mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
7a54a2de22
Fixes #28261. ~~Of note, this logic will prefer a non-primary CVSSv3.1 score over a primary CVSSv3.0 score if 3.1 doesn't have primary but 3.0 does. I haven't seen any evidence of this in our dataset (looked at 2024 output).~~ Updated with logic that will prefer a primary CVSSv3.0 score over a secondary CVSSv3.1 score for a given vulnerability. In the test dataset (2023 vuln snapshot, ~20k vulns) there were no cases where this situation presented itself, so output was identical to the prior implementation. Validated by comparing a vulns run from GitHub Actions to a local run with the new code, and confirmed that existing v3 scores weren't replaced when they already existed (just got adds of v2 when only v3 existed, and v2/v3 adds when no scoring existed). Confirmed that all three CVEs mentioned in #28261 show up in feed data. Added spot-checks for secondary CVSS scores to the feed validator tool. # Checklist for submitter If some of the following don't apply, delete the relevant line. <!-- Note that API documentation changes are now addressed by the product design team. --> - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [x] Manual QA for all new/changed functionality |
||
|---|---|---|
| .. | ||
| .keep | ||
| 21539-macos-redis-cluster | ||
| 24083-app-metadata | ||
| 25545-mac-app-sha256 | ||
| 25547-smtp-setup-test-email-warning | ||
| 26674-update-disk-info-docs | ||
| 26693-verify-linux-escrowed-userkey | ||
| 26996-and-28452-skip-webview-popup | ||
| 27085-sync-host-failing-policies-count | ||
| 27233-fix-cursor-alignment-issue | ||
| 27255-hide-script-content-for-saved-scripts | ||
| 27396-win-11-cis-4 | ||
| 27522-installer-encoding | ||
| 27609-user-menu-style | ||
| 27667-fix-TooltipTruncatedText | ||
| 27700-validate-bootstrap-is-distribution-pkg | ||
| 27701-fix-manual-label-with-duplicate-serials | ||
| 27867-fix-chrome-profiles-not-reset-after-reenroll | ||
| 27888-CIS-issue | ||
| 27979-ddm-profile-verification | ||
| 28038-uninstall | ||
| 28099-sha-hash | ||
| 28110-gitOps-mode-add-package-view-yaml | ||
| 28118-clear-gitops-settings | ||
| 28196-SCIM-for-Entra-ID | ||
| 28197-SCIM-for-authentik | ||
| 28205-skip-policies-during-setup-experience | ||
| 28259-software-auto-install-policy-activity | ||
| 28261-cvss-fallback | ||
| 28440-deleting-non-managed-gitops-labels | ||
| 28521-host-activity-read-disk-key | ||
| 28532-fix-query-edit-permissinos | ||
| 28560-add-neon-to-linux-platforms | ||
| 28652-copy-button-consistency | ||
| 28699-support-running-scripts-on-host-batches-defined-by-filter | ||
| 28700-add-bulk-execute-by-script | ||
| 28701-batch-script-cancel | ||
| 28762-batch-resend-profile-to-hosts | ||
| 28821-frequency-to-interval | ||
| 28857-vuln-checks | ||
| 28865-disk-encryption-key-font | ||
| 28884-update-manage-query-automations-modal | ||
| 28929-fleet-desktop-errors | ||
| 29042-windows-mdm-query-enhancement | ||
| 29078-update-opa-dependency | ||
| 29090-cancel-profile-delivery-on-delete | ||
| 29143-add-batch-script-summary-endpoint | ||
| 29197-fma-search | ||
| 29345-new-ubuntus | ||
| 29357-bugfix-activate-next-activity-of-hosts-on-upcoming-deletion | ||
| issue-23784-turn-off-mdm-iphone-ipad | ||
| issue-28215-allow-fleet-secrets-for-macos-setup-script | ||
| issue-28757-ui-for-profiles-status-and-batch-resend | ||
| issue-28759-ui-for-filter-hosts-by-config-profile-status | ||
| issue-28761-filter-list-hosts-by-profile | ||
| warn-on-save-script | ||