https://github.com/osquery/osquery logo
Join Slack
Powered by
hey all! I am testing the vulnerability processing...
# fleet
d
hey all! I am testing the vulnerability processing functionality... Currently on FleetDM 4.5.1, not sure if much has changed with 4.6.1 related to these issues. So the first screencap shows that my prod centos 7 server has 1763 vulnerabilities. If we look into this further, from the 2nd screencap we can see there is a finding for 
authconfig 6.2.8
. 3rd screencap shows that it was installed with the package 
authconfig-6.2.8-30.el7.src.rpm
The changelog for that package can be found here: https://centos.pkgs.org/7/centos-x86_64/authconfig-6.2.8-30.el7.x86_64.rpm.html, in which we see the referenced vuln was fixed in package 
6.2.8-26
which means that this finding is a false positive. This is a common occurrence for those 1763 vulnerabilities.
t
hi! the error happens because osquery reports the version as 6.2.8, and that's what fleet uses for checking CVEs
we should improve this by parsing the source and detecting patch releases, assuming that the patch release appears in the CVE database as fixed
could you create an issue with this information so that we can investigate further and improve?
while this is annoying to find, it was expected for us, given what the processing pipeline looks like. We really appreciate you investigating this to this level! This is key information to help improve things
d
Understood! Here is the issue - https://github.com/fleetdm/fleet/issues/3081
t
thank you!
r
nice
we were having the same issue here, so good to get that tracked and see if there’s any improvements possible
3 Views
Open in Slack
PreviousNext
Powered by