-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Packages vulnerability remediations do not work #23066
Labels
Comments
Use case: Reactive scanning of packages.sequenceDiagram
packageScanner->>packageScanner: Regular and known scan.
alt If the platform is windows and the candidate is affected.
packageScanner->>databaseFeedManager: Get hotfixes for the current CVE.
databaseFeedManager->>packageScanner: Return flatbuffer with the list of remediation/hotfix for the current CVE
alt If the remediation list (on the CVE entry) is not empty
packageScanner->>hotfixLRUCache: Get hotfix list for the current scanner.
alt Not exists agent information in LRUCache
hotfixLRUCache->>WDB: Get Hotfix list for the requested agent
end
hotfixLRUCache-->packageScanner: Return hotfix list
end
packageScanner->>packageScanner: Check if exist any match between both lists(CVE remediation / Agent hotfixes).
Note right of packageScanner: If match, mark the scanning as not affected
end
|
Use case: Reactive hotfix insert.Database model changeFor this change, it's necessary to have another column family in the model. In this case, the expected key value is Column family name: hotfixes_applications Hotfixes orchestrationsequenceDiagram
remoted->>vdScanner: Hotfix event come
vdScanner->>hotFixOrchestration: Parse and execute orchestration
hotFixOrchestration->>hotfixInventoryLRUCache: Insert element.
alt Not exists agent information in LRUCache
hotfixInventoryLRUCache->>WDB: Get Hotfix list for the requested agent
end
hotfixLRUCache-->> hotFixOrchestration: ack
hotFixOrchestration->>databaseFeedManager: Get vulnerabilities remediated by the received hotfix.
databaseFeedManager->>hotFixOrchestration: Return list of CVEs.
hotFixOrchestration->>localInventory: Get Inventory
localInventory-->>hotFixOrchestration: return list
alt If element match
hotFixOrchestration->>localInventory: Remove element
localInventory-->hotFixOrchestration: ack
end
|
havidarou
changed the title
Packages vulnerability remediations does not work
Packages vulnerability remediations do not work
Apr 30, 2024
4 tasks
4 tasks
ETA cycles justification
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
This issue aims to add the capacity to detect remediations in CVEs during the package scanner.
For example, some Windows applications have associated some hotfixes.
Ex: Microsoft Office 2016 and 2019 have the associated CVE-2024-21413 that have the "KB5002467", "KB5002519", "KB5002522", "KB5002537" as remediations.
Current Behavior
Expected
Steps
The text was updated successfully, but these errors were encountered: