You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What did you do? (required. The issue will be closed when not provided.)
I ran vuls scan against CentOS 8.2 and ran vuls report.
What did you expect to happen?
For redhat.cvss3Score, I expected to have a value of redhat.cvss3Severity.
For example, "cvss3Score": 9.8, so I expected "cvss3Severity": "Important".
"CVE-2020-6825": {
"cveID": "CVE-2020-6825",
"confidences": [
{
"score": 100,
"detectionMethod": "OvalMatch"
}
],
"affectedPackages": [
{
"name": "firefox",
"fixedIn": "0:68.7.0-2.el8_1"
}
],
"distroAdvisories": [
{
"advisoryID": "RHSA-2020:1406",
"severity": "Important",
"issued": "2020-04-08T00:00:00Z",
"updated": "2020-04-08T00:00:00Z",
"description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.7.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\n* Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."
}
],
"cveContents": {
"redhat": {
"type": "redhat",
"cveID": "CVE-2020-6825",
"title": "RHSA-2020:1406: firefox security update (Important)",
"summary": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.7.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\n* Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"cvss2Score": 0,
"cvss2Vector": "",
"cvss2Severity": "",
"cvss3Score": 9.8,
"cvss3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cvss3Severity": "Important",
What happened instead?
The value of redhat.cvss3Severity is output to redhat.cvss2Severity, and the value of redhat.cvss2Severity is output to redhat.cvss3Severity.
For example, "cvss3Score": 9.8, but "cvss3Severity": "", "cvss2Severity": "Important".
"CVE-2020-6825": {
"cveID": "CVE-2020-6825",
"confidences": [
{
"score": 100,
"detectionMethod": "OvalMatch"
}
],
"affectedPackages": [
{
"name": "firefox",
"fixedIn": "0:68.7.0-2.el8_1"
}
],
"distroAdvisories": [
{
"advisoryID": "RHSA-2020:1406",
"severity": "Important",
"issued": "2020-04-08T00:00:00Z",
"updated": "2020-04-08T00:00:00Z",
"description": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.7.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\n* Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."
}
],
"cveContents": {
"redhat": {
"type": "redhat",
"cveID": "CVE-2020-6825",
"title": "RHSA-2020:1406: firefox security update (Important)",
"summary": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 68.7.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821)\n\n* Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825)\n\n* Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"cvss2Score": 0,
"cvss2Vector": "",
"cvss2Severity": "Important",
"cvss3Score": 9.8,
"cvss3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cvss3Severity": "",
Steps to reproduce the behaviour
Please run vuls scan against CentOS 8.2 and run vuls report.
What did you do? (required. The issue will be closed when not provided.)
I ran
vuls scan
against CentOS 8.2 and ranvuls report
.What did you expect to happen?
For redhat.cvss3Score, I expected to have a value of redhat.cvss3Severity.
For example,
"cvss3Score": 9.8
, so I expected"cvss3Severity": "Important"
.What happened instead?
The value of redhat.cvss3Severity is output to redhat.cvss2Severity, and the value of redhat.cvss2Severity is output to redhat.cvss3Severity.
For example,
"cvss3Score": 9.8
, but"cvss3Severity": ""
,"cvss2Severity": "Important"
.Steps to reproduce the behaviour
Please run
vuls scan
against CentOS 8.2 and runvuls report
.Configuration (MUST fill this out):
Go version (
go version
): n/aGo environment (
go env
): n/aI use docker image.
docker pull vuls/vuls
Docker version 20.10.2, build 22
Host OS is Ubuntu 18.04
Vuls target server is CentOS 8.2.2004
Hash : e4f1e03
vuls v0.15.3 build-20210124_001830_e4f1e03
Run
report.sh
, which is included in vulsctl.The text was updated successfully, but these errors were encountered: