Uploaded image for project: 'Security Data'
  1. Security Data
  2. SECDATA-27

Missing CVEs in the OpenShift and RHEL OVAL data

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • None
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False

    Description

      There are CVEs that are not included in the OpenShift and RHEL OVAL.
      For example:

      CVE-2021-26291 - is included in rhel-8-including-unpatched OVAL, but is not included in the openshift-4-including-unpatched OVAL, when should be because OCP is directly affected by this CVE. 

      CVE-2022-30945 - is not included in openshift-4-including-unpatched OVAL when only OCP product is affected by this CVE

       

      Is there any glitch in the OVAL data update process?

      This issue has been discovered by one of the customers (IBM) in the certified scanner results.

      Attachments

        Activity

          People

            mprpic@redhat.com Martin Prpic
            proguski@redhat.com Przemyslaw Roguski
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: