Uploaded image for project: 'Security Data'
  1. Security Data
  2. SECDATA-797

RHEL 9 repositories are missing from repository-to-cpe.json

XMLWordPrintable

    • Icon: Ticket Ticket
    • Resolution: Can't Do
    • Icon: Normal Normal
    • None
    • None
    • None
    • 1
    • False
    • Hide

      None

      Show
      None
    • False
    • CY24Q4-S1

      Repositories rhel-9-baseos-rhui-rpms and rhel-9-appstream-rhui-rpms are missing from 
      https://security.access.redhat.com/data/metrics/repository-to-cpe.json 
       
      From our analysis they should be added with the cpe: "cpe:/o:redhat:enterprise_linux:9"
       
      cpe is taken from CVE-2024-35195 that should be affecting these repos
      https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-35195.json

      {
    "branches": [
        {
            "category": "product_name",  
            "name": "Red Hat Enterprise Linux 9",
            "product": {
                "name": "Red Hat Enterprise Linux 9",
                "product_id": "red_hat_enterprise_linux_9",
                "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:9"
                 }
              }
         }
    ],
    "category": "product_family",
    "name": "Red Hat Enterprise Linux 9"
}

              rhn-support-juspence Justin Spencer
              lihaki l h
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: