vuln/detail/CVE-2018-11236]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/139]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: glibc - 2.27-3ubuntu1\n\n\n\n\n\n\n\n*Description*:\nstdlib/canonicalize.c + in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing + very long pathname arguments to the realpath function, could encounter an integer + overflow on 32-bit architectures, leading to a stack-based buffer overflow and, + potentially, arbitrary code execution.\n Vulnerable feature: glibc\n Vulnerable + Versions: 2.27-3ubuntu1\n Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2018-11236\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-11236\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1355' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19719","key":"NTEST-3047","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19719"}' + headers: + Atl-Request-Id: + - f88b7b5f-345d-4133-9f9c-2d2dd8556b28 + Atl-Traceid: + - f88b7b5f345d41339f9c2d2dd8556b28 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:55 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=807,atl-edge;dur=800,atl-edge-internal;dur=13,atl-edge-upstream;dur=787,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="UcVYaBPchp5kX9nZFmMWlh8bLP8dHHrlaRZ6yMuxK5Vbzvltj5rkOQ==",cdn-downstream-fbl;dur=810 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 cf45fdeb5348a5648604f5f9e4f2b8a8.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - UcVYaBPchp5kX9nZFmMWlh8bLP8dHHrlaRZ6yMuxK5Vbzvltj5rkOQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 3a557d600ea070b60ba51c089497a80e + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3047 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19719","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19719","key":"NTEST-3047","fields":{"statuscategorychangedate":"2025-05-24T12:35:55.495+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3047/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:55.089+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010s7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:55.244+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)|http://localhost:8080/finding/400]\n\n*Defect + Dojo link:* http://localhost:8080/finding/400 (400)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-11236|https://nvd.nist.gov/vuln/detail/CVE-2018-11236]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/139]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: glibc - 2.27-3ubuntu1\n\n\n\n\n\n\n\n*Description*:\nstdlib/canonicalize.c + in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing + very long pathname arguments to the realpath function, could encounter an + integer overflow on 32-bit architectures, leading to a stack-based buffer + overflow and, potentially, arbitrary code execution.\n Vulnerable feature: + glibc\n Vulnerable Versions: 2.27-3ubuntu1\n Fixed by: \n Namespace: ubuntu:18.04\n + CVE: CVE-2018-11236\n\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-11236\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2018-11236 + - (Glibc, 2.27-3ubuntu1)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3047/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19719/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - e4582047-0927-462d-b045-e0cc4d7adc78 + Atl-Traceid: + - e45820470927462db045e0cc4d7adc78 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:55 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=232,atl-edge;dur=225,atl-edge-internal;dur=15,atl-edge-upstream;dur=210,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="BR4XvHI-WhC6WhTkeGbGzydXwKkhydwmoyy49m-6IYcOPHd5spG1iA==",cdn-downstream-fbl;dur=236 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 acee7e60faaea7b7699fe033930a0164.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - BR4XvHI-WhC6WhTkeGbGzydXwKkhydwmoyy49m-6IYcOPHd5spG1iA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 10b48fb09bf4e571a0d3e65dc5dcb580 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19719 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19719","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19719","key":"NTEST-3047","fields":{"statuscategorychangedate":"2025-05-24T12:35:55.495+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3047/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:55.089+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010s7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:55.244+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)|http://localhost:8080/finding/400]\n\n*Defect + Dojo link:* http://localhost:8080/finding/400 (400)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2018-11236|https://nvd.nist.gov/vuln/detail/CVE-2018-11236]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/139]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: glibc - 2.27-3ubuntu1\n\n\n\n\n\n\n\n*Description*:\nstdlib/canonicalize.c + in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing + very long pathname arguments to the realpath function, could encounter an + integer overflow on 32-bit architectures, leading to a stack-based buffer + overflow and, potentially, arbitrary code execution.\n Vulnerable feature: + glibc\n Vulnerable Versions: 2.27-3ubuntu1\n Fixed by: \n Namespace: ubuntu:18.04\n + CVE: CVE-2018-11236\n\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-11236\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2018-11236 + - (Glibc, 2.27-3ubuntu1)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3047/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19719/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 22d4227e-3197-4392-8038-88807fe436de + Atl-Traceid: + - 22d4227e31974392803888807fe436de + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:56 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=235,atl-edge;dur=227,atl-edge-internal;dur=17,atl-edge-upstream;dur=211,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="6vbDSsxqhzzcfJS5rNDvlmupszPykeBbXplBtgNyqQwX4UVNLt_Wxw==",cdn-downstream-fbl;dur=240 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 6vbDSsxqhzzcfJS5rNDvlmupszPykeBbXplBtgNyqQwX4UVNLt_Wxw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - dbe4eeb053ce3aee3ee81f3d002874da + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:56.497+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 28812cd8-e199-47af-83f2-a63d1a69b877 + Atl-Traceid: + - 28812cd8e19947af83f2a63d1a69b877 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:56 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=135,atl-edge;dur=127,atl-edge-internal;dur=15,atl-edge-upstream;dur=113,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="0LFXEnxoHnyk9Tjh5hcvgEgfl9twb6Bj3UA3tlYv6z7UkZlqZXOKPw==",cdn-downstream-fbl;dur=139 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 0LFXEnxoHnyk9Tjh5hcvgEgfl9twb6Bj3UA3tlYv6z7UkZlqZXOKPw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - ddc41aaf6cbd006af265c53403c1d44a + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - 11165ad6-5641-431c-8d02-a2eaa70cac99 + Atl-Traceid: + - 11165ad65641431c8d02a2eaa70cac99 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:56 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=272,atl-edge;dur=266,atl-edge-internal;dur=35,atl-edge-upstream;dur=230,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="yMH1Hib1xonWT7ip0KPgfstTrCWZQ3GNEL2oMuEu5dCZsZuIwYqywQ==",cdn-downstream-fbl;dur=276 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - yMH1Hib1xonWT7ip0KPgfstTrCWZQ3GNEL2oMuEu5dCZsZuIwYqywQ== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 8ed19bc73786222a3618735e3b291e00 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)", "description": "\n\n\n\n\n\n*Title*: + [CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)|http://localhost:8080/finding/401]\n\n*Defect + Dojo link:* http://localhost:8080/finding/401 (401)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-13050|https://nvd.nist.gov/vuln/detail/CVE-2019-13050]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/139]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: gnupg2 - 2.2.4-1ubuntu1.2\n\n\n\n\n\n\n\n*Description*:\nInteraction + between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and + GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration + line referring to a host on the SKS keyserver network. Retrieving data from + this network may cause a persistent denial of service, because of a Certificate + Spamming Attack.\n Vulnerable feature: gnupg2\n Vulnerable Versions: 2.2.4-1ubuntu1.2\n + Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2019-13050\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-13050\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "Medium"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1413' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"19720","key":"NTEST-3048","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19720"}' + headers: + Atl-Request-Id: + - 2cb99cab-3550-428d-b801-1223ddf284bd + Atl-Traceid: + - 2cb99cab3550428db8011223ddf284bd + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:57 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=715,atl-edge;dur=708,atl-edge-internal;dur=14,atl-edge-upstream;dur=694,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="55kDJJhcjpY9xgJ5Y1li6n_m4fOottCprx7auHNnbyS590ovWsx95w==",cdn-downstream-fbl;dur=721 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - 55kDJJhcjpY9xgJ5Y1li6n_m4fOottCprx7auHNnbyS590ovWsx95w== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 836c50c10539aecc134440e95c85dde1 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3048 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19720","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19720","key":"NTEST-3048","fields":{"statuscategorychangedate":"2025-05-24T12:35:57.547+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3048/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:57.240+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010sf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:57.321+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)|http://localhost:8080/finding/401]\n\n*Defect + Dojo link:* http://localhost:8080/finding/401 (401)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-13050|https://nvd.nist.gov/vuln/detail/CVE-2019-13050]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/139]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: gnupg2 - 2.2.4-1ubuntu1.2\n\n\n\n\n\n\n\n*Description*:\nInteraction + between the sks-keyserver code through 1.2.0 of the SKS keyserver network, + and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration + line referring to a host on the SKS keyserver network. Retrieving data from + this network may cause a persistent denial of service, because of a Certificate + Spamming Attack.