mirror of
https://github.com/fleetdm/fleet
synced 2026-05-23 17:08:53 +00:00
28704fe447
**Related issue:** Resolves #35194 The NVD database for CVE-2023-28205 contains two broad CPE match rules: Safari: Any version < 16.4.1 is vulnerable macOS: Any version < 13.3.1 is vulnerable The problem is Safari versions 13.x, 14.x, and 15.x were never actually vulnerable to this CVE and macOS versions 10.x, 11.x, and 12.x never received a system-level fix for this CVE. Apple fixed the cve in two ways 1. Safari 16.4.1 standalone update 2. macOS Ventura 13.3.1 system update fix at the OS level This is why there is such a complicated `IgnoreIf` for the `CPEMatchingRule`. If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. ## Testing - [x] Added/updated automated tests - [ ] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes * **Bug Fixes** * Improved accuracy of Safari CVE-2023-28205 vulnerability detection with version-specific filtering for Safari 16.0-16.4.0 and macOS Ventura. * **Tests** * Added comprehensive test coverage for CVE-2023-28205 across multiple Safari versions and macOS releases. <sub>✏️ Tip: You can customize this high-level summary in your review settings.</sub> <!-- end of auto-generated comment: release notes by coderabbit.ai -->
1 line
No EOL
49 B
Text
1 line
No EOL
49 B
Text
* Fixed false positives for Safari CVE-2023-28205 |