Skip to content
This repository has been archived by the owner on Jan 27, 2023. It is now read-only.

CVE rejected/removed but still shows up in Anchore scan #1378

Open
verma-preet opened this issue May 5, 2022 · 0 comments
Open

CVE rejected/removed but still shows up in Anchore scan #1378

verma-preet opened this issue May 5, 2022 · 0 comments

Comments

@verma-preet
Copy link

Is this a BUG REPORT or a FEATURE REQUEST? (choose one): BUG REPORT

Version of Anchore Engine and Anchore CLI if applicable:

Engine DB Version: 0.0.16
Engine Code Version: 1.1.0

What happened:
CVE-2022-0886 has been rejected and is now a duplicate of CVE-2022-27666. Anchore still flagged CVE-2022-0886 in the scans.

What did you expect to happen:
CVE-2022-0886 should NOT have been flagged by anchore.

What docker images are you using:
This is a sample vuln report after scaning the image:

        {
            "feed": "vulnerabilities",
            "feed_group": "rhel:8",
            "fix": "None",
            "nvd_data": [
                {
                    "cvss_v2": {
                        "base_score": -1.0,
                        "exploitability_score": -1.0,
                        "impact_score": -1.0
                    },
                    "cvss_v3": {
                        "base_score": -1.0,
                        "exploitability_score": -1.0,
                        "impact_score": -1.0
                    },
                    "id": "CVE-2022-0886"
                }
            ],
            "package": "kernel-headers-4.18.0-348.23.1.el8_5",
            "package_cpe": "None",
            "package_cpe23": "None",
            "package_name": "kernel-headers",
            "package_path": "pkgdb",
            "package_type": "rpm",
            "package_version": "4.18.0-348.23.1.el8_5",
            "severity": "High",
            "url": "https://access.redhat.com/security/cve/CVE-2022-0886",       <--- This CVE page does not exist.
            "vendor_data": [
                {
                    "cvss_v2": {
                        "base_score": -1.0,
                        "exploitability_score": -1.0,
                        "impact_score": -1.0
                    },
                    "cvss_v3": {
                        "base_score": 7.8,
                        "exploitability_score": 1.8,
                        "impact_score": 5.9
                    },
                    "id": "CVE-2022-0886"
                }
            ],
            "vuln": "CVE-2022-0886",
            "will_not_fix": false
        },
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@verma-preet