\n Vulnerable feature: gnupg2\n Vulnerable Versions: 2.2.4-1ubuntu1.2\n + Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2019-13050\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-13050\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2019-13050 + - (Gnupg2, 2.2.4-1ubuntu1.2)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3048/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19720/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - 4b70d831-e593-4db4-85d2-38314101a17b + Atl-Traceid: + - 4b70d831e5934db485d238314101a17b + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:57 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=214,atl-edge;dur=206,atl-edge-internal;dur=17,atl-edge-upstream;dur=190,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="oMyEMICl5V-NvM4x-SLqTqK-T5HyhCaVw9bwLkVPZ4gUFmDB7yyrjw==",cdn-downstream-fbl;dur=218 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - oMyEMICl5V-NvM4x-SLqTqK-T5HyhCaVw9bwLkVPZ4gUFmDB7yyrjw== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - 23c84d50c13f55299a97d5df0ac8be89 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19720 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19720","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19720","key":"NTEST-3048","fields":{"statuscategorychangedate":"2025-05-24T12:35:57.547+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3048/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:57.240+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium.svg","name":"Medium","id":"3"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010sf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:57.321+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: + [CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)|http://localhost:8080/finding/401]\n\n*Defect + Dojo link:* http://localhost:8080/finding/401 (401)\n\n*Severity:* Medium\n\n\n*Due + Date:* Aug. 22, 2025\n\n\n\n\n\n*CVE:* [CVE-2019-13050|https://nvd.nist.gov/vuln/detail/CVE-2019-13050]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [Clair Scan|http://localhost:8080/test/139]\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: gnupg2 - 2.2.4-1ubuntu1.2\n\n\n\n\n\n\n\n*Description*:\nInteraction + between the sks-keyserver code through 1.2.0 of the SKS keyserver network, + and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration + line referring to a host on the SKS keyserver network. Retrieving data from + this network may cause a persistent denial of service, because of a Certificate + Spamming Attack.\n Vulnerable feature: gnupg2\n Vulnerable Versions: 2.2.4-1ubuntu1.2\n + Fixed by: \n Namespace: ubuntu:18.04\n CVE: CVE-2019-13050\n\n\n\n\n*Impact*:\nNo + impact provided\n\n\n\n\n\n*References*:\nhttp://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-13050\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"CVE-2019-13050 + - (Gnupg2, 2.2.4-1ubuntu1.2)","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3048/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19720/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + headers: + Atl-Request-Id: + - b56e6806-63b9-4301-8971-a9c75739be52 + Atl-Traceid: + - b56e680663b943018971a9c75739be52 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Sat, 24 May 2025 10:35:58 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=240,atl-edge;dur=232,atl-edge-internal;dur=17,atl-edge-upstream;dur=216,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="D-Nz5r66Pij5QlLKqYBsJvyZPbXPXrkRiCkz4pUokZ0LCSsTwuujAA==",cdn-downstream-fbl;dur=244 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) + X-Aaccountid: + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + X-Amz-Cf-Id: + - D-Nz5r66Pij5QlLKqYBsJvyZPbXPXrkRiCkz4pUokZ0LCSsTwuujAA== + X-Amz-Cf-Pop: + - AMS1-P1 + X-Arequestid: + - b6feba01bfc1fda15765ec375493d126 + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"description": "Event test_added has occurred.", "title": "Test created + for Security How-to: 1st Quarter Engagement: Clair Scan", "user": null, "url_ui": + "http://localhost:8080/test/139", "url_api": "http://localhost:8080/api/v2/tests/139/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 139, "url_ui": "http://localhost:8080/test/139", "url_api": "http://localhost:8080/api/v2/tests/139/"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '845' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - test_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"845\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:36616\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for + Security How-to: 1st Quarter Engagement: Clair Scan\\\", \\\"user\\\": null, + \\\"url_ui\\\": \\\"http://localhost:8080/test/139\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/139/\\\", + \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": + \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, + \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": + \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, + \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": + 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": + null, \\\"id\\\": 139, \\\"url_ui\\\": \\\"http://localhost:8080/test/139\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/139/\\\"}}\",\n \"files\": + {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added + has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": + \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 139,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/139/\",\n + \ \"url_ui\": \"http://localhost:8080/test/139\"\n },\n \"title\": + \"Test created for Security How-to: 1st Quarter Engagement: Clair Scan\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/tests/139/\",\n \"url_ui\": + \"http://localhost:8080/test/139\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:35:57 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated + 4 findings for Security How-to: 1st Quarter Engagement: Clair Scan", "user": + null, "url_ui": "http://localhost:8080/test/139", "url_api": "http://localhost:8080/api/v2/tests/139/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 139, "url_ui": "http://localhost:8080/test/139", "url_api": "http://localhost:8080/api/v2/tests/139/"}, + "finding_count": 4, "findings": {"new": [{"id": 398, "title": "CVE-2018-20839 + - (Systemd, 237-3ubuntu10.29)", "severity": "Medium", "url_ui": "http://localhost:8080/finding/398", + "url_api": "http://localhost:8080/api/v2/findings/398/"}, {"id": 399, "title": + "CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)", "severity": "Medium", "url_ui": + "http://localhost:8080/finding/399", "url_api": "http://localhost:8080/api/v2/findings/399/"}, + {"id": 400, "title": "CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)", "severity": + "Medium", "url_ui": "http://localhost:8080/finding/400", "url_api": "http://localhost:8080/api/v2/findings/400/"}, + {"id": 401, "title": "CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)", "severity": + "Medium", "url_ui": "http://localhost:8080/finding/401", "url_api": "http://localhost:8080/api/v2/findings/401/"}], + "reactivated": [], "mitigated": [], "untouched": []}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '1735' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.46.2 + X-DefectDojo-Event: + - scan_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"1735\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": + [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:36622\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated + 4 findings for Security How-to: 1st Quarter Engagement: Clair Scan\\\", \\\"user\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/139\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/139/\\\", \\\"product_type\\\": {\\\"name\\\": + \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 139, \\\"url_ui\\\": \\\"http://localhost:8080/test/139\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/139/\\\"}, \\\"finding_count\\\": + 4, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 398, \\\"title\\\": \\\"CVE-2018-20839 + - (Systemd, 237-3ubuntu10.29)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": + \\\"http://localhost:8080/finding/398\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/398/\\\"}, + {\\\"id\\\": 399, \\\"title\\\": \\\"CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)\\\", + \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/399\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/399/\\\"}, {\\\"id\\\": + 400, \\\"title\\\": \\\"CVE-2018-11236 - (Glibc, 2.27-3ubuntu1)\\\", \\\"severity\\\": + \\\"Medium\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/400\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/400/\\\"}, {\\\"id\\\": + 401, \\\"title\\\": \\\"CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)\\\", \\\"severity\\\": + \\\"Medium\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/401\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/401/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": + 4,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n + \ \"id\": 398,\n \"severity\": \"Medium\",\n \"title\": + \"CVE-2018-20839 - (Systemd, 237-3ubuntu10.29)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/398/\",\n \"url_ui\": \"http://localhost:8080/finding/398\"\n + \ },\n {\n \"id\": 399,\n \"severity\": \"Medium\",\n + \ \"title\": \"CVE-2019-5094 - (E2fsprogs, 1.44.1-1ubuntu1.1)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/399/\",\n \"url_ui\": + \"http://localhost:8080/finding/399\"\n },\n {\n \"id\": + 400,\n \"severity\": \"Medium\",\n \"title\": \"CVE-2018-11236 + - (Glibc, 2.27-3ubuntu1)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/400/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/400\"\n },\n + \ {\n \"id\": 401,\n \"severity\": \"Medium\",\n \"title\": + \"CVE-2019-13050 - (Gnupg2, 2.2.4-1ubuntu1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/401/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/401\"\n }\n ],\n + \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 139,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/139/\",\n + \ \"url_ui\": \"http://localhost:8080/test/139\"\n },\n \"title\": + \"Created/Updated 4 findings for Security How-to: 1st Quarter Engagement: + Clair Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/139/\",\n + \ \"url_ui\": \"http://localhost:8080/test/139\",\n \"user\": null\n + \ }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Sat, 24 May 2025 10:35:57 GMT Transfer-Encoding: - chunked status: diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_update_tags.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_update_tags.yaml index 0703a15bbc4..abdcd60cd82 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_update_tags.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_with_push_to_jira_update_tags.yaml @@ -18,12 +18,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:49.305+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:35:58.694+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 6fbe944f-58e5-4b16-905b-c64606ae4a6c + - 20a871c2-487d-4c1a-a3ef-cb8b0247a48b Atl-Traceid: - - 6fbe944f58e54b16905bc64606ae4a6c + - 20a871c2487d4c1aa3efcb8b0247a48b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -33,7 +33,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:49 GMT + - Sat, 24 May 2025 10:35:58 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -43,7 +43,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=184,atl-edge;dur=161,atl-edge-internal;dur=14,atl-edge-upstream;dur=148,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="KhZMGBF8x9lR85aezLUkkV6garEfdPOSLpJ4W7_7L3s50R2KGzQHgg==",cdn-downstream-fbl;dur=188 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=124,atl-edge;dur=115,atl-edge-internal;dur=15,atl-edge-upstream;dur=101,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="6DePOW53oFz7MjBjrpsneFnM3UmOps4mz3ebTkj9A3D_bj4j88o_oA==",cdn-downstream-fbl;dur=127 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -53,15 +53,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 476cbc24d5f1a673aca06385c3863276.cloudfront.net (CloudFront) + - 1.1 9500c58b11c15528d15f2ca9add5bc00.