Open verma-preet opened 2 years ago
Is this a BUG REPORT or a FEATURE REQUEST? (choose one): BUG REPORT
Version of Anchore Engine and Anchore CLI if applicable:
Engine DB Version: 0.0.16 Engine Code Version: 1.1.0
What happened: CVE-2022-0886 has been rejected and is now a duplicate of CVE-2022-27666. Anchore still flagged CVE-2022-0886 in the scans.
CVE-2022-0886
What did you expect to happen: CVE-2022-0886 should NOT have been flagged by anchore.
What docker images are you using: This is a sample vuln report after scaning the image:
{ "feed": "vulnerabilities", "feed_group": "rhel:8", "fix": "None", "nvd_data": [ { "cvss_v2": { "base_score": -1.0, "exploitability_score": -1.0, "impact_score": -1.0 }, "cvss_v3": { "base_score": -1.0, "exploitability_score": -1.0, "impact_score": -1.0 }, "id": "CVE-2022-0886" } ], "package": "kernel-headers-4.18.0-348.23.1.el8_5", "package_cpe": "None", "package_cpe23": "None", "package_name": "kernel-headers", "package_path": "pkgdb", "package_type": "rpm", "package_version": "4.18.0-348.23.1.el8_5", "severity": "High", "url": "https://access.redhat.com/security/cve/CVE-2022-0886", <--- This CVE page does not exist. "vendor_data": [ { "cvss_v2": { "base_score": -1.0, "exploitability_score": -1.0, "impact_score": -1.0 }, "cvss_v3": { "base_score": 7.8, "exploitability_score": 1.8, "impact_score": 5.9 }, "id": "CVE-2022-0886" } ], "vuln": "CVE-2022-0886", "will_not_fix": false },
Is this a BUG REPORT or a FEATURE REQUEST? (choose one): BUG REPORT
Version of Anchore Engine and Anchore CLI if applicable:
What happened: CVE-2022-0886 has been rejected and is now a duplicate of CVE-2022-27666. Anchore still flagged
CVE-2022-0886
in the scans.What did you expect to happen:
CVE-2022-0886
should NOT have been flagged by anchore.What docker images are you using: This is a sample vuln report after scaning the image: