Broken matching for CVE-2021-32743
See original GitHub issueWe have an installation and are trying to get vulnerabilities for icinga, version 2.12.3; component definition is:
<component type="application">
<name>icinga</name>
<version>2.12.3</version>
<cpe>cpe:2.3:a:icinga:icinga:2.12.3:*:*:*:*:*:*:*</cpe>
</component>
which should match against https://nvd.nist.gov/vuln/detail/CVE-2021-32743 - but for some reason, it does not. Changing the cpe string to match all versions lists a lot of old vulnerabilities - but still not the one mentioned above. The vulnerability version information from the NVD json is:
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*",
"versionStartIncluding" : "2.4.0",
"versionEndExcluding" : "2.11.10",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*",
"versionStartIncluding" : "2.12.0",
"versionEndExcluding" : "2.12.5",
"cpe_name" : [ ]
} ]
} ]
},
Issue Analytics
- State:
- Created 2 years ago
- Comments:6 (3 by maintainers)
Top Results From Across the Web
CVE Reference Map for Source MLIST
The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
Read more >Icinga 2 CHANGELOG
The severity attribute was updated to match the sort order Icinga Web 2 uses for the IDO. ... Replace broken package name validation...
Read more >icinga2-2.12.5-bp152.4.9.2 - SUSE Package Hub -
... affects Ruby clients (#6799) - Server time in the future breaks check result ... PR): Improve error logging for match/regex/cidr_match functions and ......
Read more >Security Bulletin 17 Nov 2021
CVE-2021-32743, Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates ...
Read more >icinga2-ido-pgsql-2.12.5-bp154.1.138.ppc64le RPM - RPMFind
... and ElasticsearchWriter passwords via the API (CVE-2021-32743) ... fixed downtimes immediately if the current time matches (instead of ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@savek-cc I’ve been able to replicate the issue. Will need to investigate to see if its an issue with DT or with the data from the NVD.
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.