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - KhZMGBF8x9lR85aezLUkkV6garEfdPOSLpJ4W7_7L3s50R2KGzQHgg== + - 6DePOW53oFz7MjBjrpsneFnM3UmOps4mz3ebTkj9A3D_bj4j88o_oA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 77282381a1b0a80cf5c9251789fc06ef + - 51223b8fc0679237da17acf2f825129a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -99,9 +99,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - fab690f2-1ebf-42cd-90a3-cfca05365ca5 + - 9aef59f2-08cd-4e74-b958-a65ad9ffac07 Atl-Traceid: - - fab690f21ebf42cd90a3cfca05365ca5 + - 9aef59f208cd4e74b958a65ad9ffac07 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -111,7 +111,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:49 GMT + - Sat, 24 May 2025 10:35:59 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -121,7 +121,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=333,atl-edge;dur=300,atl-edge-internal;dur=15,atl-edge-upstream;dur=285,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="zc3me9C-Fvrh-bChk3nIeYm6gsTZO3Ph6XHItoUvW2ILWK_D12lvDQ==",cdn-downstream-fbl;dur=338 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=276,atl-edge;dur=269,atl-edge-internal;dur=16,atl-edge-upstream;dur=253,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="WBcx52JN7SZO3s7J72WOGsmEn8NmLq-FXYid3hQUNTMbuTxTiiZY0w==",cdn-downstream-fbl;dur=281 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -131,18 +131,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4bbf91f2f9edc22eb68408b6405ae452.cloudfront.net (CloudFront) + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - zc3me9C-Fvrh-bChk3nIeYm6gsTZO3Ph6XHItoUvW2ILWK_D12lvDQ== + - WBcx52JN7SZO3s7J72WOGsmEn8NmLq-FXYid3hQUNTMbuTxTiiZY0w== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 8dc257975d2d6cd970a95b78e4ca3c3a + - 9d9a470bb036d7d0ad73b2863e3d7778 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -155,11 +155,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/345]\n\n*Defect - Dojo link:* http://localhost:8080/finding/345 (345)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/402]\n\n*Defect + Dojo link:* http://localhost:8080/finding/402 (402)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/140]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -177,7 +177,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -186,12 +186,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18291","key":"NTEST-1898","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18291"}' + string: '{"id":"19721","key":"NTEST-3049","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19721"}' headers: Atl-Request-Id: - - da6addcd-6650-4d43-9e6e-5980db18d488 + - 452eb809-acf6-48de-bbe6-47b7ba556fe3 Atl-Traceid: - - da6addcd66504d439e6e5980db18d488 + - 452eb809acf648debbe647b7ba556fe3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -199,7 +199,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:50 GMT + - Sat, 24 May 2025 10:35:59 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -209,7 +209,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=647,atl-edge;dur=614,atl-edge-internal;dur=16,atl-edge-upstream;dur=599,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="wFbeSP-GCcNTQx2AYbv-9TmRCuHzbR1z7z7n3_r8uD0z2bUu1yl93Q==",cdn-downstream-fbl;dur=651 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=702,atl-edge;dur=695,atl-edge-internal;dur=16,atl-edge-upstream;dur=678,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="iO9ZPueOKE8Yux3UcWdCTvRRlwjG88ABEbnIsovRF1tg2xzOCjZr-A==",cdn-downstream-fbl;dur=706 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -219,15 +219,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 535c2b5354e6ba6798fd64420ee97a2c.cloudfront.net (CloudFront) + - 1.1 0e12b175c31e0e750266df78bf0e1068.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - wFbeSP-GCcNTQx2AYbv-9TmRCuHzbR1z7z7n3_r8uD0z2bUu1yl93Q== + - iO9ZPueOKE8Yux3UcWdCTvRRlwjG88ABEbnIsovRF1tg2xzOCjZr-A== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 941eeaae9a6d661d1232987a73cfc8e4 + - deb2298e18a30329686464c36b2b05ff X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -253,19 +253,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1898 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3049 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18291","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18291","key":"NTEST-1898","fields":{"statuscategorychangedate":"2025-04-30T18:28:50.547+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19721","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19721","key":"NTEST-3049","fields":{"statuscategorychangedate":"2025-05-24T12:35:59.758+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1898/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:50.307+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tc7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:50.383+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3049/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:59.444+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010sn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:59.531+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/345]\n\n*Defect - Dojo link:* http://localhost:8080/finding/345 (345)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/402]\n\n*Defect + Dojo link:* http://localhost:8080/finding/402 (402)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/140]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -273,14 +273,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1898/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18291/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3049/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19721/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - c5fb2052-3381-4f03-b28d-f297a486ecbb + - 35f4d21b-ffde-42f7-9b3c-302f5beebb97 Atl-Traceid: - - c5fb205233814f03b28df297a486ecbb + - 35f4d21bffde42f79b3c302f5beebb97 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -290,7 +290,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:51 GMT + - Sat, 24 May 2025 10:36:00 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -300,7 +300,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="gQX0G6ly_df8SrH-JAnKqhFzB6sZmsq4r3h-Rd6MtjkYNdq5_2BI4g==",cdn-downstream-fbl;dur=367,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=68,cdn-upstream-fbl;dur=364,atl-edge;dur=274,atl-edge-internal;dur=17,atl-edge-upstream;dur=257,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="FJ6aQzO1JUBfV2lV4641CEtVQ3KkzXNggsOksxoWWPTiVqyMzgULaw==",cdn-downstream-fbl;dur=304,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=20,cdn-upstream-fbl;dur=301,atl-edge;dur=273,atl-edge-internal;dur=16,atl-edge-upstream;dur=258,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -310,15 +310,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0d9c2d5ae2c28ab89ceaef885af258e6.cloudfront.net (CloudFront) + - 1.1 5de5e66003332bec09dff893114ac06c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - gQX0G6ly_df8SrH-JAnKqhFzB6sZmsq4r3h-Rd6MtjkYNdq5_2BI4g== + - FJ6aQzO1JUBfV2lV4641CEtVQ3KkzXNggsOksxoWWPTiVqyMzgULaw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - d5278b0f9e78dd60d9493264c1d92c17 + - bffc27817f7708428bb08d1e8c749e90 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -344,19 +344,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18291 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19721 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18291","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18291","key":"NTEST-1898","fields":{"statuscategorychangedate":"2025-04-30T18:28:50.547+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19721","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19721","key":"NTEST-3049","fields":{"statuscategorychangedate":"2025-05-24T12:35:59.758+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1898/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:50.307+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tc7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:50.383+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3049/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:59.444+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010sn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:59.531+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/345]\n\n*Defect - Dojo link:* http://localhost:8080/finding/345 (345)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/402]\n\n*Defect + Dojo link:* http://localhost:8080/finding/402 (402)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/140]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -364,14 +364,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1898/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18291/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3049/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19721/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - ef5c078c-cf13-4b26-8201-7593ddbccb77 + - 0c341820-e81f-489b-887c-dfb20f26cba8 Atl-Traceid: - - ef5c078ccf134b2682017593ddbccb77 + - 0c341820e81f489b887cdfb20f26cba8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -381,7 +381,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:51 GMT + - Sat, 24 May 2025 10:36:00 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -391,7 +391,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=287,atl-edge;dur=255,atl-edge-internal;dur=15,atl-edge-upstream;dur=240,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="Exe6rwETgCtikFB5Yqp4kauWBeJ9jMFvvtP-GASRUdpLHv9IVGjGZg==",cdn-downstream-fbl;dur=292 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=275,atl-edge;dur=268,atl-edge-internal;dur=15,atl-edge-upstream;dur=252,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="X0KiPO_levk2pNJaSzEoupoRqXqY8Bew_riD05G7RLz5XKhboHvFeQ==",cdn-downstream-fbl;dur=280 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -401,15 +401,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f9c7cdbfd821ee3522abb640c0e0a228.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Exe6rwETgCtikFB5Yqp4kauWBeJ9jMFvvtP-GASRUdpLHv9IVGjGZg== + - X0KiPO_levk2pNJaSzEoupoRqXqY8Bew_riD05G7RLz5XKhboHvFeQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - fdef4480d4f9e5086f38db2fb0607170 + - 3ca5a48a08e68783ac694fbf4badab0c X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -438,12 +438,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:51.965+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:36:00.770+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - f48decb9-b357-4d79-ab95-214e63ef80ea + - d21c2d73-5897-447b-9ad5-48fb223199bc Atl-Traceid: - - f48decb9b3574d79ab95214e63ef80ea + - d21c2d735897447b9ad548fb223199bc Cache-Control: - no-cache, no-store, no-transform Connection: @@ -453,7 +453,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:52 GMT + - Sat, 24 May 2025 10:36:00 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -463,7 +463,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=226,atl-edge;dur=194,atl-edge-internal;dur=14,atl-edge-upstream;dur=180,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="0ptdkM5p0c_2FBF3TzECDpvq8wy2m3-MMcgOuTI_ufeohrE63mYU-A==",cdn-downstream-fbl;dur=230 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=111,atl-edge;dur=102,atl-edge-internal;dur=16,atl-edge-upstream;dur=87,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="8VdAxHfjOr74Y4cSCNqntwdTELnc6PIGB5iaIiizyWGkP21PWueehg==",cdn-downstream-fbl;dur=115 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -473,15 +473,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 edb5724c2fa0963fde9c6c5089b747ce.cloudfront.net (CloudFront) + - 1.1 6750d77433312fa1bf305e9ae7af80ae.