** Note that this is a public ticket, please refrain from adding any sensitive data.**

Description of problem:

Customer has many CVEs on one of his affected server because an old mysql-server 8.0 is installed.

In the list they see there is an option to generate an ansible playbook to remediate the issue although it it mentioned that there is No Advisory.

This is strange that how can something being fixed without an Advisory available.

Expanding the CVE does also not provide any details what the Ansible playbook will contain.

Only when you click on the remediate and go through the full wizard to generate a playbook you will see what it thinks that can fix it. In the case of mysql-server it will try to update the packages. But that three is no Advisory so also no new packages. (the only fix with support for mysql 8.0 will be to enable a mariadb module stream and migrate to mariadb 10.x).

Can you please fix this black-magic part to make it for the user transparent?
From a user point of view we can think of:

• If no Advisory -> then the remediate is 'Not Applicable' (e.g. CVE-2022-21600)

• If configuration fix is available (e.g. CVE-2019-11091) , then add documentation what Fix the Ansible Playbook is going to implement, e.g. for the MDS it has only the generic KB references and not clear instructions, but the Ansible Playbook implements one of them.

• Have a Preview button on the playbook what it is going to fix.