Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 52

Ignoring Valve Corporation's Steam client's vulnerabilities on Windows and macOS (#18380)

Browse source 
#18126
Ignoring Valve Corporation's Steam client's vulnerabilities on Windows
and macOS
- On Windows and macOS, the true version of the Steam client (like
2021-04-10) cannot be retrieved by standard methods used on other
software. We would need to create custom logic to retrieve the version
of the Steam client.
- Steam client automatically updates itself, so security risk is
somewhat mitigated.

QA note: Items from software_cve table are cleared after 2 hours.

# Checklist for submitter

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [ ] Added/updated tests
- [x] Manual QA for all new/changed functionality
This commit is contained in:
Victor Lyuboslavsky 2024-04-18 10:12:49 -05:00 committed by GitHub
parent de92d94dbd
commit 72cc82f60d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 22 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
changes/18126-steam-vulns Normal file
View file

@ -0,0 +1,3 @@
Ignoring Valve Corporation's Steam client's vulnerabilities on Windows and macOS
- On Windows and macOS, the true version of the Steam client (like 2021-04-10) cannot be retrieved by standard methods used on other software. We would need to create custom logic to retrieve the version of the Steam client.
- Steam client automatically updates itself, so security risk is somewhat mitigated.

18
server/vulnerabilities/nvd/cpe_translations.json
View file

@ -359,5 +359,23 @@
"product": ["edge_chromium"],
"vendor": ["microsoft"]
}
},
{
"software": {
"name": ["Steam"],
"source": ["programs"]
},
"filter": {
"skip": true
}
},
{
"software": {
"name": ["Steam.app"],
"source": ["apps"]
},
"filter": {
"skip": true
}
}
]

1
server/vulnerabilities/nvd/cve_test.go
View file

@ -131,6 +131,7 @@ func (d *threadSafeDSMock) InsertSoftwareVulnerability(ctx context.Context, vuln
}
func TestTranslateCPEToCVE(t *testing.T) {
t.Parallel()
ctx := context.Background()
// NVD_TEST_VULNDB_DIR can be used to speed up development (sync vulnerability data only once).