-
Bug
-
Resolution: Not a Bug
-
Minor
-
None
-
False
-
False
-
-
0
-
-
insights-security-vulnerability
-
-
-
** Note that this is a public ticket, please refrain from adding any sensitive data. **
Issue:
Selecting a CVE in C.RH.C presents just one system, however when querying using the API we see more. For example the API retrieves;
[root@API]==>CVE_ID=CVE-2023-24538
curl --request GET \
--url "https://console.redhat.com/api/vulnerability/v1/cves/$CVE_ID/affected_systems?limit=50&offset=0" \
--header "Authorization: Bearer $access_token" \
--header 'Content-Type: application/vnd.api+json' | grep display_name
"display_name": "host1.org",
"display_name": "host2.org",
"display_name": "host3.org",
"display_name": "host4.org",
"display_name": "host5.org",
Comparing these query results for other CVEs remains inconsistent for some, and the disparity is confusingly different on some days as well. The day before this the query returned 20+ hosts.
How reproducible:
So far unable to reproduce internally.
