Hello everyone,
I'm contacting you because I've had a problem using oscap-chroot for the past week and a half.
I have offline LXC images that I'm analyzing with OpenSCAP's oscap-chroot tool.
However, after using the tool, I open the HTML report that is generated for me, and it shows me no vulnerabilities, whereas 2 weeks ago, the tool found several vulnerabilities.
I've done some research into the source of my problem and I imagine that it comes directly from CVE-MITRE.
I found this article indicating the end of XML to JSON support as of June 30, 2024.
I'm wondering if this change from CVE-MITRE will have an impact on the use of openscap and, more specifically, oscap-chroot.
Does anyone have a problem similar to mine?
https://www.cve.org/Media/News/item/blog/2024/07/02/Legacy-CVE-Download-Formats-No-Longer-Supported
OpenSCAP Version:
OpenSCAP command line tool (oscap) 1.4.0
Copyright 2009--2023 Red Hat Inc., Durham, North Carolina.
The offline LXC image underwent no change during the first and second reports.
Actual Results:
The HTML report indicates that no vulnerabilities are found on the offline LXC image, although there should be, since the offline LXC image has not undergone any changes.
Expected Results:
I should have several vulnerabilities detected.
See image of HTML report dated 05/28/2024
Additional Information / Debugging Steps:
The oval-definitions-buster.xml file comes from https://www.debian.org/security/oval/ to retrieve the OVAL definitions corresponding to the operating system of the LXC offline image.
Description of Problem:
Hello everyone, I'm contacting you because I've had a problem using oscap-chroot for the past week and a half. I have offline LXC images that I'm analyzing with OpenSCAP's oscap-chroot tool. However, after using the tool, I open the HTML report that is generated for me, and it shows me no vulnerabilities, whereas 2 weeks ago, the tool found several vulnerabilities. I've done some research into the source of my problem and I imagine that it comes directly from CVE-MITRE. I found this article indicating the end of XML to JSON support as of June 30, 2024. I'm wondering if this change from CVE-MITRE will have an impact on the use of openscap and, more specifically, oscap-chroot. Does anyone have a problem similar to mine? https://www.cve.org/Media/News/item/blog/2024/07/02/Legacy-CVE-Download-Formats-No-Longer-Supported
OpenSCAP Version:
OpenSCAP command line tool (oscap) 1.4.0 Copyright 2009--2023 Red Hat Inc., Durham, North Carolina.
==== Supported specifications ==== SCAP Version: 1.3 XCCDF Version: 1.2 OVAL Version: 5.11.1 CPE Version: 2.3 Asset Identification Version: 1.1 Asset Reporting Format Version: 1.1
==== Capabilities added by auto-loaded plugins ==== SCE Version: 1.0 (from libopenscap_sce.so.25)
Operating System & Version:
Debian 12 on Docker
Steps to Reproduce:
Install OpenSCAP from source :
Scan an offline LXC image with oscap-chroot command :
Check the report.html file :
A HTML report from 10/07/2024
A HTML report from 28/05/2024
The offline LXC image underwent no change during the first and second reports.
Actual Results:
The HTML report indicates that no vulnerabilities are found on the offline LXC image, although there should be, since the offline LXC image has not undergone any changes.
Expected Results:
I should have several vulnerabilities detected. See image of HTML report dated 05/28/2024
Additional Information / Debugging Steps:
The oval-definitions-buster.xml file comes from https://www.debian.org/security/oval/ to retrieve the OVAL definitions corresponding to the operating system of the LXC offline image.