Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-10 10:40:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 53
fleet/server/datastore
History
Michal Nicpon 9ad1721efd
fix issue with duplicate vulns detected using nvd (#8613) 
The OVAL analyzer falsely assumes that any vulnerabilities detected on a
host only come from OVAL. However, it is possible that NVD detects
vulnerabilities on these hosts even though it excludes software from
deb_packages and rpm_packages. For example, a python package twisted
v22.20 has a vulnerability CVE-2022-39348 detected by NVD. The OVAL
analyzer would delete this vulnerability, and it would be re-inserted by
the NVD scanner on the next run. This creates a loop.

The fix is to only delete vulnerabilities that are actually detected
using OVAL. We already store this in the source column in the
software_cve table.
2022-11-10 10:28:00 -07:00
..
cached_mysql Deep-clone the appconfig when getting from cache (#8194) 2022-10-17 15:03:49 -04:00
mysql fix issue with duplicate vulns detected using nvd (#8613) 2022-11-10 10:28:00 -07:00
mysqlredis Track active hosts count and enforce limit (#6099) 2022-06-13 16:29:32 -04:00
redis Detect the NOPERM error to mean redis cluster is disabled (#5058) 2022-04-11 16:17:30 -04:00
s3 adjust installers endpoint to avoid AJAX downloads (#7226) 2022-08-16 12:54:41 -03:00