Better handle the CVE score display while it doesn't have scores but has severity value #467
Replies: 4 comments 1 reply
-
|
This data is coming from the vulnerability scanner. It might happen that a vulnerability is disclosed but for some days it's lacking a score. I've seen that happen in some cases. Unfortunately there's nothing we can do in these cases, other than using @xingzhang-suse Can you give me the name of the image and the vulnerability that is lacking this information? Just to double check everything is working as expected. |
Beta Was this translation helpful? Give feedback.
-
|
We found some in this image - index.docker.io/library/nats:2.12.4-alpine |
Beta Was this translation helpful? Give feedback.
-
|
The degest is sha256:10c612f3f448b9493f04f2b4053f5476180c45f8fb28e83f46826cc7e8190674 |
Beta Was this translation helpful? Give feedback.
-
|
I'm sorry, it looks like the image has been removed: The same happens when running trivy against it. I would suggest, next time you run into a similar issue please run a Personal anecdote, some weeks ago, on a Thursday, trivy found an issue inside of the KW admission controller image. The severity was "n/a" and it stayed like that for a couple of days. On Mon the severity was properly set. |
Beta Was this translation helpful? Give feedback.

Uh oh!
There was an error while loading. Please reload this page.
-
During running test, we found bunch of CVEs which does not have cvss array to contain the scores, so UI only can show
n/ain the score badge. However, the severity value is in every CVE. So the badge color will show corresponding the severity level.We need to work with backend team to confirm if this kind of value is set properly. If so, we need to work with UX designer to have a better display solution about this kind of CVEs.
Beta Was this translation helpful? Give feedback.
All reactions