Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore NVD Rejected CVEs #18913

Closed
pacamaster opened this issue May 10, 2024 · 11 comments
Closed

Ignore NVD Rejected CVEs #18913

pacamaster opened this issue May 10, 2024 · 11 comments
Assignees
@mostlikelee
Labels
bug Something isn't working as documented customer-stazzema customer-ufa #g-endpoint-ops Endpoint ops product group :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release. ~vulnerability-management

Comments

@pacamaster
Copy link
Contributor

pacamaster commented May 10, 2024
edited by mostlikelee
Loading

Fleet version:
Fleet 4.49.1
Web browser and operating system:
Current browser and OS

💥  Actual behavior

CVE-2024-23252
This is detected on macOS 14.4.1 but this CVE doesn't affect 14.4
cpe:2.3:o:apple:macos:14.3:::::::* (Official)
https://nvd.nist.gov/vuln/detail/CVE-2024-23252

It looks like the Safari version is being mixed with the OS version.

image

CVE-2024-23252-
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

🧑‍💻  Steps to reproduce

  1. TODO
  2. TODO

Testing
@pacamaster pacamaster added bug Something isn't working as documented :reproduce Involves documenting reproduction steps in the issue customer-stazzema :incoming New issue in triage process. labels May 10, 2024
@JoStableford
Copy link
Contributor

Related to a Slack conversation

@sharon-fdm sharon-fdm added #g-endpoint-ops Endpoint ops product group :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. labels May 10, 2024
@lukeheath lukeheath added the ~released bug This bug was found in a stable release. label May 10, 2024
@lukeheath
Copy link
Member

@pacamaster Reminder that you can use the fast-track for Fleeties and immediately put the bug into the reproduced state.

@lukeheath lukeheath removed the :reproduce Involves documenting reproduction steps in the issue label May 10, 2024
@lukeheath
Copy link
Member

@pacamaster Which looks like you got everything except removing the :reproduce label.

@lukeheath lukeheath added this to the 4.51.0-tentative milestone May 13, 2024
@sharon-fdm sharon-fdm mentioned this issue May 13, 2024
Closed
@sharon-fdm sharon-fdm removed the :incoming New issue in triage process. label May 13, 2024
@sharon-fdm sharon-fdm mentioned this issue May 15, 2024
Closed
@mostlikelee mostlikelee changed the title False macOS vulnerability reported 14.4.0 Ignore NVD Rejected CVEs Jun 21, 2024
@noahtalerman noahtalerman mentioned this issue Jun 21, 2024
Closed
@mostlikelee mostlikelee mentioned this issue Jun 24, 2024
Merged
@lukeheath lukeheath modified the milestones: 4.53.0, 4.54.0-tentative Jun 24, 2024
This was referenced Jun 24, 2024
Merged
Merged
@mostlikelee
Copy link
Contributor

@xpkoala this affects the vuln repo, so it needs to be tested on the 18913-ignore-rejected branch before merging. I added a test plan above.

@sharon-fdm sharon-fdm removed this from the 4.54.0-tentative milestone Jun 27, 2024
@JoStableford
Copy link
Contributor

Related to a Slack conversation

@mostlikelee mostlikelee mentioned this issue Jul 3, 2024
Merged
@lukeheath lukeheath added this to the 4.54.0-tentative milestone Jul 3, 2024
@fleet-release
Copy link
Contributor

No false alarms sound,
CVEs rightly bound.
Fleet's shield, more profound.

@sharon-fdm sharon-fdm reopened this Jul 22, 2024
@sharon-fdm
Copy link
Collaborator

@mostlikelee please merge then close.

@sharon-fdm sharon-fdm removed this from the 4.54.0 milestone Jul 23, 2024
@xpkoala
Copy link
Contributor

xpkoala commented Jul 23, 2024

This was tested against @mostlikelee's vuln repo and confirmed working.

@lukeheath lukeheath added this to the 4.54.1 milestone Jul 23, 2024
@sharon-fdm
Copy link
Collaborator

@mostlikelee, just making sure there is no need for this milestone (5.54.1) which will cherry-pick these PRs into the release branch.
If so, please remove it.

@sharon-fdm sharon-fdm removed this from the 4.54.1 milestone Jul 24, 2024
mostlikelee added a commit that referenced this issue Jul 24, 2024
@mostlikelee
18913 ignore rejected NVD vulnerabilities (#20193)
362a0e5 
#18913 Recreating PR (ref: #19972)
@lukeheath lukeheath added this to the 4.55.0 milestone Jul 31, 2024
@mostlikelee mostlikelee removed this from the 4.55.0 milestone Aug 2, 2024
@mostlikelee
Copy link
Contributor

removing milestone, not related to fleet release (vuln repo only)

lucasmrod pushed a commit that referenced this issue Aug 2, 2024
@mostlikelee
Ignore Rejected CVEs Test (#19974)
e3c3c87 
#18913

This is a test to ensure Rejected CVEs do not match against software.
The related PR needs to be merged first, otherwise this test will fail:

#19972

- [X] Added/updated tests
@fleet-release
Copy link
Contributor

Fleet filters false threats,
Peace like a cloud city's dawn,
Users safe and sound.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mostlikelee mostlikelee

Labels
bug Something isn't working as documented customer-stazzema customer-ufa #g-endpoint-ops Endpoint ops product group :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. ~released bug This bug was found in a stable release. ~vulnerability-management
Milestone
No milestone
Development

No branches or pull requests
7 participants
@lukeheath @xpkoala @mostlikelee @JoStableford @fleet-release @pacamaster @sharon-fdm