:wave: Random one I don’t know if it’s an open iss...
# fleetg
Gavin
09/09/2022, 2:48 PM👋 Random one I don’t know if it’s an open issue but Github search has failed but on the latest fleet v4.19.1 we’re seeing CVE’s being created for the same software daily and at multiple times.
s
Shawn Maddock
09/09/2022, 2:51 PMI keep getting crashes after vuln scans on 4.19.1, I wonder if that's why
k
Kathy Satterlee
09/09/2022, 3:11 PMHi, @Gavin! Wanted to double check before I start digging in to this. Is the issue that you're getting multiple triggers of your webhook/integration?
g
Gavin
09/09/2022, 3:12 PMBingo , I can stick on debug logging
Gavin
09/09/2022, 3:13 PMFor example , every day I get 30-40 of the same CVE
Gavin
09/09/2022, 3:13 PMIt seems to get stuck then makes the same one for the amount of open vulns.
Gavin
09/09/2022, 3:14 PMAlmost like it’s trying to range over the open vulns , but the index does not increment so it creates the count of vulnerabilities left to be created , as the same ticket.
k
Kathy Satterlee
09/09/2022, 3:16 PMOuch. Sorry about that, @Gavin! That's not a good look. We're digging in to it.
Kathy Satterlee
09/09/2022, 3:17 PM@Shawn Maddock Do you also have a webhook/integration set up for vulnerabilities? How much memory is allocated for Fleet?
s
Shawn Maddock
09/09/2022, 3:20 PMI don’t, so perhaps unrelated. Memory for Fleet is not limited.
k
Kathy Satterlee
09/09/2022, 3:21 PMSounds like it's likely unrelated. Would you mind starting a new thread for that for better visibility?
Kathy Satterlee
09/09/2022, 3:24 PMWhat's your setup, @Gavin? Looks like Jira, are you using the integration?
g
Gavin
09/09/2022, 3:27 PMJira Cloud SAAS
k
Kathy Satterlee
09/09/2022, 3:27 PMThanks! Ticket incoming.
Kathy Satterlee
09/09/2022, 3:37 PMI'm seeing the same behavior with
CVE-2022-27664Kathy Satterlee
09/09/2022, 3:38 PMI'm actually seeing it with others as well, think that just jumped out because it's a recent find.
Kathy Satterlee
09/09/2022, 3:44 PMIt looks like there is an existing ticket (my search skills failed me as well):
https://github.com/fleetdm/fleet/issues/6717
On the Fleet side, are you sending this directly to Jira using the built-in integration, or are you using a webhook to send the data elsewhere and then piping it in to Jira?
g
Gavin
09/09/2022, 4:22 PMTo confirm , directly to Jira Cloud
Gavin
09/09/2022, 4:22 PMWe are yet to investigate the webhook , but long term will move to DefectDojo , Dependancy Track for this powered by the Webhook
k
Kathy Satterlee
09/09/2022, 4:24 PMThanks for the confirmation!
s
Shawn Maddock
09/12/2022, 4:50 PMk
Kathy Satterlee
09/12/2022, 5:00 PMIndeed! Thanks for pointing that one out.
m
mikermcneil
09/16/2022, 3:50 AMThanks for the heads up on this one, Gavin and Shawn.
g
Gavin
09/22/2022, 2:10 PMSmall update on this one, when we rolled out the fix we got a couple of hundred tickets created , then expected behaviour after.
So fully expected with state correction on the existing queue then only new items created.
k
Kathy Satterlee
09/22/2022, 5:49 PMThat's great news, @Gavin! Thanks (again) for bringing this to us.
4 Views