{"uuid": "6c7da54b-4a89-4c3b-b82b-0ef409654cab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-14847", "type": "seen", "source": "https://gist.github.com/ef-edulog/0bee69846618d0a876540d4100e03ccc", "content": "\n\n\n\n\nJira Report \u2014 DO / IM / S2\n\n :root {\n --bg: #fff; --bg2: #f5f4ef; --bg3: #ebebeb;\n --tx: #1a1a1a; --tx2: #666660; --tx3: #999994;\n --info: #185FA5; --bdr: rgba(0,0,0,0.12); --bdr2: rgba(0,0,0,0.22);\n --r: 8px; --rl: 12px;\n --font: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;\n --mono: 'SF Mono','Fira Code',monospace;\n }\n @media(prefers-color-scheme:dark){\n :root{--bg:#1e1e1c;--bg2:#2a2a28;--bg3:#333330;--tx:#f0efe8;--tx2:#a8a79f;--tx3:#6e6e68;--info:#85B7EB;--bdr:rgba(255,255,255,0.1);--bdr2:rgba(255,255,255,0.18)}\n }\n *{box-sizing:border-box;margin:0;padding:0}\n body{font-family:var(--font);background:var(--bg);color:var(--tx);padding:24px;max-width:1300px;margin:0 auto}\n h1{font-size:18px;font-weight:500;margin-bottom:4px}\n .sub{font-size:12px;color:var(--tx2);margin-bottom:20px}\n .tabs{display:flex;gap:6px;margin-bottom:1.25rem;flex-wrap:wrap}\n .tab{padding:5px 13px;border:0.5px solid var(--bdr2);border-radius:var(--r);font-size:13px;cursor:pointer;background:var(--bg);color:var(--tx2)}\n .tab.active{background:var(--bg2);color:var(--tx);font-weight:500}\n .tab:hover:not(.active){background:var(--bg2)}\n .legend{display:flex;gap:14px;flex-wrap:wrap;margin-bottom:1rem;font-size:11px;color:var(--tx2);align-items:center}\n .li{display:flex;align-items:center;gap:4px}\n .ld{width:9px;height:9px;border-radius:2px}\n .summary-grid{display:grid;grid-template-columns:repeat(3,minmax(0,1fr));gap:8px;margin-bottom:1.25rem}\n .metric{background:var(--bg2);border-radius:var(--r);padding:10px 12px}\n .ml{font-size:11px;color:var(--tx2);margin-bottom:3px}\n .mv{font-size:20px;font-weight:500}\n .project-block{margin-bottom:1.1rem;border:0.5px solid var(--bdr);border-radius:var(--rl);overflow:hidden}\n .ph{padding:9px 14px;border-bottom:0.5px solid var(--bdr);display:flex;align-items:center;justify-content:space-between}\n .pn{font-size:13px;font-weight:500}\n .pm{font-size:11px;color:var(--tx2)}\n .th{padding:5px 14px;font-size:11px;font-weight:500;color:var(--tx2);background:var(--bg2);display:flex;align-items:center;gap:6px;border-top:0.5px solid var(--bdr)}\n .tc{background:var(--bg3);color:var(--tx2);padding:1px 6px;border-radius:var(--r);font-size:10px}\n .cols{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:4px 14px;font-size:10px;color:var(--tx3);background:var(--bg2);border-top:0.5px solid var(--bdr)}\n .ir{display:grid;grid-template-columns:80px 1fr 86px 82px 82px 80px 98px;gap:4px;padding:6px 14px;align-items:start;border-top:0.5px solid var(--bdr);font-size:11px}\n .ir.stale{background:rgba(250,238,218,0.3)}\n .ir.highest{background:rgba(252,235,235,0.35)}\n .ir.overdue{background:rgba(252,235,235,0.45)}\n .ir.stale.highest,.ir.stale.overdue{background:rgba(250,220,200,0.45)}\n @media(prefers-color-scheme:dark){\n .ir.stale{background:rgba(99,56,6,0.2)}.ir.highest{background:rgba(121,31,31,0.2)}\n .ir.overdue{background:rgba(121,31,31,0.3)}.ir.stale.highest,.ir.stale.overdue{background:rgba(110,40,6,0.28)}\n }\n .ik{color:var(--info);font-size:10px;font-family:var(--mono);white-space:nowrap;text-decoration:none}\n .ik:hover{text-decoration:underline}\n .is{color:var(--tx);line-height:1.4;overflow:hidden;display:-webkit-box;-webkit-line-clamp:2;-webkit-box-orient:vertical}\n .ia{color:var(--tx2);font-size:10px;overflow:hidden;text-overflow:ellipsis;white-space:nowrap}\n .dt{font-size:10px;white-space:nowrap}\n .upd-ok{color:var(--tx2)}.upd-stale{color:#BA7517;font-weight:500}\n .due-ok{color:var(--tx2)}.due-over{color:#A32D2D;font-weight:500}\n .cr{color:var(--tx2)}\n @media(prefers-color-scheme:dark){.upd-stale{color:#FAC775}.due-over{color:#F7C1C1}}\n .dot-h{display:inline-block;width:5px;height:5px;border-radius:50%;background:#E24B4A;margin-right:2px;vertical-align:middle}\n .dot-s{display:inline-block;width:5px;height:5px;border-radius:50%;background:#EF9F27;margin-right:2px;vertical-align:middle}\n .dot-d{display:inline-block;width:5px;height:5px;border-radius:50%;background:#D85A30;margin-right:2px;vertical-align:middle}\n .sb{font-size:10px;padding:2px 6px;border-radius:var(--r);text-align:center;white-space:nowrap}\n .s-ip{background:#FAEEDA;color:#854F0B}.s-td{background:#E1F5EE;color:#0F6E56}\n .s-oi{background:#FCEBEB;color:#A32D2D}.s-xx{background:var(--bg2);color:var(--tx2)}\n @media(prefers-color-scheme:dark){\n .s-ip{background:#633806;color:#FAC775}.s-td{background:#085041;color:#9FE1CB}.s-oi{background:#791F1F;color:#F7C1C1}\n }\n .empty{padding:16px;text-align:center;color:var(--tx3);font-size:12px}\n .footer{font-size:11px;color:var(--tx3);margin-top:24px}\n\n\n\n\nJira Active Issues Report \u2014 DO / IM / S2\n\nGenerated June 19, 2026 at 09:58 AM  \u00b7  Excludes Done, Fixed, Canceled, Deferred  \u00b7  https://karrostech.atlassian.net\n\nLast 24 hrs24\u201348 hrs ago2\u20137 days agoOlder than 7 days\n\n\n Highest priority\n Stale \u22655 business days\n Due date missed\n\n\n\n\n\nDO \u2014 Edulog DevOps\n1\n\nIM \u2014 Incident Management\n1\n\nS2 \u2014 Soc-2 & Security\n0\n \n\n \n\n DO \u2014 Edulog DevOps\n 1 active issue\n \n \n\n KeySummaryAssignee\n CreatedLast updatedDue dateStatus\n \nStory 1\n \n\n DO-2380\n Aldine, TX - Please run Talend script\n Amy Madzelonka\n Jun 18, '26\n Jun 18, '26\n \u2014\n Verification\n \n \n\n \n\n IM \u2014 Incident Management\n 1 active issue\n \n \n\n KeySummaryAssignee\n CreatedLast updatedDue dateStatus\n \nStory 1\n \n\n IM-7662\n Shared School Services, ON - Parent Portal Auto Follow Feature No Longer Working\n Boluwatife Olaifa\n Jun 18, '26\n Jun 18, '26\n \u2014\n WORK IN PROGRESS\n \n\n\n\nDO \u2014 Edulog DevOps\n0\n\nIM \u2014 Incident Management\n0\n\nS2 \u2014 Soc-2 & Security\n0\n\n\n\nDO \u2014 Edulog DevOps\n4\n\nIM \u2014 Incident Management\n1\n\nS2 \u2014 Soc-2 & Security\n0\n \n\n \n\n DO \u2014 Edulog DevOps\n 4 active issues\n \n \n\n KeySummaryAssignee\n CreatedLast