Title
#fleet
r

Ryan

03/10/2022, 3:37 PM
Hi, i wonder if anyone can help shed some light on what is going on here in the vulnerable software detection, for example the top one that affects
cryptography
which is showing this CVE: https://nvd.nist.gov/vuln/detail/CVE-2020-36242
3:37 PM
All 746 hosts listed here are running Ubuntu 18.04, which according to the vendor are not vulnerable to this: https://ubuntu.com/security/CVE-2020-36242
3:37 PM
Is there any way for us to mark them as “not actually vulnerable” as I think this is a false positive?
3:38 PM
Thanks 🙂
Gavin

Gavin

03/10/2022, 3:46 PM
Just so you’re aware this exists https://github.com/fleetdm/fleet/issues/4218
Tomas Touceda

Tomas Touceda

03/10/2022, 4:18 PM
we are in the process of improving how we detect ubuntu vulnerabilities, this work will reduce false positives such as the one you saw cc @Michal Nicpon
r

Ryan

03/10/2022, 4:39 PM
Ah brilliant, thanks for that 🙂
4:40 PM
Nice catch indeed.
4:40 PM
I’ve subscribed to the thread 🙂