search

Secure-Compliance-Solutions-LLC / GVM-Docker

Greenbone Vulnerability Management Docker Image with OpenVAS
https://securecompliance.gitbook.io/projects/
MIT License
250 stars 91 forks source link

[Bug] Mixing CVE's with NVT's #176

Closed fungus-crypto closed 3 years ago

fungus-crypto commented 3 years ago

Describe the bug I am having problems with GVM. This installation is on a fresh Linux VM, I was running GVM without an issue before but it seems like its bugged out now I suppose? (Before I was using older version, now I’ve deployed newest on my fresh VM.) I would really appreciate any help I may receive with this, it seems that my GVM is mixing CVE’s with NVT’s. Reports page is broken because of this, CVE scanner “works” but reports are also broken. I cannot export PDF report for CVE scanner because of this, I cannot click the “Report” on my panel because of it. The error I receive when trying to open report on “/report/a415aafc-78e6-4607-946b-1562e948242f” is : Error while loading Report a415aafc-78e6-4607-946b-1562e948242f TypeError: Cannot read property 'score' of undefined TypeError: Cannot read property 'score' of undefined

To Reproduce Steps to reproduce the behavior:

  1. configure docker container with latest image from securecompliance/gvm:latest
  2. Scan a host with openvas scanner
  3. Scan a host with CVE scanner
  4. Try to click on report with calculated score for CVE scanner

Expected behavior Open report from CVE scanner without bugs. Screenshots If applicable, add screenshots to help explain your problem.

Host Device:

Additional context It seems like I cannot access those CVE’s so it cant calculate score. I found a way out of this situation to see which CVE’s are in question, on report summary page I click on “Corresponding Vulnerabilites” ICON that leads me to next url : “/vulnerabilities?filter=report_id%3Da415aafc-78e6-4607-946b-1562e948242f”.

Here I can see that CVE in question is ex. “CVE-2018-5951”, but hyperlink for that is trying to lead me on “/nvt/CVE-2018-5951” - which ofcourse says : The NVT you were looking for could not be found. You might have followed an incorrect link and the NVT does not exist.

When manually replacing that link and switching “nvt” with “cve” - everything works…

Openvas scanner works just fine, I am only having problems with CVE scanner. It actually displays CVE vulnerabilities as score on front page.

But I cannot access reports generated by CVE scanner.

Any help would be greatly appreciated :] thank you.

pixelsquared commented 3 years ago

This sounds like a bug with the GVM itself and not this docker image but I will see if I can find the issue.

fungus-crypto commented 3 years ago

This sounds like a bug with the GVM itself and not this docker image but I will see if I can find the issue.

Thank you very much. Please do let me know if you figure this out

fungus-crypto commented 3 years ago

Thanks!

austinsonger commented 3 years ago

Closing this right now. This seems to be a issue with GVM and not this docker image.