updatedDue dateStatus\n \nTask 4\n \n\n DO-2371\n Duval, FL - Please update ASDI for fall data\n Cory Emlen\n Jun 16, '26\n Jun 16, '26\n \u2014\n Backlog\n \n \n\n DO-2364\n Shared School Services - Set up GTS integration\n Chukwuemeka Chukwurah\n Jun 16, '26\n Jun 16, '26\n Jun 18, '26\n Backlog\n \n \n\n DO-2351\n Superior, WI - Please Deploy Web Query\n JD Holwick\n Jun 12, '26\n Jun 15, '26\n \u2014\n Backlog\n \n \n\n DO-2349\n Princeton, NJ - Setup ASDI in Plan\n Cory Emlen\n Jun 12, '26\n Jun 15, '26\n \u2014\n IN PROGRESS\n \n \n\n \n\n IM \u2014 Incident Management\n 1 active issue\n \n \n\n KeySummaryAssignee\n CreatedLast updatedDue dateStatus\n \nStory 1\n \n\n IM-7654\n Telematics is broken for multiple clients\n Mide Dickson\n Jun 12, '26\n Jun 12, '26 (5d)\n \u2014\n WORK IN PROGRESS\n \n\n\n\nDO \u2014 Edulog DevOps\n37\n\nIM \u2014 Incident Management\n13\n\nS2 \u2014 Soc-2 & Security\n0\n \n\n \n\n DO \u2014 Edulog DevOps\n 37 active issues\n \n \n\n KeySummaryAssignee\n CreatedLast updatedDue dateStatus\n \nATH New site request 4\n \n\n DO-2230\n Stokes, NC - Athena Conversion from Legacy\n Shontelle Talks Different\n Jun 9, '26\n Jun 19, '26\n Jun 16, '26\n Verification\n \n \n\n DO-2229\n Hillsborough, FL - Athena Conversion from Legacy\n JD Holwick\n Jun 9, '26\n Jun 17, '26\n Jun 19, '26\n IN PROGRESS\n \n \n\n DO-2197\n Newport News, VA - Athena Deployment\n JD Holwick\n Jun 4, '26\n Jun 15, '26\n \u2014\n IN PROGRESS\n \n \n\n DO-1787\n Elyria, OH - Athena Conversion from Legacy\n Cory Emlen\n Mar 17, '26\n Apr 30, '26 (36d)\n Apr 17, '26\n Blocked\n \nBug 4\n \n\n DO-1855\n There is no data available in Route assignment, Live substitution modules of Telematcis for Johnston site\n Mide Dickson\n Mar 26, '26\n Mar 26, '26 (61d)\n \u2014\n To Do\n \n \n\n DO-1854\n There is no data available in multiple pages like Students, Runs, Routes modules of Routing for Johnston site \n Mide Dickson\n Mar 26, '26\n Mar 26, '26 (61d)\n \u2014\n To Do\n \n \n\n DO-1786\n [EastAllen, IN 1.78 Smoke]CA Result CSV \u2013 Export fails for valid dates with 400 Bad Request (invalid page number)\n Dane Elwood\n Mar 17, '26\n Mar 26, '26 (61d)\n \u2014\n Blocked\n \n \n\n DO-1512\n 500 Internal Server Err on Search API [UAT01/1.78]\n Vader\n Feb 27, '26\n May 29, '26 (15d)\n \u2014\n To Do\n \nStory 5\n \n\n DO-2235\n San Bernardino, CA - SY2627 Data Area - delete stops \n Nathan Bible\n Jun 9, '26\n Jun 12, '26 (5d)\n \u2014\n Backlog\n \n \n\n DO-2025\n Birdville, TX - Please deploy Telematics\n Cory Emlen\n Apr 29, '26\n May 7, '26 (31d)\n \u2014\n Verification\n \n \n\n DO-1940\n AthenaProdMSK: Fix 47 Kafka topics with RF=1 (AWS Health: AWS_KAFKA_HIGH_RISK_CONFIG_RF_EQUALS_ONE)\n Josiah Brown\n Apr 13, '26\n Apr 13, '26 (49d)\n \u2014\n Backlog\n \n \n\n DO-1926\n Pitt, NC - Opt service looks to be off \n Josiah Brown\n Apr 9, '26\n Apr 14, '26 (48d)\n \u2014\n Verification\n \n \n\n DO-1112\n Lake Superior, MN Clone - Map Work Package\n David Goldberg\n Nov 20, '25\n Mar 9, '26 (74d)\n \u2014\n IN PROGRESS\n \nTask 24\n \n\n DO-2267\n Hernando, FL - Update to Talend Scripts for (Next) for school 351 \n Cory Emlen\n Jun 12, '26\n Jun 15, '26\n \u2014\n IN PROGRESS\n \n \n\n DO-2262\n Cobb County, GA - Set Up ASDI in fall Sandbox\n Cory Emlen\n Jun 11, '26\n Jun 16, '26\n \u2014\n IN PROGRESS\n \n \n\n DO-2261\n Cleveland, OH - Set Up ASDI for nextyear Sandbox\n JD Hawk\n Jun 11, '26\n Jun 15, '26\n \u2014\n Backlog\n \n \n\n DO-2245\n Newport News, VA - Athena SSO\n Vader\n Jun 10, '26\n Jun 10, '26 (7d)\n \u2014\n IN PROGRESS\n \n \n\n DO-2218\n Johnston, NC - Clone - Stop Checking\n Dan McGuire\n Jun 8, '26\n Jun 10, '26 (7d)\n \u2014\n Backlog\n \n \n\n DO-2165\n Wichita, KS - Update ASDI/Talend to Protect School Code only for 065\n Cory Emlen\n Jun 1, '26\n Jun 16, '26\n \u2014\n IN PROGRESS\n \n \n\n DO-2101\n Add workforce.edulog.com hosts to Keycloak `driver-portal` client Web Origins + Valid Redirect URIs (3 realms)\n Brandon Donnelson\n May 18, '26\n May 18, '26 (24d)\n \u2014\n IN PROGRESS\n \n \n\n DO-2099\n Add 6 Namecheap CNAMEs for workforce.edulog.com (DP V2 web SPA) + update 3 CloudFront distros with alias + ACM cert\n Brandon Donnelson\n May 18, '26\n May 18, '26 (24d)\n \u2014\n IN PROGRESS\n \n \n\n DO-2055\n Montour-PA - Set up additional ASDI for sandbox 2627sy\n Cory Emlen\n May 7, '26\n Jun 15, '26\n \u2014\n Verification\n \n \n\n DO-2006\n Remove non-active Tenants from Grafana Plan Ingestion Global Audit\n \u2014\n Aug 25, '25\n Jun 8, '26 (9d)\n \u2014\n To Do\n \n \n\n DO-1891\n Create AWS Prod IAM User for mmujtaba\n Josiah Brown\n Apr 2, '26\n Apr 2, '26 (56d)\n \u2014\n Verification\n \n \n\n DO-1868\n EKS Upgrade: karros-prod (1.32 \u2192 1.33)\n Josiah Brown\n Mar 30, '26\n Apr 4, '26 (55d)\n \u2014\n Backlog\n \n \n\n DO-1867\n EKS Upgrade: ath-prod-usw2 (1.32 \u2192 1.33)\n Josiah Brown\n Mar 30, '26\n Apr 4, '26 (55d)\n \u2014\n Backlog\n \n \n\n DO-1810\n Brevard-FL - Update Tenant Reports \"Bulletin Bus Run\" \n \u2014\n Mar 20, '26\n Mar 20, '26 (65d)\n \u2014\n Backlog\n \n \n\n DO-1748\n San Bernardino, CA - Scan History is showing the wrong time\n Brandon Donnelson\n Mar 11, '26\n Jun 9, '26 (8d)\n \u2014\n IN PROGRESS\n \n \n\n DO-1445\n Migrate workload to \"new\" ASG\n Josiah Brown\n Feb 11, '26\n Feb 18, '26 (87d)\n \u2014\n Backlog\n \n \n\n DO-1425\n Delete AWS Client VPN\n Josiah Brown\n Feb 4, '26\n Feb 18, '26 (87d)\n \u2014\n Backlog\n \n \n\n DO-1158\n Patch CVE-2025-14847 for Mongo Services running 8.0.4\n Vader\n Dec 24, '25\n May 6, '26 (32d)\n \u2014\n On hold\n \n \n\n DO-1125\n Update Crush SG/NACL to not allow internet traffic and restrict to the AWS VPN\n Josiah Brown\n Dec 3, '25\n Feb 18, '26 (87d)\n \u2014\n Backlog\n \n \n\n DO-1077\n Legacy AWS Client Uninstall - Full Cancelation\n Vader\n Nov 13, '25\n Feb 5, '26 (96d)\n \u2014\n On hold\n \n \n\n DO-1049\n Vulnerability - LOW: X-Content-Type-Options Header Missing\n Josiah Brown\n Oct 22, '25\n Mar 3, '26 (78d)\n \u2014\n Backlog\n \n \n\n DO-1048\n Vulnerability - MODERATE: missing