OpenSSL Vulnerability

Incident Report for Procore Technologies

Resolved

This incident has been resolved.
Posted Dec 14, 2022 - 08:40 PST

Monitoring

Procore is aware of the recently disclosed vulnerabilities affecting OpenSSL versions 3.0.0 to 3.0.6. Further details are available within OpenSSL's advisory for CVE-2022-3786 and CVE-2022-3602.

Procore has seen no indication that these vulnerabilities have impacted the Procore platform's security. Procore is monitoring this issue, and will patch any identified vulnerable instances of OpenSSL.

We'll post updates here as additional information becomes available.
Posted Nov 01, 2022 - 12:36 PDT