Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate false positive on CVE-2024-23252 #19920

Closed
dherder opened this issue Jun 20, 2024 · 5 comments
Closed

Investigate false positive on CVE-2024-23252 #19920

dherder opened this issue Jun 20, 2024 · 5 comments
Labels
bug Something isn't working as documented #g-endpoint-ops Endpoint ops product group :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. :reproduce Involves documenting reproduction steps in the issue

Comments

@dherder
Copy link
Contributor

dherder commented Jun 20, 2024

Fleet version: Fleet 0.0.0-SNAPSHOT-72d8879 β€’ Go go1.22.3
Web browser and operating system: Version 126.0.6478.62 (Official Build) (arm64)

πŸ’₯ Β Actual behavior

False positive on CVE-2024-23252

πŸ§‘β€πŸ’» Β Steps to reproduce

Reproduced on dogfood

  1. Navigate to Software> OS> macOS 14.5> https://dogfood.fleetdm.com/software/vulnerabilities/CVE-2024-23252
  2. Note "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." Confirmed by navigating to https://nvd.nist.gov/vuln/detail/CVE-2024-23252 that this CVE was rejected, so assuming this was reported via VulnCheck data.

πŸ•―οΈ More info (optional)

I can see in the vulncheck api how to lookup a cve by cpe, but there is no cpe published in NVD, just by this fact alone, I'm guessing this is a false positive on the vulncheck side.
@dherder dherder added bug Something isn't working as documented :reproduce Involves documenting reproduction steps in the issue :incoming New issue in triage process. labels Jun 20, 2024
@dherder dherder mentioned this issue Jun 20, 2024
Open
@lucasmrod
Copy link
Member

I can see "vulnStatus": "Rejected" in https://api.vulncheck.com/v3/index/nist-nvd2?cve=CVE-2024-23252.
Fleet could leverage that VulnCheck field and ignore CVEs with such value on that field.

@lucasmrod
Copy link
Member

@mostlikelee ⬆️

@sharon-fdm sharon-fdm added #g-endpoint-ops Endpoint ops product group :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. labels Jun 21, 2024
@noahtalerman
Copy link
Member

Hey @mostlikelee maybe this a duplicate of the following bug?

cc @dherder @lucasmrod

@sharon-fdm
Copy link
Collaborator

Duplicating 18913 which is WIP

@fleet-release
Copy link
Contributor

False alert subsides,
True security now resides,
Fleet's truth, it provides.

@sharon-fdm sharon-fdm removed the :incoming New issue in triage process. label Jun 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working as documented #g-endpoint-ops Endpoint ops product group :release Ready to write code. Scheduled in a release. See "Making changes" in handbook. :reproduce Involves documenting reproduction steps in the issue
Milestone
No milestone
Development

No branches or pull requests
5 participants
@lucasmrod @dherder @noahtalerman @fleet-release @sharon-fdm