anti-clickjacking header\n Josiah Brown\n Oct 22, '25\n Feb 18, '26 (87d)\n \u2014\n Backlog\n \n \n\n DO-1013\n Move all athena-legacy EC2 Instances to have Encrypted EBS Volumes\n Josiah Brown\n Oct 29, '25\n Feb 18, '26 (87d)\n \u2014\n Backlog\n \n \n\n DO-677\n need to implement a lifecycle policy for s3 buckets backups\n \u2014\n May 9, '25\n Feb 18, '26 (87d)\n \u2014\n Backlog\n \n \n\n \n\n IM \u2014 Incident Management\n 13 active issues\n \n \n\n KeySummaryAssignee\n CreatedLast updatedDue dateStatus\n \nStory 13\n \n\n IM-7646\n Summer School Trips not Available\n Brandon Donnelson\n Jun 10, '26\n Jun 12, '26 (5d)\n \u2014\n Ready for UAT\n \n \n\n IM-7635\n Katy, TX - Bell Time Tasks are taking an hour to save\n Mide Dickson\n Jun 3, '26\n Jun 4, '26 (11d)\n \u2014\n WORK IN PROGRESS\n \n \n\n IM-7634\n East Allen, IN - SY2627 data area has incorrect student information\n Mide Dickson\n Jun 3, '26\n Jun 11, '26 (6d)\n \u2014\n WORK IN PROGRESS\n \n \n\n IM-7623\n PPF - Ride Registration Address Option not working- SM \n Boluwatife Olaifa\n May 28, '26\n Jun 19, '26\n \u2014\n Open Issue\n \n \n\n IM-7605\n East Allen, IN - Getting an error when replacing plan with summer26 sandbox\n Vader\n May 20, '26\n May 27, '26 (17d)\n \u2014\n WORK IN PROGRESS\n \n \n\n IM-7595\n Framingham MA - Parent portal not working again this morning\n Brandon Donnelson\n May 15, '26\n May 22, '26 (20d)\n \u2014\n Open Issue\n \n \n\n IM-7594\n Murfreesboro TN - Parent Portal Lite buses not tracking this morning\n Brandon Donnelson\n May 15, '26\n May 15, '26 (25d)\n \u2014\n Blocker\n \n \n\n IM-7592\n Framingham MA - Parent portal not tracking, and showing in the state of Texas\n Brandon Donnelson\n May 14, '26\n May 27, '26 (17d)\n \u2014\n Open Issue\n \n \n\n IM-7588\n Framingham MA, reporting parent portal is DOWN\n Brandon Donnelson\n May 13, '26\n May 14, '26 (26d)\n \u2014\n Open Issue\n \n \n\n IM-7577\n I am unable to see any of the buses that had tablets installed yesterday in parent portal lite. Parents are receiving a message that \"no vehicle is currently assigned to this route\"\n Brandon Donnelson\n May 7, '26\n May 7, '26 (31d)\n \u2014\n Blocker\n \n \n\n IM-7571\n Cleveland, OH - Client Reported Delays in Both Telematics and with Parent Portal Messages this Morning\n \u2014\n May 5, '26\n May 5, '26 (33d)\n \u2014\n Open Issue\n \n \n\n IM-7569\n Zonar - Delay / Omission of pings to SM, PP\n Nick Sundberg\n May 5, '26\n May 8, '26 (30d)\n \u2014\n Open Issue\n \n \n\n IM-7564\n Knox, TN - Gps units not reporting in since yesterday\n Brandon Donnelson\n May 1, '26\n May 8, '26 (30d)\n \u2014\n Open Issue\n \n\nData sourced live from Jira on June 19, 2026 at 09:58 AM.\n\nfunction showTab(key,el){\n document.querySelectorAll('.tab').forEach(t=>t.classList.remove('active'));\n el.classList.add('active');\n document.querySelectorAll('.pane').forEach(p=>p.style.display='none');\n document.getElementById('pane-'+key).style.display='block';\n}\n\n\n", "creation_timestamp": "2026-06-19T15:58:33.000000Z"}