Revert "Ignore Rejected CVEs" (#20183)

changes/18913-ignore-rejected-cves

@@ -1 +0,0 @@
-CVEs identified as 'Rejected' in NVD will no longer match against software

server/vulnerabilities/nvd/cve_test.go

@@ -318,9 +318,7 @@ func TestTranslateCPEToCVE(t *testing.T) {
 				{ID: "CVE-2023-42950", resolvedInVersion: "17.2"},
 				{ID: "CVE-2024-23273", resolvedInVersion: "17.4"},
 			},
-			excludedCVEs: []string{
-				"CVE-2023-28205", // This vulnerability is for Safari 16.4.0
-			},
+			excludedCVEs:      []string{"CVE-2023-28205"},
 			continuesToUpdate: true,
 		},
 		"cpe:2.3:a:apple:safari:16.4.0:*:*:*:*:macos:*:*": {

server/vulnerabilities/nvd/sync/cve_syncer.go

@@ -199,9 +199,6 @@ func (s *CVE) updateYearFile(year int, cves []nvdapi.CVEItem) error {
 	// Convert new API 2.0 format to legacy feed format and create map of new CVE information.
 	newLegacyCVEs := make(map[string]*schema.NVDCVEFeedJSON10DefCVEItem)
 	for _, cve := range cves {
-		if cve.CVE.VulnStatus != nil && *cve.CVE.VulnStatus == "Rejected" {
-			continue
-		}
 		legacyCVE := convertAPI20CVEToLegacy(cve.CVE, s.logger)
 		newLegacyCVEs[legacyCVE.CVE.CVEDataMeta.ID] = legacyCVE
 	}
@@ -252,9 +249,6 @@ func (s *CVE) updateVulnCheckYearFile(year int, cves []VulnCheckCVE, modCount, a
 	// Convert new API 2.0 format to legacy feed format and create map of new CVE information.
 	newLegacyCVEs := make(map[string]*schema.NVDCVEFeedJSON10DefCVEItem)
 	for _, cve := range cves {
-		if cve.CVE.VulnStatus != nil && *cve.CVE.VulnStatus == "Rejected" {
-			continue
-		}
 		legacyCVE := convertAPI20CVEToLegacy(cve.CVE, s.logger)
 		updateWithVulnCheckConfigurations(legacyCVE, cve.VcConfigurations)
 		newLegacyCVEs[legacyCVE.CVE.CVEDataMeta.ID] = legacyCVE