An Important Database Left Open is Discovered:

Several months ago I discovered a database left open line labeled US-Elasticsearch-Production-1. By November I discovered a curious company called Granicus. They are one of the larger vendors of government SaaS software and services. I reached out to Granicus on November 27th 2019, January 11th 2020, and February 6th, 2020 but unfortunately heard nothing back.


A Strange Company is Found:

I have no idea what to make of this organization. They are responsible for a lot of things of good importance the national 911 system and the website for the US Senate. Below is a screenshot from one of their open Jenkins servers. I actually found a couple of these.

An open Jenkins server that belonged to Granicus.


Some Bad Things Could Have Resulted:

I will show later how you could have changed content or swapped out links on pages such as https://floor.senate.gov. Here is a screenshot of what is on that page:

This is a screenshot of senate.gov/floor. This page is generated at runtime by content in the database, so if you change the database...you change this page.