Wikimedia Security Team/AppSec Clinic Minutes/2022-06-13

Date: 2022-06-13

Attending: MMartorana_(WMF), MStyles_(WMF), SBassett_(WMF)

MMartorana_(WMF)
1. T307278 - Patch still in progress
2. T308583 - Triaged, moved to secteam Watching, done.
3. T309411 - Urbanecm wrote/deployed config patch, done.
4. T309894 - Tag MW-Core, core platform, determine ownership.
MStyles_(WMF)
1. T306514 - Still in-progress
2. T308473 - Reached out to Daimona regarding a patch
3. T309255 - Recommended retire affected extension, under further review
4. T290313 - Deemed low risk
5. T309943 - Zabe added, tag Traffic/Brandon, see who can look at remaining items
Reedy_(WMF)
1. T306516 - No update at this time
2. T306211 - No update at this time
3. T309703 - Assigned for further review and triage
SBassett_(WMF)
1. T308471 - Patch written and posted, just push through gerrit
2. T308861 - Patch written and posted, try to get CR then deploy
3. T309078 - Possibly triage more and add teams/owners?

Processed a bunch of low risk tools XSS (see SBassett_(WMF) for more details)
T310023 - Assigned to MMartorana_(WMF) for triage
T310069 - Assigned to MStyles_(WMF) for triage
T310098 - Assigned to SBassett_(WMF) for triage
1. Resolved for now, suggested making public in a week.
T310304 - Assigned to MMartorana_(WMF) for triage
T310393 - Assigned to Reedy_(WMF) to triage
T310312 - Assigned to SBassett_(WMF) to verify and complete
T310314 - Assigned to SBassett_(WMF) to verify and complete