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 0ptdkM5p0c_2FBF3TzECDpvq8wy2m3-MMcgOuTI_ufeohrE63mYU-A== + - 8VdAxHfjOr74Y4cSCNqntwdTELnc6PIGB5iaIiizyWGkP21PWueehg== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - c96673c154360c4b933171253e71247d + - de45bb56fa5e49c79dbb0d98854e801a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -519,9 +519,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 9edcb912-e08e-4590-a45d-2cc0c599ca70 + - f413449e-2680-4fc4-8c07-160d001e3b80 Atl-Traceid: - - 9edcb912e08e4590a45d2cc0c599ca70 + - f413449e26804fc48c07160d001e3b80 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -531,7 +531,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:52 GMT + - Sat, 24 May 2025 10:36:01 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -541,7 +541,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=304,atl-edge;dur=272,atl-edge-internal;dur=18,atl-edge-upstream;dur=255,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="6_F75WW2HENvPPAka7_zAY0K_edEFbm1B95Ie8Yp2lEVFDFnq6Si8w==",cdn-downstream-fbl;dur=308 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=284,atl-edge;dur=277,atl-edge-internal;dur=15,atl-edge-upstream;dur=262,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="1ROh9yY_y7421rrohv7tLKidIaRoRuB8iUsi8zWZb0ORP0pHK7xwfQ==",cdn-downstream-fbl;dur=289 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -551,18 +551,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8139bc666c011a53bdc5037ba6d5931e.cloudfront.net (CloudFront) + - 1.1 f5d6b2021b5a22554c0e7f5b20207324.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - 6_F75WW2HENvPPAka7_zAY0K_edEFbm1B95Ie8Yp2lEVFDFnq6Si8w== + - 1ROh9yY_y7421rrohv7tLKidIaRoRuB8iUsi8zWZb0ORP0pHK7xwfQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 40fe438581a7b07a234e229a7c9f3e4f + - b033df59733ecbb93b1f167121f36af0 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -575,11 +575,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap2: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/346]\n\n*Defect - Dojo link:* http://localhost:8080/finding/346 (346)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/403]\n\n*Defect + Dojo link:* http://localhost:8080/finding/403 (403)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/140]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -597,7 +597,7 @@ interactions: Connection: - keep-alive Content-Length: - - '1323' + - '1324' Content-Type: - application/json User-Agent: @@ -606,12 +606,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"18293","key":"NTEST-1899","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18293"}' + string: '{"id":"19722","key":"NTEST-3050","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19722"}' headers: Atl-Request-Id: - - 19a70b48-7d79-4765-b263-9d84cb9e0e09 + - e591946c-bb26-468b-a694-c6ccecd1e3db Atl-Traceid: - - 19a70b487d794765b2639d84cb9e0e09 + - e591946cbb26468ba694c6ccecd1e3db Cache-Control: - no-cache, no-store, no-transform Connection: @@ -619,7 +619,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:53 GMT + - Sat, 24 May 2025 10:36:02 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -629,7 +629,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=689,atl-edge;dur=656,atl-edge-internal;dur=16,atl-edge-upstream;dur=641,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="_CMYRDPQ-F5qp1g7JPrX9PxDpof2wUiReWVRi2Pyjqz9roeICww0qg==",cdn-downstream-fbl;dur=693 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=742,atl-edge;dur=734,atl-edge-internal;dur=16,atl-edge-upstream;dur=718,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="tqNMm9hxOG-a0zznTMDI8Z2mDTtUPlnZnx8M_rT8PSniH-xStqH-_Q==",cdn-downstream-fbl;dur=766 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -639,15 +639,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 98d88908b69262fc69248986276dbe36.cloudfront.net (CloudFront) + - 1.1 0e12b175c31e0e750266df78bf0e1068.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - _CMYRDPQ-F5qp1g7JPrX9PxDpof2wUiReWVRi2Pyjqz9roeICww0qg== + - tqNMm9hxOG-a0zznTMDI8Z2mDTtUPlnZnx8M_rT8PSniH-xStqH-_Q== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 9ff94d0bb2f518a7c492eec93def97a6 + - be570e2ffff77a7ccf30be769c63772b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -673,19 +673,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1899 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3050 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18293","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18293","key":"NTEST-1899","fields":{"statuscategorychangedate":"2025-04-30T18:28:53.119+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19722","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19722","key":"NTEST-3050","fields":{"statuscategorychangedate":"2025-05-24T12:36:01.925+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1899/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:52.842+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tcf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:52.908+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3050/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:36:01.560+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010sv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:36:01.702+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/346]\n\n*Defect - Dojo link:* http://localhost:8080/finding/346 (346)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/403]\n\n*Defect + Dojo link:* http://localhost:8080/finding/403 (403)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/140]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -693,14 +693,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1899/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18293/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3050/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19722/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - d4fbb9dd-1cf8-4fcb-835a-7b709e75292e + - 2b16e8e6-45c3-43d0-bb87-fadd5da80ccb Atl-Traceid: - - d4fbb9dd1cf84fcb835a7b709e75292e + - 2b16e8e645c343d0bb87fadd5da80ccb Cache-Control: - no-cache, no-store, no-transform Connection: @@ -710,7 +710,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:53 GMT + - Sat, 24 May 2025 10:36:02 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -720,7 +720,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="bznfiE2j_EAbKUuj1FeueLG9CwDNYnD5cBrSThSB61I-wu4Sj4SvZw==",cdn-downstream-fbl;dur=293,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=55,cdn-upstream-fbl;dur=291,atl-edge;dur=217,atl-edge-internal;dur=17,atl-edge-upstream;dur=201,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=247,atl-edge;dur=239,atl-edge-internal;dur=16,atl-edge-upstream;dur=223,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="4NUWlaZDkddEuiTdkYk2ZlV7ErVRT8rf0YY_3AsiRo4HL3Bk503SGw==",cdn-downstream-fbl;dur=251 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -730,15 +730,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 dd3ca66f64c2ab5745848b5787ca747a.cloudfront.net (CloudFront) + - 1.1 1a89beee9d72657437f5e91f57220804.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - bznfiE2j_EAbKUuj1FeueLG9CwDNYnD5cBrSThSB61I-wu4Sj4SvZw== + - 4NUWlaZDkddEuiTdkYk2ZlV7ErVRT8rf0YY_3AsiRo4HL3Bk503SGw== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 16010740c1e50149a8cac150a147a79a + - 6f3f2525de1dada6934ad7810f07249b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -764,19 +764,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18293 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19722 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18293","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18293","key":"NTEST-1899","fields":{"statuscategorychangedate":"2025-04-30T18:28:53.119+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19722","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19722","key":"NTEST-3050","fields":{"statuscategorychangedate":"2025-05-24T12:36:01.925+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1899/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:52.842+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tcf:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:52.908+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3050/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:36:01.560+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010sv:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:36:01.702+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/346]\n\n*Defect - Dojo link:* http://localhost:8080/finding/346 (346)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap2: Cookie Without Secure Flag|http://localhost:8080/finding/403]\n\n*Defect + Dojo link:* http://localhost:8080/finding/403 (403)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/140]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -784,14 +784,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap2: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1899/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18293/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3050/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19722/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 5b43e845-8a5a-45c9-8a98-4cef341953c4 + - 012e7d3c-511c-4d53-9570-be4493d103bd Atl-Traceid: - - 5b43e8458a5a45c98a984cef341953c4 + - 012e7d3c511c4d539570be4493d103bd Cache-Control: - no-cache, no-store, no-transform Connection: @@ -801,7 +801,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:54 GMT + - Sat, 24 May 2025 10:36:02 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -811,7 +811,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="xv9P4ebBNOnI9CFbiywtqmX7CFmA2tHEbKcwdZNz2fuxWc8VCfr28g==",cdn-downstream-fbl;dur=345,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=63,cdn-upstream-fbl;dur=342,atl-edge;dur=256,atl-edge-internal;dur=14,atl-edge-upstream;dur=243,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=217,atl-edge;dur=209,atl-edge-internal;dur=18,atl-edge-upstream;dur=192,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="WtWR_Cjsu3la03pkHaBKb_mlYlLm6P_Qvo27EF3ClLYHWj9iQg6ARQ==",cdn-downstream-fbl;dur=221 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -821,15 +821,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f4931915c262d78fa3e94b48faa4f55a.cloudfront.net (CloudFront) + - 1.1 5e1e1cde81deec56515dcc5317501fe8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - xv9P4ebBNOnI9CFbiywtqmX7CFmA2tHEbKcwdZNz2fuxWc8VCfr28g== + - WtWR_Cjsu3la03pkHaBKb_mlYlLm6P_Qvo27EF3ClLYHWj9iQg6ARQ== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 