hey all! I am testing the vulnerability processing...
# fleet
hey all! I am testing the vulnerability processing functionality... Currently on FleetDM 4.5.1, not sure if much has changed with 4.6.1 related to these issues. So the first screencap shows that my prod centos 7 server has 1763 vulnerabilities. If we look into this further, from the 2nd screencap we can see there is a finding for
authconfig 6.2.8
. 3rd screencap shows that it was installed with the package
The changelog for that package can be found here: https://centos.pkgs.org/7/centos-x86_64/authconfig-6.2.8-30.el7.x86_64.rpm.html, in which we see the referenced vuln was fixed in package
which means that this finding is a false positive. This is a common occurrence for those 1763 vulnerabilities.
hi! the error happens because osquery reports the version as 6.2.8, and that's what fleet uses for checking CVEs
we should improve this by parsing the source and detecting patch releases, assuming that the patch release appears in the CVE database as fixed
could you create an issue with this information so that we can investigate further and improve?
while this is annoying to find, it was expected for us, given what the processing pipeline looks like. We really appreciate you investigating this to this level! This is key information to help improve things
Understood! Here is the issue - https://github.com/fleetdm/fleet/issues/3081
thank you!
we were having the same issue here, so good to get that tracked and see if there’s any improvements possible