Granicus Response to MS-ISAC security bulletin
Incident Report for Granicus System
This incident has been resolved.
Posted Jul 24, 2019 - 15:03 MDT
On July 23rd, MS-ISAC flagged a file sitting in a Granicus managed Amazon AWS storage service called S3 as being potentially affected by the Magecart Campaign vulnerability. In the alert, govAccess was cited as being the affected product. Alerts were sent to MS-ISAC Members via email of the following title " Message from the MS-ISAC: Supply Chain Compromise - Granicus govAccess CMS Serving MageCart Information Skimming Code - TLP: AMBER"

In regards to the greater Magecart vulnerability, Granicus identified and resolved this original vulnerability in one of its Amazon S3 assets back in April 2019. During that time it was confirmed that no production or application systems were affected. Additionally the Amazon S3 asset associated with this alert was related to Granicus Boards and Commissions, not govAccess, as reported.

After reviewing the newest alert from Monday July 21, Granicus Security and Platform Engineers determined that the MS-ISAC alert was being triggered by a Javascript file no longer associated or being utilized by any Granicus software or services. As of Tuesday, July 23rd, this file has been immediately removed from the affected S3 bucket as a result of those alerts. Additionally , Granicus will be performing maintenance during our normal product release on Friday, July 26th to ensure these alerts don’t occur in the future. In short - no Granicus infrastructure, applications, data or client data were/are affected or at risk.

A full technical description / analysis is also being drafted and will be made available upon request. If you have any questions, please contact Granicus Customer Support via our portal

Granicus Security and Support
Posted Jul 24, 2019 - 14:11 MDT
This incident affected: govAccess - Website and Content (govAccess Vision CMS) and govMeetings - Live Video, Legislative and Agenda (Boards & Commissions).