7cd31fe2c954deb3b7617666a80b550d + - 2c5250b01e9a6a90b8c5ebbf467e56a2 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -842,14 +842,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, "url_ui": - "http://localhost:8080/test/128", "url_api": "http://localhost:8080/api/v2/tests/128/", + "http://localhost:8080/test/140", "url_api": "http://localhost:8080/api/v2/tests/140/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 128, "url_ui": "http://localhost:8080/test/128", "url_api": "http://localhost:8080/api/v2/tests/128/"}}' + 140, "url_ui": "http://localhost:8080/test/140", "url_api": "http://localhost:8080/api/v2/tests/140/"}}' headers: Accept: - application/json @@ -864,7 +864,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -878,13 +878,13 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"843\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:57274\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:36630\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": null, - \\\"url_ui\\\": \\\"http://localhost:8080/test/128\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/128/\\\", + \\\"url_ui\\\": \\\"http://localhost:8080/test/140\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/140/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": @@ -892,8 +892,8 @@ interactions: \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, \\\"test\\\": {\\\"title\\\": - null, \\\"id\\\": 128, \\\"url_ui\\\": \\\"http://localhost:8080/test/128\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/128/\\\"}}\",\n \"files\": + null, \\\"id\\\": 140, \\\"url_ui\\\": \\\"http://localhost:8080/test/140\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/140/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -903,11 +903,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 128,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/128/\",\n - \ \"url_ui\": \"http://localhost:8080/test/128\"\n },\n \"title\": + 140,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/140/\",\n + \ \"url_ui\": \"http://localhost:8080/test/140\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: ZAP Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/128/\",\n \"url_ui\": - \"http://localhost:8080/test/128\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/140/\",\n \"url_ui\": + \"http://localhost:8080/test/140\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -916,7 +916,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:54 GMT + - Sat, 24 May 2025 10:36:01 GMT Transfer-Encoding: - chunked status: @@ -925,19 +925,19 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan", "user": null, - "url_ui": "http://localhost:8080/test/128", "url_api": "http://localhost:8080/api/v2/tests/128/", + "url_ui": "http://localhost:8080/test/140", "url_api": "http://localhost:8080/api/v2/tests/140/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 128, "url_ui": "http://localhost:8080/test/128", "url_api": "http://localhost:8080/api/v2/tests/128/"}, - "finding_count": 2, "findings": {"new": [{"id": 345, "title": "Zap1: Cookie - Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/345", - "url_api": "http://localhost:8080/api/v2/findings/345/"}, {"id": 346, "title": - "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/346", - "url_api": "http://localhost:8080/api/v2/findings/346/"}], "reactivated": [], + 140, "url_ui": "http://localhost:8080/test/140", "url_api": "http://localhost:8080/api/v2/tests/140/"}, + "finding_count": 2, "findings": {"new": [{"id": 402, "title": "Zap1: Cookie + Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/402", + "url_api": "http://localhost:8080/api/v2/findings/402/"}, {"id": 403, "title": + "Zap2: Cookie Without Secure Flag", "severity": "Low", "url_ui": "http://localhost:8080/finding/403", + "url_api": "http://localhost:8080/api/v2/findings/403/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -953,7 +953,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.45.3 + - DefectDojo-2.46.2 X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -967,51 +967,51 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"1315\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.45.3\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.46.2\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.9:57288\",\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.6:36632\",\n \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: ZAP Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/128\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/128/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/140\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/140/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 128, \\\"url_ui\\\": \\\"http://localhost:8080/test/128\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/128/\\\"}, \\\"finding_count\\\": - 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 345, \\\"title\\\": \\\"Zap1: + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 140, \\\"url_ui\\\": \\\"http://localhost:8080/test/140\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/140/\\\"}, \\\"finding_count\\\": + 2, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 402, \\\"title\\\": \\\"Zap1: Cookie Without Secure Flag\\\", \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/345\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/345/\\\"}, - {\\\"id\\\": 346, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", - \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/346\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/346/\\\"}], \\\"reactivated\\\": + \\\"http://localhost:8080/finding/402\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/402/\\\"}, + {\\\"id\\\": 403, \\\"title\\\": \\\"Zap2: Cookie Without Secure Flag\\\", + \\\"severity\\\": \\\"Low\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/403\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/403/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 2,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 345,\n \"severity\": \"Low\",\n \"title\": - \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/345/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/345\"\n },\n - \ {\n \"id\": 346,\n \"severity\": \"Low\",\n \"title\": - \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/346/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/346\"\n }\n ],\n + \ \"id\": 402,\n \"severity\": \"Low\",\n \"title\": + \"Zap1: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/402/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/402\"\n },\n + \ {\n \"id\": 403,\n \"severity\": \"Low\",\n \"title\": + \"Zap2: Cookie Without Secure Flag\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/403/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/403\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 128,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/128/\",\n - \ \"url_ui\": \"http://localhost:8080/test/128\"\n },\n \"title\": + 140,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/140/\",\n + \ \"url_ui\": \"http://localhost:8080/test/140\"\n },\n \"title\": \"Created/Updated 2 findings for Security How-to: 1st Quarter Engagement: - ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/128/\",\n - \ \"url_ui\": \"http://localhost:8080/test/128\",\n \"user\": null\n + ZAP Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/140/\",\n + \ \"url_ui\": \"http://localhost:8080/test/140\",\n \"user\": null\n \ }\n}\n" headers: Access-Control-Allow-Credentials: @@ -1021,7 +1021,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Wed, 30 Apr 2025 16:28:54 GMT + - Sat, 24 May 2025 10:36:01 GMT Transfer-Encoding: - chunked status: @@ -1046,12 +1046,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:54.710+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:36:03.025+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 5d5e3e86-e38c-495f-956c-3660ebe98aac + - e0aa87ed-3a9d-4274-9ae0-af69fe22726a Atl-Traceid: - - 5d5e3e86e38c495f956c3660ebe98aac + - e0aa87ed3a9d42749ae0af69fe22726a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1061,7 +1061,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:54 GMT + - Sat, 24 May 2025 10:36:03 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1071,7 +1071,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="gr8dq17liX3k8U5VilCOXvexAsw6cbhlOgNIv2bbsPebfoBmwGj_AA==",cdn-downstream-fbl;dur=249,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=60,cdn-upstream-fbl;dur=246,atl-edge;dur=161,atl-edge-internal;dur=15,atl-edge-upstream;dur=148,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=111,atl-edge;dur=101,atl-edge-internal;dur=16,atl-edge-upstream;dur=87,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="JnR5sbzNnIC3_pfBL_Sp_VT92C77NDUZH11lfPDCcAb-akP5H8bvpQ==",cdn-downstream-fbl;dur=115 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1081,15 +1081,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 13926aef629bc9518d9ad769185e8c4e.cloudfront.net (CloudFront) + - 1.1 e086ec27af2d3105a1a9fa7efa1be454.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - gr8dq17liX3k8U5VilCOXvexAsw6cbhlOgNIv2bbsPebfoBmwGj_AA== + - JnR5sbzNnIC3_pfBL_Sp_VT92C77NDUZH11lfPDCcAb-akP5H8bvpQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 655c566a2e9fd830438e94ccde841f90 + - dbd53bbce4c8524a716c27f294377a63 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1115,19 +1115,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18291 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19721 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18291","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18291","key":"NTEST-1898","fields":{"statuscategorychangedate":"2025-04-30T18:28:50.547+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19721","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19721","key":"NTEST-3049","fields":{"statuscategorychangedate":"2025-05-24T12:35:59.758+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1898/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:50.307+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tc7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:50.383+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3049/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:59.444+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":[],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010sn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:35:59.531+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/345]\n\n*Defect - Dojo link:* http://localhost:8080/finding/345 (345)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/402]\n\n*Defect + Dojo link:* http://localhost:8080/finding/402 (402)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/140]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1135,14 +1135,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1898/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18291/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3049/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19721/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 1711a9c8-ae3c-4bab-ba98-6b3776d8bd95 + - 18fc7cdb-3da5-4a60-9fe7-19582cfd39b7 Atl-Traceid: - - 1711a9c8ae3c4babba986b3776d8bd95 + - 18fc7cdb3da54a609fe719582cfd39b7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1152,7 +1152,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:55 GMT + - Sat, 24 May 2025 10:36:03 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1162,7 +1162,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=289,atl-edge;dur=256,atl-edge-internal;dur=15,atl-edge-upstream;dur=242,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="AZcKi8z5hYrdNKnj0pz87DUw9PyT9PEklSJbOtrgFIuS1Qp9TczTVg==",cdn-downstream-fbl;dur=293 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=258,atl-edge;dur=251,atl-edge-internal;dur=16,atl-edge-upstream;dur=235,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="jls-0Lwevk2eMrCqqYdnmQWOa1nu-RUVmw5OOj_-qT018E9slqrXyQ==",cdn-downstream-fbl;dur=262 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1172,15 +1172,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b3ac893abff0a2c3dda216fe4cd9157a.cloudfront.net (CloudFront) + - 1.1 c337a55bb25a3540411fbbf6c8ad1b46.