Skip to content

CVE-2024-52308 - Fleet not detecting GitHub / gh CLI CVE #24009

Closed
Closed
CVE-2024-52308 - Fleet not detecting GitHub / gh CLI CVE#24009
Assignees
ksykulev
Labels
#g-endpoint-opsEndpoint ops product group:releaseReady to write code. Scheduled in a release. See "Making changes" in handbook.bugSomething isn't working as documentedcustomer-stazzema~released bugThis bug was found in a stable release.
Milestone
4.61.0
@nonpunctual

Description

@nonpunctual
nonpunctual
opened on Nov 21, 2024

Fleet version:
Fleet 4.58.0 • Go go1.23.1

Web browser and operating system:
N/A

💥  Actual behavior

CVE-2024-52308 - GHSA-p2h2-3vg9-4p87

THis CVE affects the Github CLI - the binary name is gh

FleetDM seems not able to detect it probably because the CPE cpe:2.3:a:github:cli:*:*:*:*:*:*:*:*, calls the app cli and not gh?

Github calls it gh in their documentation.

🧑‍💻  Steps to reproduce

Look for CVE-2024-52308 in Fleet vulnerability data.

N/A

Metadata

Metadata

Assignees

Labels

#g-endpoint-opsEndpoint ops product group:releaseReady to write code. Scheduled in a release. See "Making changes" in handbook.bugSomething isn't working as documentedcustomer-stazzema~released bugThis bug was found in a stable release.

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions