All findings (15)
Severity-sorted. Click any row for full detail, reproduction steps, and remediation.
Critical · 1
High · 3
Medium · 5
Low · 3
Info · 3
ID
Severity
CVSS
Title
Asset
CRZ-006
critical
9.8
Jira Server 7.12.3 (2018 EOL) — multiple unauth RCE CVEs
jira.corezoid.com
CRZ-002
high
8.2
Public Kubernetes API server (EKS pre-prod)
track.pre.corezoid.com
CRZ-007
high
8.1
OpenSSH 8.7 public — vulnerable to regreSSHion (CVE-2024-6387)
corezoid-ma.dev.corezoid.com:22
CRZ-009
high
9.3
41+ secrets in public GitHub repos (AWS key, admin tokens, TLS keys)
corezoid/helm + corezoid_ansible_roles
CRZ-008
medium
4.2
Auth cookie without SameSite; GET endpoints accept mw alone
admin.corezoid.com
CRZ-010
medium
—
Systemic Kubernetes hardening gaps (377 Checkov failures)
corezoid/helm charts
CRZ-011
medium
3.7
Weak TLS (TLSv1.1, 3DES Sweet32, non-PFS ciphers)
vpn.corezoid.com
CRZ-012
medium
3.9
Corezoid public API uses SHA-1 (non-HMAC) for request signing
api.corezoid.com + all /api/2/*
CRZ-015
medium
4.3
Widget shim postMessage origin bypass via user-controlled appName
widget.simulator.company/shim.js
CRZ-001
low
5.3
RFC1918 internal IPs in public DNS
admin-pre.corezoid.com
CRZ-003
low
5.3
Default nginx welcome page on production ALB
widget.simulator.company
CRZ-013
low
4.8
Destructive workflow CRUD ops without confirmation/audit/MFA
admin.corezoid.com/api/2/json
CRZ-004
info
5.3
Prod docs hosted as publicly-shareable Google Doc
doc.corezoid.com
CRZ-005
info
—
OpenVPN-AS version fingerprint
vpn.corezoid.com
CRZ-014
info
—
Super-user grants cross-tenant workspace CRUD (authz granularity)
admin.corezoid.com/api/2/json