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - AZcKi8z5hYrdNKnj0pz87DUw9PyT9PEklSJbOtrgFIuS1Qp9TczTVg== + - jls-0Lwevk2eMrCqqYdnmQWOa1nu-RUVmw5OOj_-qT018E9slqrXyQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 4405564afc30a530a15c1b583578a5fb + - 69ebcd2e2268bda6b8e3fe70572996ef X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1218,9 +1218,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 3d7ffcf9-ae8c-47e9-9cef-0ec12fffeeda + - c298472c-b2ac-45e6-bd0e-4c9c04874325 Atl-Traceid: - - 3d7ffcf9ae8c47e99cef0ec12fffeeda + - c298472cb2ac45e6bd0e4c9c04874325 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1230,7 +1230,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:55 GMT + - Sat, 24 May 2025 10:36:03 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1240,7 +1240,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="I_OoHJkbjVsGl105Rhgiyr8vzJFB1S7TaMx-urmTwbK1faHT3GAWHA==",cdn-downstream-fbl;dur=393,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=58,cdn-upstream-fbl;dur=390,atl-edge;dur=312,atl-edge-internal;dur=15,atl-edge-upstream;dur=298,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=280,atl-edge;dur=272,atl-edge-internal;dur=13,atl-edge-upstream;dur=259,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="SuNdoCMHXAm8a7WwFOagQy5ZRBFuYpaQloVH6YMgOWOp62dbqL5Sow==",cdn-downstream-fbl;dur=284 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1250,18 +1250,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0835ebd52ef8594cd8aa4dac9cfbd9a8.cloudfront.net (CloudFront) + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - I_OoHJkbjVsGl105Rhgiyr8vzJFB1S7TaMx-urmTwbK1faHT3GAWHA== + - SuNdoCMHXAm8a7WwFOagQy5ZRBFuYpaQloVH6YMgOWOp62dbqL5Sow== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - fc9d6dfba576883faa613e26542abfde + - 40489a53d5efbf521227d807a8775bf0 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1274,11 +1274,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/345]\n\n*Defect - Dojo link:* http://localhost:8080/finding/345 (345)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/402]\n\n*Defect + Dojo link:* http://localhost:8080/finding/402 (402)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/140]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1296,21 +1296,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1336' + - '1337' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18291 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19721 response: body: string: '' headers: Atl-Request-Id: - - 8cbfdc5d-2e72-455b-b242-9bacd9b824a5 + - de8e59a7-1e1f-4b63-99c8-a1db96e08f3f Atl-Traceid: - - 8cbfdc5d2e72455bb2429bacd9b824a5 + - de8e59a71e1f4b6399c8a1db96e08f3f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1318,7 +1318,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:56 GMT + - Sat, 24 May 2025 10:36:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1328,7 +1328,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=700,atl-edge;dur=667,atl-edge-internal;dur=15,atl-edge-upstream;dur=653,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="tBDn-lTEar6M-2MPcdHGLGfg6MFucUAr6gXF5B1qL0UPdktJg1aAWg==",cdn-downstream-fbl;dur=706 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=630,atl-edge;dur=620,atl-edge-internal;dur=19,atl-edge-upstream;dur=602,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="6MW7JnbF_wTH-j0Jr1e7Q4NiHviQ6wvOLn12hnv__zrfk93NvEYrtQ==",cdn-downstream-fbl;dur=635 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1336,15 +1336,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c31337642f54c5bd34bb485701d02e8a.cloudfront.net (CloudFront) + - 1.1 ca1ae3b3ff3d7a9e41b26e307972401e.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - tBDn-lTEar6M-2MPcdHGLGfg6MFucUAr6gXF5B1qL0UPdktJg1aAWg== + - 6MW7JnbF_wTH-j0Jr1e7Q4NiHviQ6wvOLn12hnv__zrfk93NvEYrtQ== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 297dcf1a95dadf5bd671adc36e67b357 + - fa4873a2a839d2ad2508c81001c10215 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1370,19 +1370,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18291 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19721 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18291","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18291","key":"NTEST-1898","fields":{"statuscategorychangedate":"2025-04-30T18:28:50.547+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19721","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19721","key":"NTEST-3049","fields":{"statuscategorychangedate":"2025-05-24T12:35:59.758+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1898/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:50.307+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":["tag1","tag2"],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tc7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:56.277+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3049/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:59.444+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":["tag1","tag2"],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010sn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:36:04.230+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/345]\n\n*Defect - Dojo link:* http://localhost:8080/finding/345 (345)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/402]\n\n*Defect + Dojo link:* http://localhost:8080/finding/402 (402)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/140]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1390,14 +1390,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1898/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18291/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3049/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19721/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 3a578414-e0df-4a52-b07b-e5f6b991a6ae + - e5d37e24-872d-4de9-8393-a6d7a31b270a Atl-Traceid: - - 3a578414e0df4a52b07be5f6b991a6ae + - e5d37e24872d4de98393a6d7a31b270a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1407,7 +1407,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:56 GMT + - Sat, 24 May 2025 10:36:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1417,7 +1417,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="lpoTTJ2Gqe-PjyOKOh4unTGAWtjICQmOUY-JLYe4crCLLcacZ2VDYw==",cdn-downstream-fbl;dur=346,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=65,cdn-upstream-fbl;dur=343,atl-edge;dur=259,atl-edge-internal;dur=16,atl-edge-upstream;dur=243,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=197,atl-edge;dur=189,atl-edge-internal;dur=14,atl-edge-upstream;dur=175,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="p7yNKsW1_JX3AX4fFSAyIQFEI6wfti3stJakY6Dw2LTmi_M4FLgPeA==",cdn-downstream-fbl;dur=201 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1427,15 +1427,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a9a3eef6ee6df44793fb3d5e366a7238.cloudfront.net (CloudFront) + - 1.1 74511018c757716e70d811d8214e45e0.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - lpoTTJ2Gqe-PjyOKOh4unTGAWtjICQmOUY-JLYe4crCLLcacZ2VDYw== + - p7yNKsW1_JX3AX4fFSAyIQFEI6wfti3stJakY6Dw2LTmi_M4FLgPeA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - c1b3476854148b2e46c0cfa47e1f42ca + - 9c3029fe8449cce49129ae69dabf3464 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1464,12 +1464,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:57.412+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:36:04.934+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 8d44063f-23d6-4b06-9ad2-29d2f1ef8be1 + - f3f5bf01-08fa-4d41-a260-7c0e53d95a42 Atl-Traceid: - - 8d44063f23d64b069ad229d2f1ef8be1 + - f3f5bf0108fa4d41a2607c0e53d95a42 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1479,7 +1479,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:57 GMT + - Sat, 24 May 2025 10:36:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1489,7 +1489,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="boltMrFqw6_F6ykVAQCSEfa2tFLTu4b7kX2Yx_DtimUM6SNDvVsMrw==",cdn-downstream-fbl;dur=249,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=57,cdn-upstream-fbl;dur=241,atl-edge;dur=165,atl-edge-internal;dur=15,atl-edge-upstream;dur=150,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=110,atl-edge;dur=102,atl-edge-internal;dur=14,atl-edge-upstream;dur=88,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="zCKuyS415FbcmOtrRo75PrWIGbVoir_fijDPK5rUeeVTrHYKWHXidA==",cdn-downstream-fbl;dur=113 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1499,15 +1499,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5a3010bd9376613ba1249daca87b27a2.cloudfront.net (CloudFront) + - 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - boltMrFqw6_F6ykVAQCSEfa2tFLTu4b7kX2Yx_DtimUM6SNDvVsMrw== + - zCKuyS415FbcmOtrRo75PrWIGbVoir_fijDPK5rUeeVTrHYKWHXidA== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - de50d9735dddad5eb34ca9a1ab6b4f61 + - 4dcd300386214b57dedb9f34a35ead4b X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1533,19 +1533,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18291 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19721 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18291","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18291","key":"NTEST-1898","fields":{"statuscategorychangedate":"2025-04-30T18:28:50.547+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19721","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19721","key":"NTEST-3049","fields":{"statuscategorychangedate":"2025-05-24T12:35:59.758+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1898/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:50.307+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":["tag1","tag2"],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tc7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:56.277+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3049/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:59.444+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":["tag1","tag2"],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010sn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:36:04.230+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/345]\n\n*Defect - Dojo