CPE with wildcard not being matched #2068
Labels
bug
Something isn't working
Comments
|
This doesn't look like an issue / bug in the manager / gvmd but rather some insufficient info included in the SCAP data: https://forum.greenbone.net/t/cpe-with-wildcard-not-being-matched/15584/4 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm opening this issue as requested from https://forum.greenbone.net/t/cpe-with-wildcard-not-being-matched/15584.
I was scanning a host which has installed cpe:/a:7-zip:7-zip:9.20 (let's call it [1]), this is recognized by greenbone.
The scanner found 3 (as far as I see) CVEs which afflicts this version of 7-zip, only one though is linked under the cpe page of [1] in the web interface (gsa).
I checked the nvd.nist.gov page and the CVEs there are linked correctly. I.e., in the CVE page, in the “Known Affected Software” the cpe is present, though in a wildcard syntax. I don’t know if this is the cause of the problem.
To be more specific:
So, I don’t know, the problem seems to be that gvm is only grabbing the last entry in a list of cpe defined by wildcard?
Thanks, regards.
Expected behavior
CPE should link the correct list of CVE, even if it's defined with wildcards on nist.
And vice-versa, the CVE should have the correct list of afflicted products (CPE).
Actual behavior
Linking between CPE and CVEs is not handled correctly unless the exact version of the CPE is matched.
GVM seems to grab only the latest in a wildcard defined CPE (assumption).
Steps to reproduce
Install on a machine a software like https://www.7-zip.org/download.html (version 9.20 in my case), which has wildcard defined CPE on nist. Run an authenticated scan.
GVM versions
Greenbone Community Containers 22.4
Environment
Win10 as target.
The text was updated successfully, but these errors were encountered: