18913 ignore rejected NVD vulnerabilities (#20193)

#18913 Recreating PR (ref: https://github.com/fleetdm/fleet/pull/19972)

changes/18913-ignore-rejected-cves

@@ -0,0 +1 @@
+CVEs identified as 'Rejected' in NVD will no longer match against software

server/vulnerabilities/nvd/cve_test.go

@@ -318,7 +318,9 @@ func TestTranslateCPEToCVE(t *testing.T) {
 				{ID: "CVE-2023-42950", resolvedInVersion: "17.2"},
 				{ID: "CVE-2024-23273", resolvedInVersion: "17.4"},
 			},
-			excludedCVEs:      []string{"CVE-2023-28205"},
+			excludedCVEs: []string{
+				"CVE-2023-28205", // This vulnerability is for Safari 16.4.0
+			},
 			continuesToUpdate: true,
 		},
 		"cpe:2.3:a:apple:safari:16.4.0:*:*:*:*:macos:*:*": {

server/vulnerabilities/nvd/sync/cve_syncer.go

@@ -199,6 +199,9 @@ func (s *CVE) updateYearFile(year int, cves []nvdapi.CVEItem) error {
 	// Convert new API 2.0 format to legacy feed format and create map of new CVE information.
 	newLegacyCVEs := make(map[string]*schema.NVDCVEFeedJSON10DefCVEItem)
 	for _, cve := range cves {
+		if cve.CVE.VulnStatus != nil && *cve.CVE.VulnStatus == "Rejected" {
+			continue
+		}
 		legacyCVE := convertAPI20CVEToLegacy(cve.CVE, s.logger)
 		newLegacyCVEs[legacyCVE.CVE.CVEDataMeta.ID] = legacyCVE
 	}
@@ -249,6 +252,9 @@ func (s *CVE) updateVulnCheckYearFile(year int, cves []VulnCheckCVE, modCount, a
 	// Convert new API 2.0 format to legacy feed format and create map of new CVE information.
 	newLegacyCVEs := make(map[string]*schema.NVDCVEFeedJSON10DefCVEItem)
 	for _, cve := range cves {
+		if cve.CVE.VulnStatus != nil && *cve.CVE.VulnStatus == "Rejected" {
+			continue
+		}
 		legacyCVE := convertAPI20CVEToLegacy(cve.CVE, s.logger)
 		updateWithVulnCheckConfigurations(legacyCVE, cve.VcConfigurations)
 		newLegacyCVEs[legacyCVE.CVE.CVEDataMeta.ID] = legacyCVE