link:* http://localhost:8080/finding/345 (345)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/402]\n\n*Defect + Dojo link:* http://localhost:8080/finding/402 (402)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/140]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1553,14 +1553,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1898/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18291/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3049/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19721/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 0cc13a8a-f808-435e-a0ca-7d38066a4d0b + - 06199cdd-0c59-47e6-a518-7c9469c24c57 Atl-Traceid: - - 0cc13a8af808435ea0ca7d38066a4d0b + - 06199cdd0c5947e6a5187c9469c24c57 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1570,7 +1570,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:57 GMT + - Sat, 24 May 2025 10:36:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1580,7 +1580,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="U9zwB_W6TivEc4e7UmyTJQokLT4YnN8Etk2qiVm7mjdvF6TDDix-eA==",cdn-downstream-fbl;dur=344,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=66,cdn-upstream-fbl;dur=341,atl-edge;dur=251,atl-edge-internal;dur=18,atl-edge-upstream;dur=232,atl-edge-pop;desc="aws-us-east-1" + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="jVvtWlXwrEsJe2E6Hs4583E4JDFjbD8Hjz24BkzPOaEOu9w5LqZ0vQ==",cdn-downstream-fbl;dur=264,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=19,cdn-upstream-fbl;dur=261,atl-edge;dur=233,atl-edge-internal;dur=16,atl-edge-upstream;dur=217,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1590,15 +1590,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3699bc5ea5aacbe1d32ebe3e874f0c68.cloudfront.net (CloudFront) + - 1.1 00f66bc6263192200d1a0cdb83e969f8.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - U9zwB_W6TivEc4e7UmyTJQokLT4YnN8Etk2qiVm7mjdvF6TDDix-eA== + - jVvtWlXwrEsJe2E6Hs4583E4JDFjbD8Hjz24BkzPOaEOu9w5LqZ0vQ== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 4151ce2365ca08b2be05c20ba539501f + - a7bc62bcb8560e0abe6409a4841a0b59 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1627,12 +1627,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:28:58.315+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:36:05.558+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 79387217-fbe9-40f7-a30d-b016c1f267f0 + - faf48273-3d1c-47b2-8db2-a99a3711f5b7 Atl-Traceid: - - 79387217fbe940f7a30db016c1f267f0 + - faf482733d1c47b28db2a99a3711f5b7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1642,7 +1642,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:58 GMT + - Sat, 24 May 2025 10:36:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1652,7 +1652,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=200,atl-edge;dur=167,atl-edge-internal;dur=19,atl-edge-upstream;dur=148,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="mZn6WeKaeIa09nAgHdMxhWaxE5mnLYDKk-q5hAQp2-ZHkzpaxEh8Yw==",cdn-downstream-fbl;dur=205 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=115,atl-edge;dur=107,atl-edge-internal;dur=16,atl-edge-upstream;dur=92,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="6n5hjtWx0wuobR6D1XQ12WQt2pTfg33AW_jiUQBpXX0YvmqQzU7dUw==",cdn-downstream-fbl;dur=120 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1662,15 +1662,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1918cab433d8a05c792c3cff85897f3c.cloudfront.net (CloudFront) + - 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - mZn6WeKaeIa09nAgHdMxhWaxE5mnLYDKk-q5hAQp2-ZHkzpaxEh8Yw== + - 6n5hjtWx0wuobR6D1XQ12WQt2pTfg33AW_jiUQBpXX0YvmqQzU7dUw== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 7c118b47c71f58ce6ae266def87e00fe + - e31d466610c880224865d75367e7248a X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1696,19 +1696,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18291 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19721 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18291","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18291","key":"NTEST-1898","fields":{"statuscategorychangedate":"2025-04-30T18:28:50.547+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19721","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19721","key":"NTEST-3049","fields":{"statuscategorychangedate":"2025-05-24T12:35:59.758+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1898/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:50.307+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":["tag1","tag2"],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tc7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:28:56.277+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3049/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:59.444+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":["tag1","tag2"],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010sn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:36:04.230+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/345]\n\n*Defect - Dojo link:* http://localhost:8080/finding/345 (345)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/402]\n\n*Defect + Dojo link:* http://localhost:8080/finding/402 (402)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/140]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1716,14 +1716,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1898/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18291/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3049/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19721/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - 5d76eea8-bad3-4227-a0b5-dd5d1d0ce69c + - 07344177-706b-4e8d-bd3e-debf7c46ad43 Atl-Traceid: - - 5d76eea8bad34227a0b5dd5d1d0ce69c + - 07344177706b4e8dbd3edebf7c46ad43 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1733,7 +1733,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:58 GMT + - Sat, 24 May 2025 10:36:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1743,7 +1743,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="nEkUZGs63fP425tm9sT7TwNwE879ur-A8VXfcz0JveV4mXPE1EaTUQ==",cdn-downstream-fbl;dur=369,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=64,cdn-upstream-fbl;dur=365,atl-edge;dur=278,atl-edge-internal;dur=20,atl-edge-upstream;dur=259,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=219,atl-edge;dur=211,atl-edge-internal;dur=18,atl-edge-upstream;dur=194,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="GEci6aCNwWG9gXkm0nzm9xtpNjK3s0Vd78TVhzj_N7Z0rtGEnrwq1w==",cdn-downstream-fbl;dur=223 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1753,15 +1753,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5b8f26c7595104a396342213c43d8b98.cloudfront.net (CloudFront) + - 1.1 19f569e782b5b925c41d8bc4e292cc7a.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - nEkUZGs63fP425tm9sT7TwNwE879ur-A8VXfcz0JveV4mXPE1EaTUQ== + - GEci6aCNwWG9gXkm0nzm9xtpNjK3s0Vd78TVhzj_N7Z0rtGEnrwq1w== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - fb121bfca2e81745d5f45f5508f5141a + - 11b63e173aa1ca04ab10e32c458e1dc2 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1799,9 +1799,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 858e8346-50e8-4703-a98f-c7c99136fd86 + - d7300d8e-3b65-4648-8be3-ddabe66d6454 Atl-Traceid: - - 858e834650e84703a98fc7c99136fd86 + - d7300d8e3b6546488be3ddabe66d6454 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1811,7 +1811,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:28:59 GMT + - Sat, 24 May 2025 10:36:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1821,7 +1821,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="sfB47UNycbCJF_SKSgn-p9fRsGwreqlkLrKyU_AvM3lhZ9W13C3cfg==",cdn-downstream-fbl;dur=408,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=62,cdn-upstream-fbl;dur=406,atl-edge;dur=322,atl-edge-internal;dur=19,atl-edge-upstream;dur=303,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=255,atl-edge;dur=246,atl-edge-internal;dur=17,atl-edge-upstream;dur=229,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="k1JJYS-uU5nxoWLkXy3pEUUKklwNQ2RuQrYIRNi6xpiLSA7uGhDqcg==",cdn-downstream-fbl;dur=259 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1831,18 +1831,18 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8f3e5b5af450fbcfb7e821f6aa6b3d76.cloudfront.net (CloudFront) + - 1.1 29d6db1b5ecb170f22487453430df556.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - sfB47UNycbCJF_SKSgn-p9fRsGwreqlkLrKyU_AvM3lhZ9W13C3cfg== + - k1JJYS-uU5nxoWLkXy3pEUUKklwNQ2RuQrYIRNi6xpiLSA7uGhDqcg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 31e3bad0a1b71f6500bd839b98b0082d + - 7bc11f07d97805047bcf5cecc2e660a6 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1855,11 +1855,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Zap1: Cookie Without Secure Flag", "description": "\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/345]\n\n*Defect - Dojo link:* http://localhost:8080/finding/345 (345)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/402]\n\n*Defect + Dojo link:* http://localhost:8080/finding/402 (402)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/140]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1878,21 +1878,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1368' + - '1369' Content-Type: - application/json User-Agent: - python-requests/2.32.3 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18291 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19721 response: body: string: '' headers: Atl-Request-Id: - - 107ad6c8-57a2-4a8e-9ed4-3d22177fb852 + - a3c200c5-234a-45a2-8756-6ec16a4d16eb Atl-Traceid: - - 107ad6c857a24a8e9ed43d22177fb852 + - a3c200c5234a45a287566ec16a4d16eb Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1900,7 +1900,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:29:00 GMT + - Sat, 24 May 2025 10:36:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1910,7 +1910,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=595,atl-edge;dur=561,atl-edge-internal;dur=17,atl-edge-upstream;dur=543,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="ip2N5sqRxrpV-3-s2PkvOlcPtFLI6OpiLy05u8mJytKXIqgW306gWw==",cdn-downstream-fbl;dur=599 + - cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="h0r5zJgRFfn8fLzBcEz-8Z6HHk6rct6lfpZizQ4gfJlR7KKyYrAh_g==",cdn-downstream-fbl;dur=493,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=488,atl-edge;dur=458,atl-edge-internal;dur=16,atl-edge-upstream;dur=442,atl-edge-pop;desc="aws-eu-central-1" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1918,15 +1918,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c7697b9c4955dc41900ab918dddd33e0.cloudfront.net (CloudFront) + - 1.1 18c617ef1621da46798c2b8cbc1c808c.