Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
g
Gavin
09/09/2022, 2:48 PM👋 Random one I don’t know if it’s an open issue but Github search has failed but on the latest fleet v4.19.1 we’re seeing CVE’s being created for the same software daily and at multiple times.
s
Shawn Maddock
09/09/2022, 2:51 PMI keep getting crashes after vuln scans on 4.19.1, I wonder if that's why
k
Kathy Satterlee
09/09/2022, 3:11 PMHi, @Gavin! Wanted to double check before I start digging in to this. Is the issue that you're getting multiple triggers of your webhook/integration?
g
Gavin
09/09/2022, 3:12 PMBingo , I can stick on debug logging
For example , every day I get 30-40 of the same CVE
It seems to get stuck then makes the same one for the amount of open vulns.
Almost like it’s trying to range over the open vulns , but the index does not increment so it creates the count of vulnerabilities left to be created , as the same ticket.
k
Kathy Satterlee
09/09/2022, 3:16 PMOuch. Sorry about that, @Gavin! That's not a good look. We're digging in to it.
@Shawn Maddock Do you also have a webhook/integration set up for vulnerabilities? How much memory is allocated for Fleet?
s
Shawn Maddock
09/09/2022, 3:20 PMI don’t, so perhaps unrelated. Memory for Fleet is not limited.
k
Kathy Satterlee
09/09/2022, 3:21 PMSounds like it's likely unrelated. Would you mind starting a new thread for that for better visibility?
What's your setup, @Gavin? Looks like Jira, are you using the integration?
g
Gavin
09/09/2022, 3:27 PMJira Cloud SAAS
k
Kathy Satterlee
09/09/2022, 3:27 PMThanks! Ticket incoming.
I'm seeing the same behavior with
CVE-2022-27664I'm actually seeing it with others as well, think that just jumped out because it's a recent find.
It looks like there is an existing ticket (my search skills failed me as well):
https://github.com/fleetdm/fleet/issues/6717
On the Fleet side, are you sending this directly to Jira using the built-in integration, or are you using a webhook to send the data elsewhere and then piping it in to Jira?
g
Gavin
09/09/2022, 4:22 PMTo confirm , directly to Jira Cloud
We are yet to investigate the webhook , but long term will move to DefectDojo , Dependancy Track for this powered by the Webhook
k
Kathy Satterlee
09/09/2022, 4:24 PMThanks for the confirmation!
s
Shawn Maddock
09/12/2022, 4:50 PMk
Kathy Satterlee
09/12/2022, 5:00 PMIndeed! Thanks for pointing that one out.
m
mikermcneil
09/16/2022, 3:50 AMThanks for the heads up on this one, Gavin and Shawn.
g
Gavin
09/22/2022, 2:10 PMSmall update on this one, when we rolled out the fix we got a couple of hundred tickets created , then expected behaviour after.
So fully expected with state correction on the existing queue then only new items created.
k
Kathy Satterlee
09/22/2022, 5:49 PMThat's great news, @Gavin! Thanks (again) for bringing this to us.