hey all I am testing the vulnerability processing functional

Question

hey all I am testing the vulnerability processing functionality Currently on FleetDM 4 5 1 not sure if much has changed with 4 6 1 related to these issues So the first screencap shows that my prod centos 7 server has 1763 vulnerabilities If we look into this further from the 2nd screencap we can see there is a finding for `authconfig 6 2 8` 3rd screencap shows that it was installed with the package `authconfig 6 2 8 30 el7 src rpm` The changelog for that package can be found here <https centos pkgs org 7 centos x86 64 authconfig 6 2 8 30 el7 x86 64 rpm html> in which we see the referenced vuln was fixed in package `6 2 8 26` which means that this finding is a false positive This is a common occurrence for those 1763 vulnerabilities

Tomas Touceda · Answer

hi the error happens because osquery reports the version as 6 2 8 and that s what fleet uses for checking CVEs

Tomas Touceda · Answer

we should improve this by parsing the source and detecting patch releases assuming that the patch release appears in the CVE database as fixed

Tomas Touceda · Answer

could you create an issue with this information so that we can investigate further and improve

Tomas Touceda · Answer

while this is annoying to find it was expected for us given what the processing pipeline looks like We really appreciate you investigating this to this level This is key information to help improve things

defensivedepth · Answer

Understood Here is the issue <https github com fleetdm fleet issues 3081>

Tomas Touceda · Answer

thank you

Ryan · Answer

nice

Ryan · Answer

we were having the same issue here so good to get that tracked and see if there s any improvements possible