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - ip2N5sqRxrpV-3-s2PkvOlcPtFLI6OpiLy05u8mJytKXIqgW306gWw== + - h0r5zJgRFfn8fLzBcEz-8Z6HHk6rct6lfpZizQ4gfJlR7KKyYrAh_g== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 5cc5839cc7a527257deefb84300703a4 + - 25d87a9219808290dd16c4630cf70441 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1952,19 +1952,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18291 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19721 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18291","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18291","key":"NTEST-1898","fields":{"statuscategorychangedate":"2025-04-30T18:28:50.547+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19721","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19721","key":"NTEST-3049","fields":{"statuscategorychangedate":"2025-05-24T12:35:59.758+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1898/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:50.307+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":["tag1","tag2","tag3","tag4"],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tc7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:29:00.016+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3049/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:59.444+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":["tag1","tag2","tag3","tag4"],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010sn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:36:06.558+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/345]\n\n*Defect - Dojo link:* http://localhost:8080/finding/345 (345)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/402]\n\n*Defect + Dojo link:* http://localhost:8080/finding/402 (402)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/140]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -1972,14 +1972,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1898/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18291/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3049/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19721/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - a7408a79-66cd-4613-8cd3-359621f5ef6b + - 970b9331-d2d6-4fa3-b19d-539262a35b32 Atl-Traceid: - - a7408a7966cd46138cd3359621f5ef6b + - 970b9331d2d64fa3b19d539262a35b32 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1989,7 +1989,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:29:00 GMT + - Sat, 24 May 2025 10:36:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1999,7 +1999,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=295,atl-edge;dur=262,atl-edge-internal;dur=14,atl-edge-upstream;dur=248,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="DFW57-P1",cdn-rid;desc="oteCz7vKMCDJ7l25IeyPxgShC27n4LzMwuHzIiYuGY-neGV4NJSf2w==",cdn-downstream-fbl;dur=299 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=237,atl-edge;dur=229,atl-edge-internal;dur=16,atl-edge-upstream;dur=213,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="ho9zUS4KxGmWTGK_SUG8GXWSAYGWOPrml-5AAO-Qsi13nQhlXCIqJA==",cdn-downstream-fbl;dur=240 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2009,15 +2009,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 223f95455b0bb3057583bfe63e0d5c7a.cloudfront.net (CloudFront) + - 1.1 e4bbc916b7f96771ed58c0d668318acc.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - oteCz7vKMCDJ7l25IeyPxgShC27n4LzMwuHzIiYuGY-neGV4NJSf2w== + - ho9zUS4KxGmWTGK_SUG8GXWSAYGWOPrml-5AAO-Qsi13nQhlXCIqJA== X-Amz-Cf-Pop: - - DFW57-P1 + - AMS1-P1 X-Arequestid: - - 8bd987459c28bddb4cdf93d555e95d6a + - 5920afe34bcad294fefd8612fc9cfe92 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2046,12 +2046,12 @@ interactions: uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-04-29T22:58:24.000+0200","serverTime":"2025-04-30T18:29:01.059+0200","scmInfo":"0bc1b6ccc33af448636c49e0141bd2e25a26f3ec","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100283,"buildDate":"2025-05-22T15:20:46.000+0200","serverTime":"2025-05-24T12:36:07.306+0200","scmInfo":"09e6132c00c64e0fa0d67a2cb4c3c6fb8573a034","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - fa0a704c-e173-48d4-8022-26c7ce7046a9 + - 9f038a7a-5d89-4aaa-bf60-4f6a5401b08e Atl-Traceid: - - fa0a704ce17348d4802226c7ce7046a9 + - 9f038a7a5d894aaabf604f6a5401b08e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2061,7 +2061,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:29:01 GMT + - Sat, 24 May 2025 10:36:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2071,7 +2071,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="ORD56-P1",cdn-rid;desc="Qfa0hs5vepFX9o8yfTAAAWJPX_bmvOc5gWOtGiVkt_7DpEwYKOZPcA==",cdn-downstream-fbl;dur=241,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=57,cdn-upstream-fbl;dur=239,atl-edge;dur=162,atl-edge-internal;dur=14,atl-edge-upstream;dur=149,atl-edge-pop;desc="aws-us-east-1" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=119,atl-edge;dur=111,atl-edge-internal;dur=16,atl-edge-upstream;dur=95,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="jOhJJ6RlZuM9HoP9Abs4L9HPh4JirkflfbB4OLdMeN36G_zi5t66tg==",cdn-downstream-fbl;dur=123 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2081,15 +2081,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 7b64a70fe0edcfd6cd8e281be975ea8a.cloudfront.net (CloudFront) + - 1.1 f89ae7540cfd7be6febf2f3e1ef03e18.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - Qfa0hs5vepFX9o8yfTAAAWJPX_bmvOc5gWOtGiVkt_7DpEwYKOZPcA== + - jOhJJ6RlZuM9HoP9Abs4L9HPh4JirkflfbB4OLdMeN36G_zi5t66tg== X-Amz-Cf-Pop: - - ORD56-P1 + - AMS1-P1 X-Arequestid: - - 97357c05a4b58f731936fb0076531214 + - bd4b7b7bb396351b2f9b2e15ada65f13 X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2115,19 +2115,19 @@ interactions: User-Agent: - python-requests/2.32.3 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/18291 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/19721 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"18291","self":"https://defectdojo.atlassian.net/rest/api/2/issue/18291","key":"NTEST-1898","fields":{"statuscategorychangedate":"2025-04-30T18:28:50.547+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"19721","self":"https://defectdojo.atlassian.net/rest/api/2/issue/19721","key":"NTEST-3049","fields":{"statuscategorychangedate":"2025-05-24T12:35:59.758+0200","issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"customfield_10031":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10032":null,"customfield_10033":null,"fixVersions":[],"aggregatetimespent":null,"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1898/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-04-30T18:28:50.307+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":["tag1","tag2","tag3","tag4"],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The - Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i00tc7:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-04-30T18:29:00.016+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"customfield_10035":null,"resolution":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3049/watchers","watchCount":1,"isWatching":true},"lastViewed":null,"created":"2025-05-24T12:35:59.444+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low.svg","name":"Low","id":"4"},"labels":["tag1","tag2","tag3","tag4"],"customfield_10016":null,"customfield_10017":null,"customfield_10018":{"hasEpicLinkFieldDependency":false,"showField":false,"nonEditableReason":{"reason":"PLUGIN_LICENSE_ERROR","message":"The + Parent Link is only available to Jira Premium users."}},"customfield_10019":"0|i010sn:","timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"updated":"2025-05-24T12:36:06.558+0200","status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"timeoriginalestimate":null,"customfield_10053":null,"description":"\n\n\n\n\n\n*Title*: - [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/345]\n\n*Defect - Dojo link:* http://localhost:8080/finding/345 (345)\n\n*Severity:* Low\n\n\n*Due - Date:* Aug. 28, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* + [Zap1: Cookie Without Secure Flag|http://localhost:8080/finding/402]\n\n*Defect + Dojo link:* http://localhost:8080/finding/402 (402)\n\n*Severity:* Low\n\n\n*Due + Date:* Sept. 21, 2025\n\n\n\n*CWE:* [CWE-614|https://cwe.mitre.org/data/definitions/614.html]\n\n\n\n*CVE:* Unknown\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/128]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* + / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [ZAP Scan|http://localhost:8080/test/140]\n\n\n\n\n\n\n\n\n*Systems/Endpoints*:\n\n* https://mainsite.com/dashboard\n* https://mainsite.com\n\n\n\n\n\n\n\n*Description*:\nA cookie has been set without the secure flag, which means that the cookie can\nbe accessed via unencrypted connections.\n\n\n\n\n*Mitigation*:\nWhenever a cookie @@ -2135,14 +2135,14 @@ interactions: be passed using an encrypted channel. Ensure that the secure\nflag is set for cookies containing such sensitive information.\n\n\n\n\n\n*Impact*:\nNone\n\n\n\n\n\n*References*:\nhttp://www.owasp.org/index.php/Testing_for_cookies_attributes_(OWASP-SM-002)\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10055":null,"customfield_10056":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10049":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"aggregatetimeestimate":null,"summary":"Zap1: - Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody - Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1898/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/18291/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' + Cookie Without Secure Flag","creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn + Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10001":null,"customfield_10046":null,"customfield_10002":[],"customfield_10003":null,"customfield_10047":null,"customfield_10004":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"environment":null,"duedate":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3049/votes","votes":0,"hasVoted":false},"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/19721/comment","maxResults":0,"total":0,"startAt":0},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]}}}' headers: Atl-Request-Id: - - de6bfce1-0fe6-4b4e-98ca-c5361642cd69 + - e47931ac-14b6-4840-aa2e-8caa4d6bc2e3 Atl-Traceid: - - de6bfce10fe64b4e98cac5361642cd69 + - e47931ac14b64840aa2e8caa4d6bc2e3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2152,7 +2152,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Wed, 30 Apr 2025 16:29:01 GMT + - Sat, 24 May 2025 10:36:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2162,7 +2162,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=445,atl-edge;dur=359,atl-edge-internal;dur=16,atl-edge-upstream;dur=343,atl-edge-pop;desc="aws-us-east-1",cdn-cache-miss,cdn-pop;desc="ORD58-P1",cdn-rid;desc="vwXJeG_2e-9tj9QurSF7LWDmd-_g05YKsT-4awjxu0V9_oHRSJyuLg==",cdn-downstream-fbl;dur=450 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=263,atl-edge;dur=255,atl-edge-internal;dur=16,atl-edge-upstream;dur=240,atl-edge-pop;desc="aws-eu-central-1",cdn-cache-miss,cdn-pop;desc="AMS1-P1",cdn-rid;desc="A0qPSIvTHdCYBRlMETMiZNFhqhmpbU8MIHimxyHGgtsnUB6G5NRivw==",cdn-downstream-fbl;dur=267 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2172,15 +2172,15 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c8780798b589dc6b55523ca0a9bc3c02.cloudfront.net (CloudFront) + - 1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront) X-Aaccountid: - - 5d3878b170e3c90c952f91f6 + - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 X-Amz-Cf-Id: - - vwXJeG_2e-9tj9QurSF7LWDmd-_g05YKsT-4awjxu0V9_oHRSJyuLg== + - A0qPSIvTHdCYBRlMETMiZNFhqhmpbU8MIHimxyHGgtsnUB6G5NRivw== X-Amz-Cf-Pop: - - ORD58-P1 + - AMS1-P1 X-Arequestid: - - 436a2b899fc1478df1686158d488f7c4 + - ce85e77e52bd2a189a9c4017aaef2a21 X-Cache: - Miss from cloudfront X-Content-Type-Options: