fleet/server/vulnerabilities
Michal Nicpon 9ad1721efd
fix issue with duplicate vulns detected using nvd (#8613)
The OVAL analyzer falsely assumes that any vulnerabilities detected on a
host only come from OVAL. However, it is possible that NVD detects
vulnerabilities on these hosts even though it excludes software from
deb_packages and rpm_packages. For example, a python package twisted
v22.20 has a vulnerability CVE-2022-39348 detected by NVD. The OVAL
analyzer would delete this vulnerability, and it would be re-inserted by
the NVD scanner on the next run. This creates a loop.

The fix is to only delete vulnerabilities that are actually detected
using OVAL. We already store this in the source column in the
software_cve table.
2022-11-10 10:28:00 -07:00
..
msrc Feature 7494: Use the MSRC security bulletin artifacts for detecting Win OS vulnerabilities (#7889) 2022-10-28 11:12:21 -04:00
nvd Feature 7494: Use the MSRC security bulletin artifacts for detecting Win OS vulnerabilities (#7889) 2022-10-28 11:12:21 -04:00
oval fix issue with duplicate vulns detected using nvd (#8613) 2022-11-10 10:28:00 -07:00
testdata Feature 7077: Add MSRC feed parser (#7424) 2022-08-30 16:39:50 -04:00
utils fix issue with duplicate vulns detected using nvd (#8613) 2022-11-10 10:28:00 -07:00